This will allow us to authenticate users against our AD within the company and other AD providers on our sister companies.
We are on NOP 4.0.
I've set up the plugin with a custom Registrar that implements IExternalAuthenticationRegistrar and adds the OpenIdConnect configuration to the builder.
I've tested the settings with a standard Asp.Net Core web app to validate that everything is correct.
I implemented a controller with a Login action to issue the Challenge command, which redirects the user to Auth0's login page, and I get a code back and some auth cookies.
The problem is that the Microsoft.AspNetCore.Authentication.OpenIdConnect implementation is supposed to wire up (behind the scenes) an /signin-oidc endpoint which silently receives the codes/tokens and validate them, upon which the user claims/info can be fetched from the Authority (Auth0).
However, whereas that works well in a plain old Asp.Net Core application, this endpoint fail to wire up in NOP and I get back a 404, telling me the /signin-oidc endpoint was not found.
Putting the app in debug mode, I get the following error:
System.InvalidOperationException
HResult=0x80131509
Message=No IAuthenticationSignInHandler is configured to handle sign in for the scheme: Auth0
Source=Nop.Web.Framework
StackTrace:
at Nop.Web.Framework.Infrastructure.Extensions.ApplicationBuilderExtensions.<>c.<UseNopExceptionHandler>b__1_1(HttpContext context) in T:\buildasign\nop-commerce\src\Presentation\Nop.Web.Framework\Infrastructure\Extensions\ApplicationBuilderExtensions.cs:line 81
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware.<Invoke>d__6.MoveNext()
Can anyone help me figure out what I need to do to make this work with NOP, please?
Here's my Registrar:
public class BasAuthenticationRegistrar : IExternalAuthenticationRegistrar
{
/// <summary>
/// Configure
/// </summary>
/// <param name="builder">Authentication builder</param>
public void Configure(AuthenticationBuilder builder)
{
builder.AddOpenIdConnect(BasAuthenticationDefaults.AuthenticationScheme, options =>
{
options.SignInScheme = BasAuthenticationDefaults.AuthenticationScheme;
var settings = EngineContext.Current.Resolve<BasExternalAuthSettings>();
options.ClientId = settings.ClientKeyIdentifier;
options.ClientSecret = settings.ClientSecret;
options.Authority = BasAuthenticationDefaults.Domain;
options.ResponseType = "code";
options.Scope.Clear();
options.Scope.Add("openid");
options.CallbackPath = new PathString("/signin-oidc");
options.ClaimsIssuer = BasAuthenticationDefaults.AuthenticationScheme;
options.GetClaimsFromUserInfoEndpoint = true;
options.SaveTokens = true;
options.Events = new OpenIdConnectEvents
{
//handle the logout redirection
OnRedirectToIdentityProviderForSignOut = (context) =>
{
var logoutUri =
$"https://cimpress.auth0.com/v2/logout?client_id={settings.ClientKeyIdentifier}";
var postLogoutUri = context.Properties.RedirectUri;
if (!string.IsNullOrEmpty(postLogoutUri))
{
if (postLogoutUri.StartsWith("/"))
{
var request = context.Request;
postLogoutUri =
$"{request.Scheme}://{request.Host}{request.PathBase}{postLogoutUri}";
}
logoutUri += $"&returnTo={Uri.EscapeDataString(postLogoutUri)}";
}
context.Response.Redirect(logoutUri);
context.HandleResponse();
return Task.CompletedTask;
}
};
});
}
}