1

When I go to authorize controller(implemented in Identity Server 4):

(*) abc.com/authorize?par1=val1&par2=val2

I am being redirected to:

(**) abc.com/login?ReturnUrl=abc.com/abc.com%2Fauthorize%3Fpar1%3Dval1%26par2%3Dval2"

One can notice that ReturnUrl equals the (*) but just being html encoded. I would like to add par2 value as a second parameter to the (**) url example:

abc.com/login?ReturnUrl=abc.com/abc.com%2Fauthorize%3Fpar1%3Dval1%26par2%3Dval2&par2=val2"

How to configure IdentityServer to achieve that?

Yoda
  • 17,363
  • 67
  • 204
  • 344

1 Answers1

1

IdentityServer is a certified OpenId Connect protocol implementation, and it handles your (*) request as a standard Authorization request, which has predefined structure.

The only two parameters with no limitation by the spec are the state which is used by clients and should be sent back with response as it is, and acr_values which is specially aimed for sending additional parameters to the server.

You can involve acr_values for your purposes the following way: &acr_values=par2:val2 and then in BuildLoginViewModelAsync(string returnUrl) method of the AccountController you can access them as context?.AcrValues. You can extend LoginViewModel to bring the value to the layout.

d_f
  • 4,599
  • 2
  • 23
  • 34
  • I need to add additional querystring parameter of certain name. Unfortunately I can't use acr_values. – Yoda Sep 10 '19 at 05:51
  • Identity server accepts [valid OAuth 2.0/OIDC parameters](https://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint) . – Nan Yu Sep 10 '19 at 05:58
  • @Yoda, you can't. That's a protocol, like http, tcp, etc... you have to follow... or implement something own without guarantee that the protocol will work as expected and that your implementation will work the same way each next day – d_f Sep 10 '19 at 07:13
  • Will the `acr_values` be put in the `redirectUrl` and encoded or parsed and attached as separate parameters for the `Login` controller like I wished in the original post? – Yoda Sep 10 '19 at 08:10
  • Login is just a method in AccountController, I pointed the place in that controller where acr_values could be accessed as a dictionary. When you create the request you can put into acr_values whatever you want as a space separated array of name:value pairs, then Identityserver will parse it for you. Parameters for the query between authorization endpoint and login screen are not specified by the protocol, we have to treat them as internal implementation and a subject to change at any time. – d_f Sep 10 '19 at 08:27
  • I try to access these values but context is always null in the `Index` action of `LoginController`: `var context = _interaction.GetAuthorizationContextAsync(returnUrl?.ToString()).Result;` – Yoda Sep 10 '19 at 13:06
  • Yes, but he used Query helpers instead to just cut from the url what he wanted, he wasn't able to access the context. If I paste `_interaction.GetAuthorizationContextAsync(returnUrl?.ToString())` I get proper result in the Immeadiate Window but in code it's null even when I access `Result` property. – Yoda Sep 10 '19 at 13:17
  • [here](https://github.com/IdentityServer/IdentityServer4/blob/53d3b7f5c4415a733d8392b3c3a85c3adf17646b/src/IdentityServer4/src/Services/Default/OidcReturnUrlParser.cs#L35) is the parser. it validates the url and returns null when [validation](https://github.com/IdentityServer/IdentityServer4/blob/5d42c55f1fcaaecdc427e216b2bbcf424c0f50fe/src/IdentityServer4/src/Validation/Default/AuthorizeRequestValidator.cs#L58) fails – d_f Sep 10 '19 at 14:07