search

mattmorg55 / Owin.Security.Keycloak

Keycloak Authentication Middleware for the C# OWIN Pipeline
http://keycloak.jboss.org
MIT License
17 stars 20 forks source link

Cannot perform post-auth claims transformation #15

Open jptillman opened 5 years ago

jptillman commented 5 years ago

In my system, I need to add additional claims after a successful keycloak authentication AND have the authenticated user persisted in the cookie so the auth doesn't happen on each page load. There appears to be no hook in this library for a ClaimsTransformation to be performed.
Following the instructions at https://github.com/dylanplecki/KeycloakOwinAuthentication/wiki/ASP.NET-MVC-Tutorial (which is the only example code I can find anywhere using any KeyCloak library similar to this fork), my code looks like this:

            const string persistentAuthType = "cookie_auth";

            app.SetDefaultSignInAsAuthenticationType(persistentAuthType); // Cookie is primary session store
            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = persistentAuthType,         
            });          

            // --- Keycloak Authentication Middleware - Connects to central Keycloak database
            app.UseKeycloakAuthentication(new KeycloakAuthenticationOptions
            {
                ClientId = clientName,
                ClientSecret = clientSecret,
                Realm = clientRealm,
                KeycloakUrl = authorityUrlBase,
                SignInAsAuthenticationType = persistentAuthType,
                AuthenticationType = ssoAuthType,
                DisableAudienceValidation = true,
                Scope = "openid profile email",
                EnableBearerTokenAuth = true,
                // per https://github.com/mattmorg55/Owin.Security.Keycloak/pull/13
                DisableAllRefreshTokenValidation = true,
            });

Where do I transform?