Reputation: 22957
Same redirect uri for multiple providers in oidc
I want to have my relying party app (RP) be able to connect with any oidc provider. That means that users will be able to set up any identity provider that supports openid connect.
Therefor I want my RP app to have a single redirect uri, for example
So that all IDPs will call the same one in auth code flow.
How would the RP distinguish between each IDP ? and know which IDP to call to complete the oauth flow ?
Upvotes: 2
Views: 1765
Answers (1)
Reputation: 8431
You could use the state parameter of the auth request:
stateOpaque value used to maintain state between the request and the callback ...
The state value would contain both a random part and an auth privider identifier. For example "google-A41DsGDm". The auth provider is supposed to return the same state value with the redirect URL containing an auth code. So your /auth/callback handler would know, which auth provider's /token endpoint to call to get tokens (after validation of the random part of the state value).
For completeness, if you just wanted to use a single backend handler, you could map all URIs starting with /auth/callback to the handler and accept the following path param as auth provider identifier. For example /auth/callback/google?code=....
Upvotes: 4
Related Questions
- How to set redirect_uri parameter on OpenIdConnectOptions for ASP.NET Core
- OWIN OpenIdConnect middleware - set RedirectUri dynamically
- OIDC client redirect to specific login provider at IdentityServer4
- How to configure multiple Oidc providers in IdentityServer4
- OIDC, Redirect URL and wildcard
- Redirect URIs must all belong to the same domain
- Oauth2 server redirect URI
- How to identify provider for oauth2 redirect_uri callback?
- Can Google Oauth redirect_uri be configured with pattern?
- Specify multiple redirect URIs for facebook OAuth2