How to pass ui_locales back to requested client?

Question

How can I pass the ui_locales from IdentityServer to clients after the Authorised Request has completed?

I've got multiple apps + Idsv4 under different domains (we can't share cookies). Example:

1. Mvc App1 (Main landing website)
2. Mvc App2
3. Identity Server

• The user goes to MvcApp1 and changes the UiLocales on the screen (Eg. es-ES). I stored ui-Culture in the cookies
• Then they click login and the AuthorisedRequest is sent to Idsv4 with ui_locales (es-ES).
• Idsv4 receives the ui_locales and display the correct translated text (es-ES) with Login screen.
• The user enters user credentials, successful and return to redirectUri
• App1 can still show the correct text because it stores the locales in the cookies
• When User naviagates to App2 and authorize request occurs, Idsv4 doesn't return the correct locales
• so, App2 always show English text after successful authorization

The problem is that I can manage to pass the locales information between main app and idsv4 to display correct localized texts in both applications. But when the user navigate to second app (we've got more than 5 apps linked to idsv4), it's always set back to English text.

Please see the sequence diagram below:

As you can see above, since Idsv4 doesn't return ui_locales information (even though it does display correct translation text on its own), second app couldn't detect which language to display and fall back to default language - English.

I passeed the culture info per following in Startup.cs of App1. But ctx.ProtocolMessage.UiLocales is always null on OnAuthorizationCodeReceived event.

options.Events = new OpenIdConnectEvents
{
    OnRedirectToIdentityProvider = ctx =>
    {
        ctx.ProtocolMessage.UiLocales = Thread.CurrentThread.CurrentUICulture.Name;
        return Task.CompletedTask;
    },
    OnAuthorizationCodeReceived = ctx =>
    {
        Console.WriteLine("OnAuthorizationCodeReceived");
        return Task.CompletedTask;
    },
    ....
}

So, I am wondering is there anyway to embed ui_locales values after the successful authorization in Idsv4.

Or Idsv4 is not doing like that because it's not the responsibility of Authentication Service?

Do I have to pass the locale information when the user navigates to other Apps to workaround this problem?
Example: https://ttcgApp1.com/?ui=es-ES, https://MyApp2.net/?ui-es-ES

Could you please help?

Answer 1

IdentityServer does not send any information back to the client, so best solution may be to add a claim that tells which locale was used at the time of login.

Please note that the token does contain additional information about the login process, e.g. the used flow: "amr" = [ "pwd"].

Information that can be used to limit access on the client, e.g. requiring 2FA.

Since OnAuthorizationCodeReceived is only called after succesful login, that's the one place where you can read the claim and use it to set the locale accordingly to the user locale in IdentityServer.