Retrieving ExternalProviderDefinitions #9224

granade created 13 days ago

I'm using the code below to set my Entra ID values. I'm using AbpExternalProviderOptions instead of WithDynamicOptions so I can set the Tenant ID in the web gui and then build the Authority URL. The values get set in the database but how do we retrieve the "EntraId" ExternalProviderDefinition so we can access those property values when setting the OpenIdConnection options when using ABP Pro?

` Configure(options => { options.Definitions.Add(new ExternalProviderDefinition { Name = "EntraId", Properties = new List { new ExternalProviderDefinitionProperty { PropertyName = "ClientId", IsSecret = false }, new ExternalProviderDefinitionProperty { PropertyName = "ClientSecret", IsSecret = true }, new ExternalProviderDefinitionProperty { PropertyName = "CallbackPath", IsSecret = false }, new ExternalProviderDefinitionProperty { PropertyName = "DisplayName", IsSecret = false }, new ExternalProviderDefinitionProperty { PropertyName = "Enabled", IsSecret = false },new ExternalProviderDefinitionProperty { PropertyName = "TenantId", IsSecret = false } } });

});`

maliming created 12 days ago

Support Team Fullstack Developer

. I'm using AbpExternalProviderOptions instead of WithDynamicOptions so I can set the Tenant ID in the web GUI

You should use the WithDynamicOptions, and you can set the Tenant ID in External provider page.

https://abp.io/docs/latest/modules/account-pro#install-a-new-external-login

Have you encountered any problems with WithDynamicOptions?

Thanks.

granade created 7 days ago

When I use WithDynamicOptions, I have issues that I don't have when using appsettings. I'll start with just ClientId. If I pull from appsettings, it works but if I remark out that line and use the Dynamic Option stored in the gui, I get the error "SecurityTokenInvalidAudienceException: IDX10208: Unable to validate audience. validationParameters.ValidAudience is null or whitespace and validationParameters.ValidAudiences is null." My end goal is to only set ClientId, ClientSecret, and TenantId in the dynamic External Provider properties. Then with TenantId, I'll build the Authority but could use help on how to do that.

            .AddOpenIdConnect("EntraId", "Microsoft Entra Id", options =>
            {
                options.Authority =  configuration["Authentication:EntraId:Instance"] + configuration["Authentication:EntraId:TenantId"] + "/v2.0/";
                //options.ClientId = configuration["Authentication:EntraId:ClientId"];
                options.ClientSecret = configuration["Authentication:EntraId:ClientSecret"];
                options.CallbackPath = configuration["Authentication:EntraId:CallbackPath"];
                
                options.ResponseType = OpenIdConnectResponseType.Code;
                options.SaveTokens = true;
                options.GetClaimsFromUserInfoEndpoint = true;
               
                options.Scope.Clear();
                options.Scope.Add("openid");
                options.Scope.Add("profile");
                options.Scope.Add("email");  
                
                options.ReturnUrlParameter = "returnUrl";                               
                
            })
            .WithDynamicOptions<OpenIdConnectOptions, OpenIdConnectHandler>("EntraId", options =>
            {
                options.WithProperty(o => o.ClientId);
                options.Properties.Add(new ExternalProviderDefinitionProperty
                {
                    PropertyName = "TenantId",
                    IsSecret = false
                });
            })

maliming created 7 days ago

Support Team Fullstack Developer

The OpenIdConnect will validate the OpenIdConnectOptions. So you must initially set a value(Authority, ClientId).

But you can add an IPostConfigureAccountExternalProviderOptions to change it dynamically.

using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.IdentityModel.Protocols;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using Volo.Abp.Account.Public.Web.ExternalProviders;
using Volo.Abp.DependencyInjection;

namespace AbpMicroservices.AuthServer;

public class MyOpenIdConnectOptionsPostConfigureAccountExternalProviderOptions : IPostConfigureAccountExternalProviderOptions<OpenIdConnectOptions>, ITransientDependency
{
    public Task PostConfigureAsync(string name, OpenIdConnectOptions options)
    {
        if (!string.IsNullOrEmpty(options.Authority))
        {
            options.MetadataAddress = options.Authority;
            if (!options.MetadataAddress.EndsWith('/'))
            {
                options.MetadataAddress += "/";
            }

            options.MetadataAddress += ".well-known/openid-configuration";
        }

        options.ConfigurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(options.MetadataAddress, new OpenIdConnectConfigurationRetriever(),
            new HttpDocumentRetriever(options.Backchannel) { RequireHttps = options.RequireHttpsMetadata })
        {
            RefreshInterval = options.RefreshInterval,
            AutomaticRefreshInterval = options.AutomaticRefreshInterval,
        };

        return Task.CompletedTask;
    }
}