Question: Impersonate a user in BFF without connecting to Identity Server

[zidadrtl]

Which version of Duende BFF are you using? Latest, enterprise license

Which version of .NET are you using? 8.0

question

Hello, I'm using BFF+Yarp as a sidecar auth proxy for our front-end on k8s, and I'm looking for a way to quickly authenticate a user with custom claims but offline, so without having to go connect through the OIDC flow (basically just provide a username and claims and it should be authenticated, set the cookie, etc. To simplify development purposes obviously).

I checked the BFF code but I suspect I need to dive into the asp.net OpenId connect libraries instead and trigger something there.

Any hints what on what the easiest way would be?

[AndersAbel]

It is possible to create a local session on the BFF host by calling HttpContect.SignInAsync(). If you make sure to put in a (dummy?) access token with a long life time in the AuthenticationProperties that should work for testing.

The token renewal flow will not work with a dummy local session. It automatically reads the OIDC configuration and uses the refresh token flow to get a new access token. By setting a long access token lifetime it should work for dummy/test purposes.

[RolandGuijt]

Assuming Anders' comment worked for you, I'm closing right now. If you have anything to add, feel free to do so.

[zidadrtl]

I was able to verify today this works excellent, many thanks @AndersAbel and @RolandGuijt!