omon77
commented
3 months ago Ok, I finally figured it out... For anyone else encountering this, you need to wire this up in AuthenticationOptions for OidcProviders. It would be in your implementation of Configure method of your custom class deriving from ConfigureAuthenticationOptions<OpenIdConnectOptions, OidcProvider>). Depending where you wired them up either in Parameters or Items dictionary.
In my case, I used Parameters...
context.AuthenticationOptions.Events.OnRedirectToIdentityProvider = ctx =>
{
if (ctx.Properties.Parameters.TryGetValue("login_hint", out var loginHint))
{
ctx.ProtocolMessage.LoginHint = loginHint as string;
}
return Task.FromResult(0);
};
Which version of Duende IdentityServer are you using? 7.0.4.0 Which version of .NET are you using? .NET 8 Question Is there a code sample available for this: Add mechanism to pass protocol params to upstream IdP for dynamic providers #231?
Additional Information There have been a number of issues asking about passing login_hint and other protocol parameters to upstream IdPs for federating. When we are federating to dynamic providers, I am not quite clear where the login_hint needs to be added. Adding it to the Parameters or Items collections on AuthenticationProperties and using it in Challenge, doesn't result in login_hint being one of the querystring parameters sent to the upstream IdP's authorize endpoint.