Skip to content
This repository has been archived by the owner on Dec 13, 2018. It is now read-only.

[Authorize] fails for OpenIdConnect #139

Closed
brentschmaltz opened this issue Jan 28, 2015 · 3 comments
Closed

[Authorize] fails for OpenIdConnect #139

brentschmaltz opened this issue Jan 28, 2015 · 3 comments
Labels
3 - Done bug
Milestone
1.0.0-beta5

Comments

@brentschmaltz
Copy link
Contributor

There are two problems:

  1. OpenIdConnectHandler always expects 'Challenge' to be non-null. A change in the runtime requires that this cannot be expected.
  2. OpenIdConnectHandler sets the AuthenticationTicket.Principal property. Later, the runtime should check if AT.Identities OR AT.Principal is set.

Without these fixes

  1. [Authorize] attribute will have no effect for OIDC code.
  2. Users who manage SSO, will never see the identity created by OIDCHandler.
@blowdart
Copy link
Member

Why on earth does AuthorizeTicket have both an identities and a principal property?

A better fix for 2 would be to choose one or the other.

@Praburaj Praburaj added the bug label Jan 28, 2015
@HaoK
Copy link
Member

HaoK commented Jun 3, 2015

I'm assuming this is fixed now?

@Eilon Eilon added this to the 1.0.0-beta5 milestone Jun 4, 2015
@Eilon
Copy link
Member

Eilon commented Jun 4, 2015

This is now fixed (as confirmed via the templates).

@Eilon Eilon closed this as completed Jun 4, 2015
@Eilon Eilon added the 3 - Done label Jun 4, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
3 - Done bug
Projects
None yet
Milestone
1.0.0-beta5
Development

No branches or pull requests
5 participants
@Eilon @blowdart @Praburaj @brentschmaltz @HaoK