The RedirectUri passed in the authentication properties is not being applied when calling the challenge

Question

I am using OpenId Connect protocol to authenticate in my application. In the Startup.cs file I have all challenges configured (login, register, change password, etc) with the returnUrl like 'https://domain.com/en-IE/Home/Index' but when I am calling the challenge I want to change the returnUrl using the current culture the user is in... For that I am calling the following:

public static void SignIn(this IOwinContext context)
{      
      var authProperties = new AuthenticationProperties { RedirectUri = 'https://domain.com/ga-IE/Home/Index' };
      context.Authentication.Challenge(authProperties, ClientSettings.Login);
}

So, my problem is that I can see the returnUrl as en-IE and not the new passed ga-IE. What am I doing wrong?

Answer 1

From your question it is not clear whether you are referring to the IdP to app traffic, or to the intra-app traffic. I will assume the former. The RedirectUri property of AuthenticationProperties is not the same RedirectUri you specify in the middleware options. Here there's a quote from my upcoming book that might help to clarify:

It is an unfortunate coincidence that the RedirectUri property just described happens to be named exactly the same as an OAuth2/OpenID Connect protocol parameter. The value passed in Challenge is not sent to Azure AD and used as part of the protocol dance: it is a local value that is used after the authentication dance takes place. All redirect URIs used by Azure AD must be explicitly registered for security reasons, and it is clearly not feasible to register all possible controller actions as return URIs. That’s why Azure AD normally associates only a few return URIs with each app (typically one for every deployment root) and the middleware itself takes care of performing local redirects without involving the IdP to ensure that requests land on the correct resource.