OpenIdConnect - add extensibility point for custom redirect behavior #1173
Description
We are using OpenIdConnect and we need to customize the redirect behavior. In our scenario, the redirect is a reaction to AJAX request and instead of returning HTTP 302, we need to return HTTP 401 with the Location header specifying the target URL.
We cannot use the OnRedirectToIdentityProvider, becasue it is called too early.
https://github.com/aspnet/Security/blob/dev/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs#L343
The redirectContext.ProtocolMessage.State is not set by that time, so when we call ProtocolMessage.CreateAuthenticationRequestUrl(), we get an invalid login URL - it displays the login page, but when we get back, we get the error that the message.State is empty string or null.
Basically we need to add the OnApplyRedirect method which we could call instead of the following code:
https://github.com/aspnet/Security/blob/dev/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs#L373
I can make the change and send the PR, but I'd like to discuss the way how to do it. I don't like the OpenIdConnectRedirectBehavior enum because it kills the extensibility. But since it is there and removing it would be a breaking change, we could do this:
-
Add a new member
Customin theOpenIdConnectRedirectBehaviorenum. -
Add an extensibility point in the
OpenIdConnectEvents- something like this:
public Func<RedirectContext, Task> OnApplyCustomRedirect { get; set; } = context => TaskCache.CompletedTask;
- Call this method in all cases where the
OpenIdConnectHandlerneeds to perform the redirect, and when the redirect behavior is set toCustom.