Closed razzemans closed 1 year ago
frederikprijck
commented
1 year ago Hello,
This is explained in our documentation, see https://github.com/auth0/auth0-aspnetcore-authentication/blob/main/EXAMPLES.md#extra-parameters
Let me know if that doesnt work.
razzemans
commented
1 year ago Hi @frederikprijck
Unfortunately that does not work. As you can see from my code snippet, I am already adding parameters to the AuthenticationProperties (using .WithParameter("ext-sourcesite", "BBB") does not make a difference).
I can see I am redirected to:
https://xxx.xxx.xxx/authorize?client_id=xxx&redirect_uri=https%3A%2F%2Flocalhost%3A44300%2Fcallback&response_type=code&scope=openid%20profile%20email&code_challenge=xxx&code_challenge_method=S256&response_mode=form_post&nonce=xxx&state=xxx&x-client-SKU=ID_NET6_0&x-client-ver=6.25.1.0
Now unless the extra parameters are encoded in the state querystring variable I don't see any additional parameters that I added.
frederikprijck
commented
1 year ago Unfortunately that does not work. As you can see from my code snippet, I am already adding parameters to the AuthenticationProperties
Your code snippet isn't using WithParameters as per our documentation, so the snippet is expected to not work.
When I useWithParameter("ext-sourcesite", "BBB"), I am redirected to /authorize, including the custom parameter. Here is a screenshot from Chrome's DevTools:
If that doesn't work for you, please provide a reproduction as it is supposed to work.
razzemans
commented
1 year ago Hi @frederikprijck
Thanks for looking into this. I made a reproducable repo:
https://github.com/razzemans/Auth0Test
If you click on Login on the sample page it will redirect to the Auth0 environment (just change to your own clientId and add the correct secret in appsettings.json).
In this repro app the response to /login results in:
HTTP/1.1 302 Found
Content-Length: 0
Date: Wed, 29 Mar 2023 09:37:50 GMT
Server: Kestrel
Location: https://inloggen.xxxxx.nl/authorize?client_id=zaReoHZDtkKfdbND5melikAyfHuismSt&redirect_uri=https%3A%2F%2Flocalhost%3A44300%2Fcallback&response_type=code&scope=openid%20profile%20email&code_challenge=ddQZQA0cCoRnMjxHAX4xkTSBsczHhp3qYrjOLuQCAuY&code_challenge_method=S256&response_mode=form_post&nonce=638156794711445472.ZjgxNGMyZGYtYWRlOC00ZTM2LWI2ZTktMjEwOTI0YzZmNDY0MWIzMGM3ZjgtZmRhZi00OGI1LTkyMDEtZjVlMzUxNDg2ZmJm&state=CfDJ8DQpXogrWdBCjIWp9211T-xHx-v5BlzAn8sHx8V5303IrDMM0d5JZx4TXgQBABraUtOI5sfwVtEIR3PnFugFj46N8Sq0iA8BuhoiyZxhby4f_XZ9JvzzVqIsgLQHSXXseZr_JosJb3lrTntHMbbKf8H2GhEGhvv_T9u6_mJECkk3LBgA6Durif1XYef6QM4RLGqW9hb-eRj63Z3FsyhfS7AwyYr5x5EfRuVpwUi1pJ2700hfQUGj7z3x-EF9bJC-o1PrUbLoaJmZY8PhS5GvqUFv7JYledpPCMQTT3GGmxwUZ487NPTzfpngVDGd-siAwvvEa7PqnBMNCA4H5P6tlcyU-JpogSa626fX2WMNIgO20eywlfjjP_wzD1_KcI3lXy7J82JZ15rbJMkRV-c_thkMsSDM4EVxtsz_sahB0uk_WprJ1uTP3zAa5XBBdmpzmgcHqxgRGSxbY6nJG7LptCRYH2mPFOY-DCMOg5lSeXuPZCB6ghRwwrdOJGd8wc6iyw&x-client-SKU=ID_NET6_0&x-client-ver=6.25.1.0
Set-Cookie: .AspNetCore.OpenIdConnect.Nonce.CfDJ8DQpXogrWdBCjIWp9211T-wOPayV7fgX3ZJyObIMH08k65Fm1ZR3TWTKurPDeJkdwHOy6g7iYj5TP6rBXTae_a4ns4Dux42DGGdoDVsWvYqar1lSRPbtmdh-0he7KNqzXbt7yenc7IVXAHlu5v4M639wNQrAkIGc8YsmXr-1F51TZ9k0r5H04XR3MZBV7NZbpgCbQiSMrNXL_djMDBUkJpOQDuchdBRsGt8kO3kltEKOr8s65Q4oCaUZ33BDEV-5fotYRIySe6okXEXv1OTRHSk=N; expires=Wed, 29 Mar 2023 09:52:51 GMT; path=/callback; secure; samesite=none; httponly
Set-Cookie: .AspNetCore.Correlation.RiFxeLeFDM18WpWgVx30ifyP6LD4E-CmYacubM4j_B4=N; expires=Wed, 29 Mar 2023 09:52:51 GMT; path=/callback; secure; samesite=none; httponlyNo additional params as far as I can see
frederikprijck
commented
1 year ago Thanks, I can reproduce the behaviour you are seeing in the sample you provided. Let me look into it and get back to you.
frederikprijck
commented
1 year ago You aren't using our SDK, but the OIDC package directly. Therefor it won't work.
You need to update your Program.cs to use our SDK, comparable to how we do here: https://github.com/auth0-samples/auth0-aspnetcore-mvc-samples/blob/master/Quickstart/Sample/Program.cs
So mostly, you need to ensure you use AddAuth0WebAppAuthentication, and not AddOpenIdConnect.
If you wish to use AddOpenIdConnect, u can use that but you should not combine it with anything from our SDK (so not even the LoginAuthenticationPropertiesBuilder, you should uninstall our SDK to avoid issues like this). In that case, you need to roll your own solution to proxy parameters to Auth0 by using the OnRedirectToIdentityProvider event here.
OnRedirectToIdentityProvider = (context) => {
context.ProtocolMessage.SetParameter("ext-sourcesite", "BBB");
}However, I would recommend using our SDK as that simplifies things by ensuring all you need to do is use WithParameter.
Hi,
We're trying to style our universal login page by passing additional parameters to the authorize request and change styling based on certain values:
I guess the idea is clear. Note the use of
transaction.params.sourcesiteI am trying to pass that variable to the authorize endpoint:
This does not work. Whatever I pass, it does not seem to be working. Any help would be appreciated.
Info: Using .NET 6 Using Auth0.AspNetCore.Authentication 1.1.0.0