New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
umbracoExternalLoginToken table is outdated with OpenIdConnect for members #12749
Comments
Hi there @jbreuer! Firstly, a big thank you for raising this issue. Every piece of feedback we receive helps us to make Umbraco better. We really appreciate your patience while we wait for our team to have a look at this but we wanted to let you know that we see this and share with you the plan for what comes next.
We wish we could work with everyone directly and assess your issue immediately but we're in the fortunate position of having lots of contributions to work with and only a few humans who are able to do it. We are making progress though and in the meantime, we will keep you in the loop and let you know when we have any questions. Thanks, from your friendly Umbraco GitHub bot 🤖 🙂 |
Has anyone been able to reproduce this? I could give a live demo if anyone is interested. |
This has been added to sprint planning for next sprint, we'll do our best to have a look in the next two weeks. |
I've run into another issue. Not sure if it's the same bug, but since it's probably related I'll add the info here. Which exact Umbraco version are you using? For example: 9.0.1 - don't just write v910.1.0 Bug summaryI was trying to do the same setup as from the original bug report, but on a new 10.1.0 project with SQLite. When I try to login I'm redirect to the Identity Provider. After I login there I'm redirected back to Umbraco, but that gives the following error:
SpecificsThis is the full error from the logs:
Timestamp 2022-08-15T07:59:30.3014175+00:00 Steps to reproduceFollow the steps to reproduce from the original bug on a 10.1.0 site with SQLite. Then try to login to the external provider with a new member. Expected result / actual resultAfter I login into the external provider I should also be logged into Umbraco. My updated tokens should be stored in the umbracoExternalLoginToken table. |
Might want to experiment with only removing/updating if the value is different
As mentioned by @nikolajlauridsen the SQLite error might not be related: e2f5c93#commitcomment-81412921 That's why I created a separate for it: #12853 |
Closing this issue since it's fixed in this PR: #12856 |
Which exact Umbraco version are you using? For example: 9.0.1 - don't just write v9
9.5.1
Bug summary
When an external login provider with OpenIdConnect is configured for members their tokens are saved in the umbracoExternalLoginToken table. However the tokens are only stored here if they don't exist yet. If you try to login again the tokens in the umbracoExternalLoginToken are not updated.
This problem probably also happens for backend users, but I could not test that.
Specifics
If you try to login with a member that has already been created at some point in
MemberUserStore.cs
theUpdateAsync
method is called. If you retrieved new tokens from the external login provider theisTokensPropertyDirty
is true and_externalLoginService.Save
is called. After this I expected the new tokens to be stored in the umbracoExternalLoginToken table, but that never happend.Steps to reproduce
Setup an Umbraco project and follow these instructions to connect to an external login provider with auto linking:
https://our.umbraco.com/documentation/reference/security/external-login-providers/
https://our.umbraco.com/documentation/reference/security/auto-linking/
This is an example of Startup.cs:
This is an example of OpenIdConnectMemberExternalLoginProviderOptions.cs:
After you have this setup you can use the Macro's from here to login: https://our.umbraco.com/documentation/Tutorials/Members-Registration-And-Logins/
Now you can login into the external login provider and you will be redirected back to the website where your username will be shown. In the umbracoExternalLoginToken table are now your tokens. Than logout on the website and the external login provider (do that manually for now because we can't set the IdTokenHint yet). If you login again with the same user you will get new tokens from the external login provider, but those are not stored in umbracoExternalLoginToken table. If you try to get the LoginTokens from MemberIdentityUser those are also the old ones.
You can also find more info in this topic: https://our.umbraco.com/forum/using-umbraco-and-getting-started/108415-persist-and-refresh-access-token-after-external-microsoft-b2c-login#comment-337421
Expected result / actual result
I want the logout to also happen on the external login provider. For that I need to set the
IdTokenHint
property onOnRedirectToIdentityProviderForSignOut
. Currently I can't do that because theid_token
I get back from the umbracoExternalLoginToken table is outdated.This item has been added to our backlog AB#21593
The text was updated successfully, but these errors were encountered: