Open Closed

External Providers DynamicOptions not working with "Authority" Property #9174

User avatar
0
JimmyLiew created

Hi, Currently I'm trying to integrate Microsoft Entra Id to my project. I have configured Authority as DynamicOptions property to support the multi-tenant Authority endpoint of Microsoft Entra. Noticed that, this Authority property not working even i have assigned the value of Authority in frontend. Noticed that, Authority value defined in the frontend isn't being applied which results in an empty authorization endpoint when redirecting to Microsoft Entra. Could you advise how to configure the Authority property dynamically to support Microsoft Entra's multi-tenant endpoint?

Thanks.

Go to accepted answer
8 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You have to assign it a valid value initially, and it will change at runtime based on your current tenant.

  • User Avatar
    0
    JimmyLiew created

    Hi, I have assigned a valid Authority value initially. After that, I login to tenant and purposely modify the Authority endpoint to become invalid login1.microsoftonline.com, but the change doesn't seem to take effect. Could you advice?

    Remarks: I have performed clear cache as well.

    Thanks.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can you share a test project that inlcude your ms external login info?

    liming.ma@volosoft.com

    Thanks.

  • User Avatar
    0
    JimmyLiew created

    Hi,

    Sent via email.

    Thanks

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Thanks. I will check it.

    1
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Add to your AuthServer project.

    using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.IdentityModel.Protocols;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using Volo.Abp.Account.Public.Web.ExternalProviders;
using Volo.Abp.DependencyInjection;

namespace AbpMicroservices.AuthServer;

public class MyOpenIdConnectOptionsPostConfigureAccountExternalProviderOptions : IPostConfigureAccountExternalProviderOptions<OpenIdConnectOptions>, ITransientDependency
{
    public Task PostConfigureAsync(string name, OpenIdConnectOptions options)
    {
        if (!string.IsNullOrEmpty(options.Authority))
        {
            options.MetadataAddress = options.Authority;
            if (!options.MetadataAddress.EndsWith('/'))
            {
                options.MetadataAddress += "/";
            }

            options.MetadataAddress += ".well-known/openid-configuration";
        }

        options.ConfigurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(options.MetadataAddress, new OpenIdConnectConfigurationRetriever(),
            new HttpDocumentRetriever(options.Backchannel) { RequireHttps = options.RequireHttpsMetadata })
        {
            RefreshInterval = options.RefreshInterval,
            AutomaticRefreshInterval = options.AutomaticRefreshInterval,
        };

        return Task.CompletedTask;
    }
}
  • User Avatar
    0
    JimmyLiew created

    Hi,

    Is it necessary to initialize a valid Authority value at first place? Can we leave Authority empty and have it resolved at runtime, similar to how ClientId and ClientSecret are handled? I have tried to leave Authority empty, but it seem not working.

    Thanks.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    The OpenIdConnect will validate the OpenIdConnectOptions. So you have to set a value initially.

    1
Assignee
User avatar maliming
Question details
Labels
None yet
Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v10.1.0-preview. Updated on October 30, 2025, 06:33