CODEWITHSUNDEEP
.netasp.net-core
Paul
Paul

Reputation: 9541

Oauth identity user is not the .net identity user

Using .net core 1... When someone signs up/logs in using oauth2, the identity ID is provided by oauth, even if there's a local user. Is there a way to join up the oauth user with the local identity user?

Following this example - https://rameshksh.wordpress.com/2016/12/08/linkedin-authentication-in-asp-net-core/ you can either login using "Identity" or you can login using Oauth - they aren't connected. Am I missing something obvious or is this just how it works?

Upvotes: 0

Views: 460

Answers (1)

Paul
Paul

Reputation: 9541

I was able to resolve this through some trial and error...

        app.UseOAuthAuthentication(new OAuthOptions
        {
            AuthenticationScheme = "LinkedIn",
            DisplayName = "LinkedIn",

            ClientId = Configuration["linkedin:clientId"],
            ClientSecret = Configuration["linkedin:clientSecret"],

            CallbackPath = new PathString("/signin-linkedin"),

            AuthorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization",
            TokenEndpoint = "https://www.linkedin.com/oauth/v2/accessToken",
            UserInformationEndpoint = "https://api.linkedin.com/v1/people/~:(id,formatted-name,email-address,picture-url)",

            Scope = { "r_basicprofile", "r_emailaddress", "w_share" },
            Events = new OAuthEvents
            {
                OnTicketReceived = context =>
                {
                    // Indicate that we handled the login
                    context.HandleResponse();

                    // Default redirect path is the base path
                    if (string.IsNullOrEmpty(context.ReturnUri))
                    {
                        context.ReturnUri = "/";
                    }

                    context.Response.Redirect(context.ReturnUri);

                    return Task.FromResult(0);
                },

                OnCreatingTicket = async context =>
                {
                    // Retrieve user info
                    var request = new HttpRequestMessage(HttpMethod.Get, context.Options.UserInformationEndpoint);
                    request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", context.AccessToken);
                    request.Headers.Add("x-li-format", "json"); // Tell LinkedIn we want the result in JSON, otherwise it will return XML

                    var response = await context.Backchannel.SendAsync(request, context.HttpContext.RequestAborted);
                    response.EnsureSuccessStatusCode();

// Do database stuff to find user using parameters provided through oauth
// Perform identity sign in using sign in manager
                    await signInManager.SignInAsync(dbUser, false);
                }
            }
        });

        app.Map("/login", builder =>
        {
            builder.Run(async context =>
            {
                // Return a challenge to invoke the LinkedIn authentication scheme
                await context.Authentication.ChallengeAsync("LinkedIn", properties: new AuthenticationProperties() { RedirectUri = "/" });
            });
        });

It is the code in "OnTicketReceived" that prevents the middleware from dropping it's own cookie for just LinkedIn authentication.

Upvotes: 2

Related Questions