External Authentication for Kentico 13 not working for OpenId

Question

We are using our own identity server for authentication, so wanted to use the same for Kentico CMS site (Kentico 13, .net core Portal). All I can see is this link to integrate external authentication provider. https://docs.xperience.io/managing-users/user-registration-and-authentication/configuring-external-authentication

This article talks about external identity providers but does not talk about custom identity providers.

As mentioned in the above article, the following code

ExternalLoginInfo loginInfo = await signInManager.GetExternalLoginInfoAsync(); 

returns null all the time, is it the correct way to intgrate the identity server.

I tried following the below article: https://docs.xperience.io/managing-users/user-registration-and-authentication/configuring-external-authentication

I am using the below code but it is not working, so am I missign anything? In the Startup.cs file, I have added these.

// Adds Xperience services required by the system's Identity implementation
            services.AddScoped<IPasswordHasher<ApplicationUser>, Kentico.Membership.PasswordHasher<ApplicationUser>>();
            services.AddScoped<IMessageService, MessageService>();

            services.AddApplicationIdentity<ApplicationUser, ApplicationRole>()
                            // Adds token providers used to generate tokens for email confirmations, password resets, etc.
                            .AddApplicationDefaultTokenProviders()
                            // Adds an implementation of the UserStore for working with Xperience user objects
                            .AddUserStore<ApplicationUserStore<ApplicationUser>>()
                            // Adds an implementation of the RoleStore used for working with Xperience roles
                            .AddRoleStore<ApplicationRoleStore<ApplicationRole>>()
                            // Adds an implementation of the UserManager for Xperience membership
                            .AddUserManager<ApplicationUserManager<ApplicationUser>>()
                            // Adds the default implementation of the SignInManger
                            .AddSignInManager<SignInManager<ApplicationUser>>();

            // Configures the application's authentication cookie
            services.ConfigureApplicationCookie(c =>
            {
                c.LoginPath = new PathString("/");
                c.ExpireTimeSpan = TimeSpan.FromDays(14);
                c.SlidingExpiration = true;
                c.Cookie.Name = AUTHENTICATION_COOKIE_NAME;
            });

            // Registers the authentication cookie in Xperience with the 'Essential' cookie level
            // Ensures that the cookie is preserved when changing a visitor's allowed cookie level below 'Visitor'
            CookieHelper.RegisterCookie(AUTHENTICATION_COOKIE_NAME, CookieLevel.Essential);

            services
              .AddAuthentication(options =>
              {
                  options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                  options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; 
              })
              .AddCookie(options =>
              {
                  options.AccessDeniedPath = "/Home/Error";
              })
              .AddOpenIdConnect(options =>
              {
                  options.Authority = Setting.Instance.AuthorityUrl;
                  options.RequireHttpsMetadata = true;

                  options.ClientId = Setting.Instance.ClientId;
                  options.ClientSecret = Setting.Instance.ClientSecret;
                  options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
                  options.Events.OnRedirectToIdentityProvider = async n =>
                  {
                      n.ProtocolMessage.RedirectUri = "https://localhost:44368/ExternalAuthentication/ExternalSignInCallback";
                      await Task.FromResult(0);
                  };
              };

I have created an ExternalAuthenticationController with below action method.

[HttpPost]
        [AllowAnonymous]
        public async Task<IActionResult> ExternalSignInCallback(string returnUrl, string? remoteError = null)
        {
            // If an error occurred on the side of the external provider, displays a view with the forwarded error message
            if (remoteError != null)
            {
                return RedirectToAction(nameof(ExternalAuthenticationFailure));
            }

            // Extracts login info out of the external identity provided by the service
            ExternalLoginInfo loginInfo = await signInManager.GetExternalLoginInfoAsync();

            // If the external authentication fails, displays a view with appropriate information
            if (loginInfo == null)
            {
                return RedirectToAction(nameof(ExternalAuthenticationFailure));
            }
....
....
    }

• Is there any reason why loginInfo is null all the time.

ExternalLoginInfo loginInfo = await signInManager.GetExternalLoginInfoAsync();

• Am I using the right auth mode, or do I need to change the Authentication mode.
• If I inspect the network, I can see that the authentication is happening successfully in the identity server and it is sending a id-token with a code value but after that nothing is working.

Answer 1

it might be that your authentication scheme is not recognized in signInManager.GetExternalLoginInfoAsync(). have you tried debugging with SourceLink on? It should allow you to step through the source code for it. In any case, this is the source code for SignInManager in GitHub: https://github.com/dotnet/aspnetcore/blob/main/src/Identity/Core/src/SignInManager.cs