rudgr wrote:yeah, you're absolutely right! I looked in source code, just wanted to check if I could use ExternalAuth also for non-oAuth based authentication methods.
If you have a look at the Nop.Plugin.ExternalAuth.OpenId plugin, you'll see that 'IExternalAuthenticationMethod' actually does nothing more than assigning an Action for the external login button. Then if we look at the 'PublicInfo' Action method (in ExternalAuthOpenIdController), there is this line:
_openIdProviderAuthorizer.Authorize(returnUrl);
Then if we look at
OpenIdProviderAuthorizer.Authorize() method, you can see there is a call to '
_authorizer.Authorize()' which then brings us to
ExternalAuthorizer.Authorize() method. In that method, we can see there is these lines:
//migrate shopping cart
_shoppingCartService.MigrateShoppingCart(_workContext.CurrentCustomer, userFound ?? userLoggedIn);
//authenticate
_authenticationService.SignIn(userFound ?? userLoggedIn, false);
//activity log
_customerActivityService.InsertActivity("PublicStore.Login", _localizationService.GetResource("ActivityLog.PublicStore.Login"),
userFound ?? userLoggedIn);
Which means the method that actually log your user in is the
_authenticationService.SignIn() method.
In other words, we can safely say that, whatever the case is, as long as we call
AuthenticationService.SignIn(), we'll be able to actually sign a user in. The ExternalAuth plugin is just a helper method to do the verification on the 3rd party side (to verify user existence in the 3rd party side). But once the identity is confirmed on the 3rd party side, the method that actually logs the user in is
AuthenticationService.SignIn(). Knowing this allows us to do anything we want to do! :D