OpenIdConnect with request object

Tommi Koponen 0 Reputation points
2024-04-11T13:37:58.3+00:00

Version: .net 6.0

Our idp now requests that all new authentication implementations use oidc request object method instead of query parameters.

I have gotten the request object itself and signing it with our private key to work correctly and the idp accepts the request.

However when they redirect the user back to our code the State query parameter is omitted. They said that when using request object all other query parameters are ignored and the state parameter needs to be included in the request object itself.

I tested this and added a state parameter and they indeed return that one when they redirect the user back.

The problem is that the "correct" state parameter (generated by the middleware) IS NOT accessible in the RedirectToIdentityProvider event (the context.ProtocolMessage.State is empty). Is there any way to access the the actual state parameter in this event or are there any options I need to enable to make this work? I tried setting the state using

context.Options.StateDataFormat.Protect(context.Properties)

Issue here is that the middleware adds additional values into the properties after this event ends (for example I got this error when trying this method:  An error was encountered while handling the remote login. ---> System.Collections.Generic.KeyNotFoundException: The given key 'OpenIdConnect.Code.RedirectUri' was not present in the dictionary.)

 

What is the correct / best way to make use of the request object without having to build the entire state handling by hand?

Any help would be much appreciated

.NET
.NET
Microsoft Technologies based on the .NET software framework.
3,865 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.