AspNetCoreID4External
AspNetCoreID4External copied to clipboard
TwoFactorSignIn overwriting IdP for ExternalProviders
At the moment, if an external user is flagged as requiring 2FA, the controller redirects the user to SendCode/VerifyCode flow, which ends with the following line of code
https://github.com/damienbod/AspNetCoreID4External/blob/3fa199ad4c1b8cb5379cea27c9b3af0d638bedbb/src/IdentityServerWithAspNetIdentity/Controllers/AccountController.cs#L617
This overwrites the IdP claim against the ClaimsPrincipal with "Local", which prevents upstream logout here https://github.com/damienbod/AspNetCoreID4External/blob/3fa199ad4c1b8cb5379cea27c9b3af0d638bedbb/src/IdentityServerWithAspNetIdentity/Controllers/AccountController.cs#L198
The workaround I have without having to rewrite TwoFactorSignInAsync is this, I am wondering if there is a more elegant solution?
var result = await _signInManager.TwoFactorSignInAsync(model.Provider, model.Code, model.RememberMe, model.RememberBrowser).ConfigureAwait(false);
//This is a workaround to override the Idp if it's an external provider if (result.Succeeded) { var info = await _signInManager.GetExternalLoginInfoAsync().ConfigureAwait(false); if (info != null) return await _signInManager.ExternalLoginSignInAsync(info.LoginProvider, info.ProviderKey, model.RememberMe, true).ConfigureAwait(false); return result; }
@zyofeng I think this could be improved by using different schemes. I would need to look more into detail to understand this better.
Greetings Damien