search

Finbuckle / Finbuckle.MultiTenant

Finbuckle.MultiTenant is an open-source multitenancy middleware library for .NET. It enables tenant resolution, per-tenant app behavior, and per-tenant data isolation.
https://www.finbuckle.com/multitenant
Apache License 2.0
1.33k stars 265 forks source link

blazor web app - oidc options #862

Open bart-auvifox opened 3 months ago

bart-auvifox commented 3 months ago

Hi

I am trying to connect a blazor web to an API with oidc auth. But i cannot get it to overwrite the authority per tenant.

the goal is to use subdomains for the tenant: ex:

each tenant should connect to its own authority:

My config:

` const string MS_OIDC_SCHEME = "MicrosoftOidc";

var builder = WebApplication.CreateBuilder(args); string authUrl = builder.Configuration.GetValue("oidc:Authority");

builder.Services.AddAuthentication(MS_OIDC_SCHEME) .AddOpenIdConnect(MS_OIDC_SCHEME, oidcOptions => { oidcOptions.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;

    oidcOptions.Scope.Add(OpenIdConnectScope.OfflineAccess);
    oidcOptions.Scope.Add(OpenIdConnectScope.Email);
    oidcOptions.Scope.Add(OpenIdConnectScope.OpenIdProfile);

    oidcOptions.Authority = "https://__temp";

    oidcOptions.ClientId = builder.Configuration.GetValue<string>("oidc:ClientId");
    oidcOptions.ClientSecret = builder.Configuration.GetValue<string>("oidc:ClientSecret");

    oidcOptions.ResponseType = OpenIdConnectResponseType.Code;

    oidcOptions.MapInboundClaims = false;
    oidcOptions.ProtocolValidator.RequireNonce = false;

    oidcOptions.TokenValidationParameters.NameClaimType = JwtRegisteredClaimNames.Name;
    oidcOptions.TokenValidationParameters.RoleClaimType = "role";
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme);

builder.Services.AddMultiTenant() .WithBasePathStrategy() .WithHostStrategy() .WithPerTenantAuthentication();

builder.Services.ConfigurePerTenant<OpenIdConnectOptions, TenantInfo>((oidcOptions, tenant) => { oidcOptions.Authority = $"{authUrl}/{tenant.Name}"; });

builder.Services.ConfigureCookieOidcRefresh(CookieAuthenticationDefaults.AuthenticationScheme, "DmOidc");

builder.Services.AddAuthorization(); builder.Services.AddCascadingAuthenticationState(); builder.Services.AddRazorComponents() .AddInteractiveServerComponents() .AddInteractiveWebAssemblyComponents();

builder.Services.AddScoped<AuthenticationStateProvider, PersistingAuthenticationStateProvider>(); builder.Services.AddHttpContextAccessor();

var app = builder.Build();

if (app.Environment.IsDevelopment()) { IdentityModelEventSource.ShowPII = true; app.UseWebAssemblyDebugging(); } else { app.UseExceptionHandler("/Error", createScopeForErrors: true); app.UseHsts(); }

app.Use(async (context, next) => { context.Response.Headers.Append("X-Robots-Tag", "none, noarchive, nositelinkssearchbox"); await next(); });

app.UseHttpsRedirection();

app.UseStaticFiles();

app.UseMultiTenant();

app.UseAuthentication(); app.UseAuthorization();

app.UseAntiforgery();

app.MapRazorComponents() .AddInteractiveServerRenderMode();

app.MapGroup("/authentication").MapLoginAndLogout();

app.Run(); `

It seems the ConfigurePerTenant is not overriding the setting.

AndrewTriesToCode commented 2 months ago

hi, I am sorry for the late reply. I have to admit I'm not an expert at client side Blazor. Can you confirm if the issue applies if you just try injecting IOptions<OpenIdConnectOptions> somewhere to inspect what it is resolving?