Closed quanth29 closed 10 months ago
As you're using OpenIdConnectResponseType.Code
you either need to set OpenIdConnectOptions.RedeemCode
to true, or exchange your authorization code for a token and set the TokenEndpointResponse
accordingly.
You can see in the middleware code that this is where your AuthorizationCodeReceived
notification is called and there is no AuthenticationTicket
passed to you (as this only happens when an ID token is received in the response):
https://github.com/aspnet/AspNetKatana/blob/dev/src/Microsoft.Owin.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs#L431
If you want to let the middleware generate the AuthenticationTicket
for you to manipulate, I suggest you do so in another notification, e.g. in the SecurityTokenValidated
notification as you can see the `AuthenticationTicket is already given to you.
https://github.com/aspnet/AspNetKatana/blob/dev/src/Microsoft.Owin.Security.OpenIdConnect/OpenidConnectAuthenticationHandler.cs#L495-L503
See this other open issue which is in a similar area to the problem you're facing.
Thanks, I have already fixed it. But why don’t set RedeemCode = true automatically if the reponse_type = code ?
That's a question for a maintainer - though consider this:
private bool _redeemCodeValue = false;
public bool RedeemCode {
get {
return this.ResponseType == OpenIdConnectResponseType.Code ? true : _redeemCodeValue;
}
set {
this._redeemCodeValue = value;
}
}
That seems a lot more confusing to me, not to mention it wouldn't work if I were to try to set RedeemCode to false
and then we'd need another level of indirection to check whether the false
value is a result of the default false
or the explicitly set false
.
But why don’t set RedeemCode = true automatically if the reponse_type = code ?
Automatic code redemption was added recently and was made opt in to avoid breaking people that had been doing it manually.
I'm using OpenIdConnectAuthentication with code flow to implement the OpenIdConnect login. But on the AuthorizationCodeReceived, the property notification.AuthenticationTicket is null value. Any advice? Here is my startup: