I am trying to get external login with identityserver4 to work. It almost works, however, it does not auto-create or links when an external user is logged in. If I create a user in Umbraco am able to link the user manually.
I have the following configured - but I must be missing something
.AddBackOfficeExternalLogins(builder =>
builder.AddBackOfficeLogin(
build =>
build.AddOpenIdConnect(
build.SchemeForBackOffice(OpenIdConnectDefaults.AuthenticationScheme),
"External login",
options =>
{
// use cookies
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
// pass configured options along
// Use the authorization code flow
options.AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet;
options.RequireHttpsMetadata = false;
options.Authority = "https://localhost:3930";
options.MetadataAddress = "https://localhost:3930/.well-known/openid-configuration";
options.ClientSecret = "**";
options.ClientId = "***";
options.GetClaimsFromUserInfoEndpoint = true;
options.ResponseType = "code id_token";
options.CallbackPath = new PathString("/");
options.RemoteSignOutPath = "/oidc-signout";
options.SignedOutRedirectUri = "**";
options.Scope.Clear();
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.SaveTokens = true;
options.UsePkce = true;
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role",
};
}
),
options =>
new BackOfficeExternalLoginProviderOptions(
"btn-primary", // button stype
"fa-windows", // icon
new ExternalSignInAutoLinkOptions(autoLinkExternalAccount: true, defaultUserGroups: new[] { Constants.Security.EditorGroupAlias }, defaultCulture: "en-US", allowManualLinking: true)
{
OnAutoLinking = (user, loginInfo) =>
{
//
},
OnExternalLogin = (user, loginInfo) =>
{
return true;
}
},
true, // deny local login
false, // autoredirect local login to external login
null) // custom backoffice view
)
)
Related
I am new to Laravel 9 and usage of Twilio API.
I am trying to create a scenario where a customer_care will call the first participant and after talking with the participant it will call the second participant with whom the first participant will communicate. While calling the second participant, the first participant's call will be kept on hold and after the second participant receives the call both their call will be merged so that they are connected to the same call.
I have written two separate function one for the first call and the other for the second call . The first function is:
public function twiliocall1(Request $request) {
$returnArray = array();
$status = "Error";
$msg = "Call not started";
$validator = Validator::make($request->all(), [
'participants' => 'required|array',
'twilloNo' => 'required',
'contact_id' => 'required'
]);
if ($validator->fails()) {
return response()->json(['error' => $validator->errors()], 401);
}
$twilloNo = $request->input('twilloNo');
$participants = $request->input('participants');
$sid = "xxxxx";
$token = "yyyy";
$client = new Client($sid, $token);
if (!empty($participants)) {
foreach($participants as $participant) {
$call1 = $client->account->calls->create(
$participant,
$twilloNo,
array("url" => "https://lbwr.operative.dev/multitenant/public/files/conference.php")
);
}
$status = "Success";
$msg = "Call started";
echo($call1->sid);
}
$returnArray['status'] = $status;
$returnArray['msg'] = $msg;
return response()->json($returnArray, 200);
}
The second function is:
public function twiliocall2(Request $request) {
$returnArray = array();
$status = "Error";
$msg = "Call not started";
$validator = Validator::make($request->all(), [
'participants' => 'required|array',
'twilloNo' => 'required',
'contact_id' => 'required',
'sid' => 'required'
]);
if ($validator->fails()) {
return response()->json(['error' => $validator->errors()], 401);
}
$twilloNo = $request->input('twilloNo');
$participants = $request->input('participants');
$parent_sid = $request->input('sid');
$sid = "xxxx";
$token = "yyyy";
$client = new Client($sid, $token);
foreach($participants as $participant) {
$call = $client->account->calls->get($parent_sid);
$call->update(
$participant,
$twilloNo,
array(
"Url" => "http://demo.twilio.com/docs/voice.xml",
"Method" => "POST"));
}
$status = "Success";
$msg = "Call started";
$returnArray['status'] = $status;
$returnArray['msg'] = $msg;
return response()->json($returnArray, 200);
}
$sid and $token value is same for both the function. I am trying to call the first function using the following json array:
{
"participants":["12345"],
"twilloNo":"68564",
"contact_id":"1234"
}
And on hitting I am getting the sid of this call which I am passing as a json array element to the function twiliocall2() as:
{
"participants":["+7777"],
"twilloNo":"111122",
"contact_id":"1023",
"sid":"fdthgfjkhbklnj"
}
All the values are changed.
The problem arises when I am calling the second function with this Json array as it throws an error:
Twilio\Exceptions\TwilioException: Unknown subresource get in file /opt/lampp/htdocs/multitenant/vendor/twilio/sdk/src/Twilio/Rest/Api/V2010/Account/CallList.php
Kindly suggest if possible where am I going wrong. I am not getting any idea how to implement this scenario any further.
The code in the Controller is as follows which parse an JSON and creates a Conference object where the error is occouring:
public function twilioConferenceCall(Request $request) {
$returnArray = array();
$status = "Error";
$msg = "Call not started";
$validator = Validator::make($request->all(), [
'participants' => 'required|array',
'fromNo' => 'required|numeric',
'twilloNo' => 'required',
'contact_id' => 'required'
]);
if ($validator->fails()) {
return response()->json(['error' => $validator->errors()], 401);
}
$fromNo = $request->input('fromNo');
$twilloNo = $request->input('twilloNo');
$sid = "someid";
$token = "sometoken";
$client = new Client($sid, $token);
$conference = $client->conferences->create([
'friendlyName' => 'Test Conference Call'
]);
$conference_sid = $conference->sid;
if ($fromNo != "" && !empty($request->participants)) {
foreach($request->participants as $participant) {
$concall = $client->account->calls->create(
$participant,
$twilloNo,
array(
"url" => "http://twimlets.com/conference?Name=Test%20Conference%20Call&ConferenceSid=".$conference_sid."&Moderators%5B0%5D=".$fromNo
)
);
$status = "Success";
$msg = "Started call to " . $participant;
}
}
$returnArray['status'] = $status;
$returnArray['msg'] = $msg;
return response()->json($returnArray, 200);
}
The JSON which am I sending is as follows:
{
"participants":["+1234","+9999"],
"fromNo":"+5678",
"twilloNo":"119988",
"contact_id":"1057"
}
The error which it throws is:
Error: Call to undefined method Twilio\Rest\Api\V2010\Account\ConferenceList::create()
I have included the following headers in my file
use Twilio\autoload;
use Twilio\Rest\Client;
Kindly suggest where am I doing wrong.
I am getting error whenever my client application make request to my authorization server which uses OpenID connect (please refer below screenshot).
I have setup the authorization server at https://localhost:5001/. The Authorization Server is working as intended when I tested with Angular client app which I found on the internet. But when I tried it with my .net core mvc app, I'm getting the afore mentioned error.
I have configured my mvc app for OpenId connect as follows:
builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(options =>
{
options.ClientId = "spa_client";
options.ClaimsIssuer = "https://localhost:5001/";
options.Authority = "https://localhost:5001/";
options.ResponseType = OpenIdConnectResponseType.Code;
options.SignedOutRedirectUri = "https://localhost:7077/";
//options.GetClaimsFromUserInfoEndpoint = true;
options.RequireHttpsMetadata = false;
});
builder.Services.AddAuthorization();
It gets redirected to the authorization server endpoint https://localhost:5001. However, I'm always getting the error screen. The working Angular configuration for OpenID connect:
const redirUri = isDevMode()
? 'http://localhost:4200'
: window.location.origin;
const devModeIssuer = 'https://localhost:5001/';
this.oauthService.configure({
clientId: 'spa_client',
issuer: isDevMode()
? devModeIssuer
: window.location.origin + '/',
redirectUri: redirUri,
responseType: 'code',
scope: 'openid roles email server_scope api_scope',
requireHttps: false
});
this.oauthService.events.subscribe(async (e: OAuthEvent) => {
if (e.type === 'token_received' || e.type === 'token_refreshed') {
this.user.loadProfile();
}
if (e.type === 'discovery_document_loaded' && this.oauthService.hasValidAccessToken()) {
this.user.loadProfile();
}
});
this.oauthService.loadDiscoveryDocumentAndLogin({
onTokenReceived: () => {
this.user.loadProfile();
}
});
Where do I get it wrong?
