Closed courtzzz closed 5 months ago
I'm not aware of a way to achieve dynamic registration of any authentication provider out of the box, as providers need to be registered when the application starts up.
You could do it on startup if every custom tenant is known through adding every possible tenant as a different scheme, but that won't be scalable.
What you probably need to do is have a custom scheme and handler that selects the values from your database at runtime. You could maybe do that by inheriting from our provider and then adding that behaviour dynamically, but you'll have to investigate for yourself.
This isn't something we'd support ourselves.
Maybe something like Finbuckle Multitenant would help you out without the need of registering multiple schemes. It supports ”per tenant authentication”. https://www.finbuckle.com/MultiTenant/Docs/v6.12.0/Authentication
Thanks @martincostello @stonesvillage for quick assistance
For anyone coming along here looking for an answer, I eventually had to pull down the repo and then create my own installation. Its very rudimentary right now but the idea is that I intercept the "Challenge" request and then substitute the correct Okta tenant in based on the login email filled in by the client.
So I overrode the following method:
protected override async Task HandleChallengeAsync(AuthenticationProperties properties)
And pass the email through with the AuthenticationProperties
Im using IdentityServer4
Provider name
Okta
Expected behavior
Override the domain, clientid and clientsecret at runtime
Actual behavior
Additional information
I'm wondering if it is possible to override the domain, clientid and clientsecret at runtime. We are building a multi-tenant saas with multiple customers who will all have their own domain etc
The use case is if they want to use okta to authenticate, we would add their instance to our database, and then give them a dedicated login page which would need to redirect to the specific domain, using the specific clientid etc.
eg. customerA - https://customerA.okta.com eg. customerB - https://customerB.okta.com
I tried using your PostConfigure methods on our login page to reconfigure the otpions but I wasn't having any luck.
eg.![image](https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers/assets/384711/4dd9b5ee-8da0-4c20-8744-86962388ce32)
is this possible?