-
Notifications
You must be signed in to change notification settings - Fork 10.4k
Allow acr_values and ui_locales to be specified in OpenIdConnectOptions #39503
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
We have something similar to Something similar to that is probably best, rather than trying to introduce strongly-typed parameters for ACR and UI, as then it can be a bit of a slippery slope of "oh, can we add Ultimately those properties are just backed by a dictionary anyway ( A more generic solution would be something like |
Thanks for contacting us. We're moving this issue to the |
This is the approach we should probably go with, so this is consistent with how we specify the other properties. |
Hello, |
Thanks for contacting us. We're moving this issue to the |
@mkArtakMSFT & @javiercn |
Background and Motivation
Currently to set the
acr_values
andui_locales
parameters in the authorization request (https://openid.net/specs/openid-connect-core-1_0.html section 3.1.2.1. Authentication Request), we need to use theOnRedirectToIdentityProvider
event like:It would be interesting to add these two properties directly in
OpenIdConnectOptions
.The mapping should be easy (here https://github.com/dotnet/aspnetcore/blob/main/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs#L382) as these two properties already exist in the OpenIdConnectMessage (https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/src/Microsoft.IdentityModel.Protocols.OpenIdConnect/OpenIdConnectMessage.cs)
Proposed API
Usage Examples
Alternative Designs
We can maybe rely on the new
AdditionalAuthorizationParameters
proposed in #39243 to set these two parameters but should we reserve this property only for non standard OAuth/OpenID parameters?Risks
Nothing I can think of now.
cc @Tratcher @martincostello
The text was updated successfully, but these errors were encountered: