Skip to content
This repository has been archived by the owner on Dec 14, 2017. It is now read-only.

IOAuthBearerAuthenticationProvider not being invoked #50

Closed
CrescentFresh opened this issue Oct 29, 2015 · 8 comments
Closed

IOAuthBearerAuthenticationProvider not being invoked #50

CrescentFresh opened this issue Oct 29, 2015 · 8 comments
Labels
bug

Comments

@CrescentFresh
Copy link
Contributor

2.0.0-2.2.0's TokenProvider does not get invoked with Authority and Local validation mode set:

app.UseIdentityServerBearerTokenAuthentication(
    new IdentityServerBearerTokenAuthenticationOptions
{
    Authority = ...,
    ValidationMode = ValidationMode.Local, // JWT
    TokenProvider = new OAuthBearerAuthenticationProvider()
    {
        OnValidateIdentity = ctx =>
        {
            //... HERE NOT CALLED
        }
    }
});

Rolling back to Thinktecture.IdentityServer3.AccessTokenValidation 1.2.2 and it is invoked:

app.UseIdentityServerBearerTokenAuthentication(
    new IdentityServerBearerTokenAuthenticationOptions
{
    Authority = ...,
    ValidationMode = ValidationMode.Local, // JWT
    Provider = new OAuthBearerAuthenticationProvider()
    {
        OnValidateIdentity = ctx =>
        {
            // ... ALL OK
        }
    }
});

What am I missing?
@leastprivilege
Copy link
Member

What do you want to do in OnValidateIdentity ?

@CrescentFresh
Copy link
Contributor Author

We transform the identity to include more information not directly embedded
in the token, if I recall correctly.

On Thursday, October 29, 2015, Dominick Baier notifications@github.com
wrote:

What do you want to do in OnValidateIdentity ?


Reply to this email directly or view it on GitHub
#50 (comment)
.

@leastprivilege
Copy link
Member

This would really be the job of claims transformation middleware...

https://github.com/IdentityModel/Owin.ClaimsTransformation

@CrescentFresh
Copy link
Contributor Author

There is some other validation logic we put in there. We check the user has
not been locked out in the local system (we support this in the local
application).

This seems the logical place to put it.

As far as I can tell the callback is invoked if ValidationEndpoint is used.
Is that correct?

On Thursday, October 29, 2015, Dominick Baier notifications@github.com
wrote:

This would really be the job of claims transformation middleware...

https://github.com/IdentityModel/Owin.ClaimsTransformation


Reply to this email directly or view it on GitHub
#50 (comment)
.

@leastprivilege
Copy link
Member

No - I don't think I call it at all. I can have a look tomorrow.

@CrescentFresh
Copy link
Contributor Author

If IOAuthBearerAuthenticationProvider is the interface offered in the options it's expected that it is the interface supported.

a) Is it only partially supported?
2) Would you accept a pull request to support all of it?
d) would you prefer replacing IOAuthBearerAuthenticationProvider In the options with a Func<> for each of the methods you do invoke?

@leastprivilege
Copy link
Member

I will have a look as soon as I find time -

tracking it here:

#51

@leastprivilege
Copy link
Member

i just pushed v2.2.2 to nuget - that should make your scenario work.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@leastprivilege @CrescentFresh