Add RedirectUri to MicrosoftIdentityOptions #144
Conversation
| @@ -371,7 +364,7 @@ private async Task<IConfidentialClientApplication> BuildConfidentialClientApplic | |||
| authority = $"{ _applicationOptions.Instance}tfp/{_microsoftIdentityOptions.Domain}/{_microsoftIdentityOptions.DefaultUserFlow}"; | |||
| app = ConfidentialClientApplicationBuilder | |||
| .CreateWithApplicationOptions(_applicationOptions) | |||
| .WithRedirectUri(currentUri) | |||
There was a problem hiding this comment.
nit: You can combine the 2 builders to avoid repeated code. #Resolved
There was a problem hiding this comment.
| @@ -570,11 +563,34 @@ private IAccount GetAccountByUserFlow(IEnumerable<IAccount> accounts, string use | |||
| foreach (var account in accounts) | |||
| { | |||
| string accountIdentifier = account.HomeAccountId.ObjectId.Split('.')[0]; | |||
| if (accountIdentifier.EndsWith(userFlow.ToLower())) | |||
| if (accountIdentifier.EndsWith(userFlow.ToLower(CultureInfo.CurrentCulture), StringComparison.InvariantCulture)) | |||
There was a problem hiding this comment.
Please use InvariantCulture in ToLower(). #Resolved
There was a problem hiding this comment.
| { | ||
| return _microsoftIdentityOptions.RedirectUri; | ||
| } | ||
| else |
There was a problem hiding this comment.
else is not needed because you return at line 579 #Resolved
| } | ||
| else | ||
| { | ||
| _logger.LogInformation("MicrosoftIdentityOptions RedirectUri value must have a Uri Scheme " + |
There was a problem hiding this comment.
Wouldn't you want to throw an exception here? #Resolved
There was a problem hiding this comment.
no because we can still figure out the redirect URI based on the httpContext. But logging the information. I guess this is more of question for JM>
In reply to: 420320742 [](ancestors = 420320742)
|
|
||
| var request = CurrentHttpContext.Request; | ||
| return UriHelper.BuildAbsolute( | ||
| request.Scheme, |
There was a problem hiding this comment.
I don't really understand the value here, but I think you've discussed this and you're ok with it. #Resolved
There was a problem hiding this comment.
Imagine that you run locally on http;//localhost:1234
then you deploy to azure (bg.azurewebapps.net)
if you don't use redirectUri, you don't need to change your config file.
Now if you add a reverse proxy that tweaks your URI, you might want to specify it (there are cases where that's needed. See [Bug] Redirect URI is set to http instead of https when deploying to Azure App Service for Docker container (Linux) #115 #Resolved
There was a problem hiding this comment.
| [InlineData("http://cats.b2clogin.com/signout-callback-oidc", true)] | ||
| public void ValidateRedirectUriFromMicrosoftIdentityOptions( | ||
| string redirectUri, | ||
| bool isTrue) |
There was a problem hiding this comment.
I think you can come up with a better name here :) #Resolved
There was a problem hiding this comment.
expectConfiguredUri? #Resolved
There was a problem hiding this comment.
lol...yes true...this was a quick thing for the test.
In reply to: 420322679 [](ancestors = 420322679)
| string redirectUri, | ||
| bool isTrue) | ||
| { | ||
| string httpContextRedirectUri = "https://IdentityDotNetSDKAutomation/"; |
There was a problem hiding this comment.
How does this value make into _tokenAcquisition ? #Resolved
There was a problem hiding this comment.
through the MicrosoftIdentityOptions, which are injected by DI in the TokenAcquisition constructor #Resolved
|
thanks for the suggestions. i took them all much appreciated (and thanks for responding to Bogdan's questions as well.) In reply to: 406100408 [](ancestors = 406100408) |
| /// In a Web app, gets or sets the RedirectUri (URI where the token will be sent back by | ||
| /// Azure Active Directory or Azure Active Directory B2C) | ||
| /// This property is exclusive with <see cref="CallbackPath"/> which should be used preferably if you don't want | ||
| /// to have a different deployed configuration from your developper configuration. |
| /// This property is exclusive with <see cref="CallbackPath"/> which should be used preferably if you don't want | ||
| /// to have a different deployed configuration from your developper configuration. | ||
| /// There are cases where RedirectUri is needed, for instance when you use a reverse proxy that transforms https | ||
| /// URLs (external world) to http URLs (inside the protected area). This can also be useful for Web apps running |
| /// Azure Active Directory or Azure Active Directory B2C) | ||
| /// This property is exclusive with <see cref="CallbackPath"/> which should be used preferably if you don't want | ||
| /// to have a different deployed configuration from your developper configuration. | ||
| /// There are cases where RedirectUri is needed, for instance when you use a reverse proxy that transforms https |
| { | ||
| return _microsoftIdentityOptions.RedirectUri; | ||
| } | ||
| _logger.LogInformation("MicrosoftIdentityOptions RedirectUri value must have a Uri Scheme " + |
fix for #115