abp icon indicating copy to clipboard operation
abp copied to clipboard
verified publisher icon abpframework

Authentication process with external provider (Entra ID)

Open nacho-gonzalez opened this issue 1 year ago • 2 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Is your feature request related to a problem? Please describe the problem.

Maybe this request is related somehow with issue #12217.

Scenario 1:

  1. You have an application using Azure AD or Entra ID authentication context.Services.AddAuthentication().AddOpenIdConnect(...)
  2. At first you only have the admin user.
  3. A new user want to access using Azure Entra ID authentication.
  4. The user is authenticated as expected and the application ask the user to fill the login and email before accessing the application.
  5. Once the user fills the username and email he/she can access the application

Scenario 2:

  1. You have an application using Azure AD or Entra ID authentication context.Services.AddAuthentication().AddOpenIdConnect(...)
  2. At first you only have the admin user, sign in with admin and creates a new user with the required data: username, password and email ([email protected]) without any block.
  3. Now the user [email protected] want to access the application with Azure Entra ID.
  4. The user is authenticated as expected and the application ask the user to fill the login and email before accessing the application.
  5. The user fills the data using the email [email protected]
  6. The application raise an alert saying that the user already exists
  7. The user cannot sign in into the application unless he/she uses a different username and email address (which is not related to his/her company).

Describe the solution you'd like

I would like the login/registration process to be more simple for the end user.

In the scenario 1, steps 4 and 5 could be skipped if the application uses the external provider info to create the login (I guess this is what is happening in those steps) and let the user access to the application directly.

In the scenario 2, steps from 6 to 9 could be skipped as well. If the application knows that the login already exists, it could add the new authentication method for this user and let the user access to the application directly.

Additional context

Screen after success authentication with an external provider: image

Screen after after success authentication with an external provider when the email already exist in the application: image

nacho-gonzalez avatar Nov 22 '24 12:11 nacho-gonzalez

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Apr 26 '25 03:04 stale[bot]

Not stale

MichelZ avatar Apr 26 '25 06:04 MichelZ

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Jun 26 '25 23:06 stale[bot]

Not stale

nacho-gonzalez avatar Jun 27 '25 05:06 nacho-gonzalez