I am configuring a asp.net mvc app (or relying party) to use thinktecture identity server. Identity Server is up and running locally and I am able to retrieve metadata from its endpoint.
Here is the code used to register the middleware:
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions("localIdp")
{
AuthenticationType = "localIdp",
ClientId = "Welfare4Partners",
MetadataAddress = "https://localhost:44333/core/.well-known/openid-configuration",
//Configuration = new OpenIdConnectConfiguration
//{
// AuthorizationEndpoint = "https://localhost:44333/core/connect/authorize",
// JwksUri = "https://localhost:44333/core/.well-known/jwks",
// TokenEndpoint = "https://localhost:44333/core/connect/token",
// UserInfoEndpoint = "https://localhost:44333/core/connect/userinfo",
// Issuer = "https://localhost:44333/core",
// EndSessionEndpoint = "https://localhost:44333/core/connect/endsession",
//},
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeReceived = (context) =>
{
return Task.FromResult(context);
},
SecurityTokenReceived = (context) =>
{
return Task.FromResult(context);
},
SecurityTokenValidated = (context) =>
{
return Task.FromResult(context);
},
AuthenticationFailed = (context) =>
{
context.HandleResponse();
context.OwinContext.Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType, context.Options.AuthenticationType);
context.SkipToNextMiddleware();
return Task.FromResult(context);
},
MessageReceived = (context) =>
{
return Task.FromResult(context);
},
RedirectToIdentityProvider = (context) =>
{
return Task.FromResult(context);
}
},
Authority = "https://localhost:44333",
RedirectUri = AppSettings.PostLoginRedirectUri,
ResponseType = OpenIdConnectResponseTypes.IdToken,
Scope = "openid",
SignInAsAuthenticationType = CookieAuthenticationDefaults.AuthenticationType
});
As you can see I have commented the Configuration property once I have the MetadataAddress prop set.
I am calling the middleware with the following line of code in an Action:
var authProperties = new AuthenticationProperties { RedirectUri = AppSettings.PostLoginRedirectUri, IsPersistent = false, };
OwinContext.Authentication.Challenge(authProperties, authenticationType);
I have verified the value of the authenticationType and it contains "localIdp". After calling the challenge nothing happens. Odd think is that if I comment the metadataAddress and uncomment the Configuration property, the middleware is called.
Is there a way to debug the OWIN requests in order to check what's wrong in the code?
Metadata is the following:
{
"issuer": "https://localhost:44333/core",
"jwks_uri": "https://localhost:44333/core/.well-known/jwks",
"authorization_endpoint": "https://localhost:44333/core/connect/authorize",
"token_endpoint": "https://localhost:44333/core/connect/token",
"userinfo_endpoint": "https://localhost:44333/core/connect/userinfo",
"end_session_endpoint": "https://localhost:44333/core/connect/endsession",
"check_session_iframe": "https://localhost:44333/core/connect/checksession",
"revocation_endpoint": "https://localhost:44333/core/connect/revocation",
"introspection_endpoint": "https://localhost:44333/core/connect/introspect",
"frontchannel_logout_supported": true,
"frontchannel_logout_session_supported": true,
"scopes_supported": ["openid", "profile", "email", "address", "roles", "all_claims", "offline_access", "read", "write"],
"claims_supported": ["sub", "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at", "email", "email_verified", "address", "role"],
"response_types_supported": ["code", "token", "id_token", "id_token token", "code id_token", "code token", "code id_token token"],
"response_modes_supported": ["form_post", "query", "fragment"],
"grant_types_supported": ["authorization_code", "client_credentials", "password", "refresh_token", "implicit", "custom2", "custom"],
"subject_types_supported": ["public"],
"id_token_signing_alg_values_supported": ["RS256"],
"code_challenge_methods_supported": ["plain", "S256"],
"token_endpoint_auth_methods_supported": ["client_secret_post", "client_secret_basic"]
}
I'm tying to figure out OAuth2.0, OIDC1.0 and IdentityServer4. I've setup a test MVC Core client with only "openid" scope requested. But somehow OpenIdConnnect middleware keeps adding "profile" scope to the requested scopes. Is "profile" a mandatory scope? Should I enable it? Or what am I doing wrong here? I'd appreciate any input.
IdSrv resources:
_identityResources = new List<IdentityResource>
{
new IdentityResources.OpenId(),
new IdentityResource
{
Name = "test_user",
UserClaims = new[] { "test_user.email" }
}
};
_apiResources = new List<ApiResource>
{
new ApiResource
{
Name = "test_api",
Scopes =
{
new Scope()
{
Name = "test_api.account.create",
UserClaims = new[] { "test_api.account.create" }
}
}
}
};
IdSrv client config:
new Client
{
ClientId = "client.mvcx",
ClientName = "MVC Core Client",
AllowedGrantTypes = GrantTypes.Hybrid,
AllowAccessTokensViaBrowser = false,
ClientSecrets =
{
new Secret("secret".Sha256())
},
RedirectUris = { Common.Addresses.Client + "/signin-oidc" },
PostLogoutRedirectUris = { Common.Addresses.Client },
LogoutUri = Common.Addresses.Client + "/signout-oidc",
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId
},
AllowOfflineAccess = false,
RequireConsent = false,
AlwaysIncludeUserClaimsInIdToken = true
},
MVC Client:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationScheme = "cookies",
AutomaticAuthenticate = true,
ExpireTimeSpan = TimeSpan.FromMinutes(60)
});
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
app.UseOpenIdConnectAuthentication(new OpenIdConnectOptions
{
AuthenticationScheme = "oidc",
SignInScheme = "cookies",
Authority = Common.Addresses.IdSrv,
RequireHttpsMetadata = false,
ClientId = "client.mvcx",
ClientSecret = "secret",
ResponseType = "code id_token",
Scope = { "openid" },
SaveTokens = true,
TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
NameClaimType = IdentityModel.JwtClaimTypes.Name,
RoleClaimType = IdentityModel.JwtClaimTypes.Role,
},
IdSrv error:
info: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint for /connect/authorize
fail: IdentityServer4.Validation.ScopeValidator[0]
Invalid scope: profile
fail: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
Request validation failed
info: IdentityServer4.Endpoints.AuthorizeEndpoint[0]
{
"ClientId": "client.mvcx",
"ClientName": "MVC Core Client",
"RedirectUri": "http://localhost:32579/signin-oidc",
"AllowedRedirectUris": [
"http://localhost:32579/signin-oidc"
],
"SubjectId": "anonymous",
"ResponseType": "code id_token",
"ResponseMode": "form_post",
"GrantType": "hybrid",
"RequestedScopes": "openid profile",
...
The OpenIdConnectionOptions automatically requests the openid and profile scopes (see source code), with a private setter on the Scope property.
When you set scopes like you are, you are not setting a new list, but adding to the existing.
Clearing and then adding the scope works:
var options = new OpenIdConnectOptions();
options.Scope.Clear();
options.Scope.Add("openid");
app.UseOpenIdConnectAuthentication(options);