External login provider error messages no longer rendered from ViewDataExtensions.TokenExternalSignInError

[dataworking]

Which Umbraco version are you using? (Please write the exact version, example: 10.1.0)

13.0.3

Bug summary

We have a custom external login provider, when any error is encountered in there it returns a RemoteAuthenticationHandler failure response which gets caught in the asp.net middleware and is dealt with by exception handler middleware (ie, the last chance exception catcher) as there seems no way to return this to directly to Umbraco. From the exception handler we set a cookie with the error message as follows

context.Response.Cookies.Append(ViewDataExtensions.TokenExternalSignInError, Convert.ToBase64String(Encoding.UTF8.GetBytes(someerrormessage)), new CookieOptions() { HttpOnly = true, Secure = true });

and redirect to the Umbraco login screen.

This get processed and rendered automatically by Umbraco 11 on the login screen as an error using the Html.AngularValueExternalLoginInfoScriptAsync(externalLogins, ViewData.GetExternalSignInProviderErrors()!) by the builtin Umbraco.Cms.StaticAssets/umbraco/UmbracoBackOffice/Default.cshtml

In Umbraco 13 with the new login screen, there seems to be no way to render these error messages, so external provider login messages do not display.

Specifics

No response

Steps to reproduce

Return a HandleRequestResult.Fail from any external login provider implementing RemoteAuthenticationHandler

Expected result / actual result

Expect there to be some way to display errors from external providers in the login screen.

---

This item has been added to our backlog AB#37110

[github-actions]

Hi there @dataworking!

Firstly, a big thank you for raising this issue. Every piece of feedback we receive helps us to make Umbraco better.

We really appreciate your patience while we wait for our team to have a look at this but we wanted to let you know that we see this and share with you the plan for what comes next.

• We'll assess whether this issue relates to something that has already been fixed in a later version of the release that it has been raised for.
• If it's a bug, is it related to a release that we are actively supporting or is it related to a release that's in the end-of-life or security-only phase?
• We'll replicate the issue to ensure that the problem is as described.
• We'll decide whether the behavior is an issue or if the behavior is intended.

We wish we could work with everyone directly and assess your issue immediately but we're in the fortunate position of having lots of contributions to work with and only a few humans who are able to do it. We are making progress though and in the meantime, we will keep you in the loop and let you know when we have any questions.

Thanks, from your friendly Umbraco GitHub bot 🤖 🙂

[iOvergaard]

Hey, thanks for taking the time to write this issue. It is much appreciated! I can confirm this does not work with the new login screen yet.

It seems to have something to do with a missing implementation detail around the handler in BackOfficeController.cs:

Umbraco-CMS/src/Umbraco.Web.BackOffice/Controllers/BackOfficeController.cs

Lines 468 to 475 in e04c4a8

	if (ViewData.FromBase64CookieData<BackOfficeExternalLoginProviderErrors>(
	_httpContextAccessor.HttpContext,
	ViewDataExtensions.TokenExternalSignInError,
	_jsonSerializer) ||
	ViewData.FromTempData(TempData, ViewDataExtensions.TokenExternalSignInError) || ViewData.FromTempData(TempData, ViewDataExtensions.TokenPasswordResetCode))
	{
	return defaultResponse();
	}

We will get this sorted and fixed.

[iOvergaard]

Hello again, we were able to figure out a solution with #15715 and the fix will be released in the upcoming 13.2 release.