Hans Karlsen (talk | contribs) No edit summary |
Hans Karlsen (talk | contribs) No edit summary |
||
Line 15: | Line 15: | ||
It is this code you use to get the AccessToken. | It is this code you use to get the AccessToken. | ||
[[File:2020-09-13 11h46 55.png|none|thumb|914x914px]] | [[File:2020-09-13 11h46 55.png|none|thumb|914x914px]]This is what we write to the turnkey-log regarding the OpenIdConnect flow:<pre> | ||
<pre> | |||
Notifications = new OpenIdConnectAuthenticationNotifications | Notifications = new OpenIdConnectAuthenticationNotifications |
Revision as of 09:53, 14 September 2020
OpenId is the protocol to negotiate authentication and get back an access token that your app can verify that it comes from your openId authority so that you may trust the information in the ticket - like the user-email maybe - or some claim that the user is admin or the like.
OpenIdConnect is a standard built on top of OpenId that makes setup much easier.
Even if every OpenId Authority has their own naming on endpoints etc - they can explain what their own way is in the OpenIdConnect contract
https://<OpenIdAuthority>/.well-known/openid-configuration
Debugging
If you have setup issues and need to debug where the issue lies this is a great way:
https://docs.microsoft.com/en-us/azure/databricks/dev-tools/api/latest/aad/app-aad-token
You can use the browser to mimic the calls that will be done. The first call to the OpenIdConnect authority is to get a "one time" code. The Authority will respond with a redirect to the callback url WITH AN APPENDED code.
It is this code you use to get the AccessToken.
This is what we write to the turnkey-log regarding the OpenIdConnect flow:
Notifications = new OpenIdConnectAuthenticationNotifications { AuthenticationFailed = context => { Common.CentralLogging("OpenId AuthenticationFailed " + context.Exception.Message); ... }, AuthorizationCodeReceived = context => { Common.CentralLogging("OpenId AuthorizationCodeReceived0 "); Common.CentralLogging("OpenId AuthorizationCodeReceived1 " + context.Code); Common.CentralLogging("OpenId AuthorizationCodeReceived2 " + context.Code + " " + context.AuthenticationTicket.Identity.GetUserName()); ... }, SecurityTokenValidated = context => { Common.CentralLogging("OpenId SecurityTokenValidated " + context.Options.Description); ... }, RedirectToIdentityProvider = context => { Common.CentralLogging("OpenId RedirectToIdentityProvider1 " + context.Options.RedirectUri); Common.CentralLogging("OpenId RedirectToIdentityProvider2 " + context.Options.ResponseType); ... }, SecurityTokenReceived = context => { Common.CentralLogging("OpenId SecurityTokenReceived "); ... }, MessageReceived = context => { Common.CentralLogging("OpenId MessageReceived "); ... } } };