Sending Custom Parameters to Login Page

[kneerun]

Following issue #76
Could you please elaborate on what needs to be customized in identity server in order for the custom parameter (e.g.: company-id) to propagate from the client to the login page as a separate parameter?

The request will look like this:
Authorize request: /connect/authorize?client_id=my-client&...&company-id=my-company
Login Page request: /account/login?returnUrl=/connect/authorize/login?...&company-id=my-company

I see the redirect to the login page is done on LoginPageResult.ExecuteAsync. To add there a new custom query string parameter I guess i should provide an custom implementation for this class, right?
How to inject this custom implementation?

[leastprivilege]

here

https://github.com/IdentityServer/IdentityServer4.Quickstart.UI/blob/release/Quickstart/Account/AccountService.cs#L33

[kneerun]

Apologies if the question is trivial for this my first attempt to extend the framework.

My intention is that the custom parameter will not be part of the returnUrl but will be a propagated as a separate parameter to the Login action in the Account Controller so that it will like this:
public async Task<IActionResult> Login(string returnUrl, string company-id)

Is this possible within the current extensibility of the framework?

[leastprivilege]

who sends the company ID parameter? the client?

[kneerun]

Yes. The client.

[leastprivilege]

Right - and the technique I showed you let's you retrieve that from the login page.

[kneerun]

So you do suggest to pass the custom parameter to the Login Page as part of the returnUrl parameter, right?
thus reading parameter like this:
var context = await _interaction.GetAuthorizationContextAsync(returnUrl);
string companyid = context.Parameters["company-id"];

[leastprivilege]

You pass the custom parameter to the authorize endpoint. We take care of making it available on the login page.

[kneerun]

I perfectly understand that custom parameter should be sent to the Authorize Endpoint as described in the opening post of this issue:

Authorize request: /connect/authorize?client_id=my-client&...&company-id=my-company

Question was how to read it in the login page. Based on your instructions I now read it from the returnUrl like this: string companyid = context.Parameters["company-id"];
Let me know if i got it right.

[leastprivilege]

yep. that's correct.

[nikoszs]

Sorry for opening this thread, but how would accomplish this exact same task, however using ResourceOwner flow?
I'm trying to pass a parameter to my IResourceOwnerPasswordValidator.ValidateAsync(), it should be passed from client (SPA) to IdSrv when calling /connect/token, and is required to validate the user.

Thanks!

---

Update

For anyone that also needs to do this, its actually pretty simple:

public async Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
{
    long companyId = 0;
    long.TryParse(context.Request.Raw["company_id"], out companyId);
    //... use the parameter to do the rest
}

Then just call it as part of the body.

[leastprivilege]

by putting extra parameters in the post body.

[nikoszs]

@leastprivilege haha thanks I just found out!

[kevinlo]

Sorry to reopen this thread again. I need to pass a token parameter to the account/login where the AccountController will talk to a 3rd party Legacy IdP to validate that token and retrieve the user info to do the login in the IS4. I can't let that token shown in the QueryString so the browser history can show it.

OpenIdConnectOptions has the AuthenticationMethod = OpenIdConnectRedirectBehavior.FormPost so the Authorize request: /connect/authorize can be done in POST.

However, the account/login callback is done by GET with the redirecturl QueryString parameter which contains my token that I don't want to show in the URL.

That account/login will call back the Authorize request: /connect/authorize in GET even it has the response_mode=form_post in the QueryString.

I check the codes the account/login is in the CookieMiddelWare where it uses the UseCookieAuthentication, but there is no way to change the CookieAuthenticationOptions to handle the ICookieAuthenticationEvents.RedirectToLogin event to make the redirect in POST.

Is it possible to make the account/login and Authorize request in POST?

[leastprivilege]

no. not right now.

[leastprivilege]

Please open a separate feature request issue describing the requirements.

[SignorLuigi]

Hi @Haleni888 and the rest!!
Question: How do I send parameter in the returnUrl?
I have this in my Client:
`services.AddAuthentication(option =>
{
option.DefaultScheme = "Cookies";
option.DefaultChallengeScheme = "oidc-client1";
})
.AddCookie("Cookies")
.AddOpenIdConnect("oidc-client1", options =>
{
options.SignInScheme = "Cookies";

            options.Authority = "http://localhost:5000";
            options.RequireHttpsMetadata = false;

            options.ClientId = "client1";
            options.ClientSecret = "secret";
            options.ResponseType = "code id_token";

            //This save Token in Cookie but there is danger if Cookie is bigger than 4k
            options.SaveTokens = true;
            options.GetClaimsFromUserInfoEndpoint = true;

            options.Scope.Add("api1");
            options.Scope.Add("offline_access");

            // Callbacks for middleware to properly correlate
            options.CallbackPath = "/signin-oidc?customerName=Customer1"; //Parameter
            options.SignedOutCallbackPath = "/signout-callback-oidc";

        });`

And in the Login I have this:
[HttpGet] [AllowAnonymous] public async Task<IActionResult> Login(string returnUrl = null) { var context = await _interaction.GetAuthorizationContextAsync(returnUrl); string customer_Name = context.Parameters["customerName"];

But customer_Name is always null.

Also I still cannot find how to assign values to acr_values, so any help will be appreciated!!!

[kneerun]

Hi @mrnewrochelle,

To send a parameter from MVC hybrid client, I have used the following code as part of the OpenId Connect middleware initialization (.net core 1.x, this method is obsolete in 2.x):

app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
    // other middleware initialization code omitted for brevity 

    Events = new OpenIdConnectEvents
    {
        OnRedirectToIdentityProvider = (ctx) =>
        {
            ctx.ProtocolMessage.Parameters.Add("customer-name", "John Doe");
            return TaskCache.CompletedTask;
        }
    }
});

Hope that helps.

[SignorLuigi]

Thanks @Haleni888 Yes, I am looking how to do that exact thing in Core 2.0, so far documentation is not enough for Core 2.0, and all that I found is for Core 1.x.
Thanks again.

[SignorLuigi]

I found the problem, I was doing everything with asp.net Core 2.0 Razor Pages, and I move everything to a Controller, and now it works perfectly.

Thanks all!

[balaji-rajan]

Hi, Thank you all. This thread was very helpful and solved my queries on MVC client. I would like to know how could same can be achieved in JS/Angular (OIDC-Client) to pass additional parameters?

[Jonesie]

here

https://github.com/IdentityServer/IdentityServer4.Quickstart.UI/blob/release/Quickstart/Account/AccountService.cs#L33

This link is broked. :(

[kneerun]

You can use the aspnetcore1 branch instead of release branch.

[judi24]

Hi,
I work with identity server 4 and angular
I want to send custom param to client after login
how I do it?
thanks

[BlackBasha]

hi all ,
sorry for opening the thread again!
i am like @judi24 trying to do the same scinario using angular 8 and .net core 2.2 and i would like to ask how i would send a custom parameters from the client to identity server 4 using oidc-client.

Actually to be more clear, the client will send different values to the identity server according to different click, so for example lets us say that the angular app is like a dashboard with buttons to be clicked to go to different applications and when the user click on a given button we will send different value using a given parameter like (AppId) and at the server in the login action :
public async Task Login(string returnUrl)
{
var context = await _interaction.GetAuthorizationContextAsync(returnUrl);
if (context!=null)
{
string appId = context.Parameters["client_id"];
TempData[appId] = appId;
}
..............................................
}

we will get the parameters from the return url in this way.

many thanks.

[slst19]

hi all ,
sorry for opening the thread again!
i am like @judi24 trying to do the same scinario using angular 8 and .net core 2.2 and i would like to ask how i would send a custom parameters from the client to identity server 4 using oidc-client.

Actually to be more clear, the client will send different values to the identity server according to different click, so for example lets us say that the angular app is like a dashboard with buttons to be clicked to go to different applications and when the user click on a given button we will send different value using a given parameter like (AppId) and at the server in the login action :
public async Task Login(string returnUrl)
{
var context = await _interaction.GetAuthorizationContextAsync(returnUrl);
if (context!=null)
{
string appId = context.Parameters["client_id"];
TempData[appId] = appId;
}
..............................................
}

we will get the parameters from the return url in this way.

many thanks.

@Haleni888 @leastprivilege Can you please help I'm also looking for the same.

[ddobric]

This URL mentioned above by @leastprivilege is not working:
https://github.com/IdentityServer/IdentityServer4.Quickstart.UI/blob/release/Quickstart/Account/AccountService.cs#L33

It would be cool if you can fix it. Btw. There are many invalid URL-s in the current IntentityServer v4 documentation. It could be a generic issue?

Thanks

[leastprivilege]

Well - things change over time. I think you could work this one out yourself.

if you find any dead links, please open an issue - or a PR if you can fix it yourself.

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.