15

We have our own OpenID Connect Provider. We want to pass custom query parameter in Authentication request using Owin middleware. And we cannot find the way how to implement this using Microsoft.Owin.Security.OpenIdConnect assembly. Even We cannot find how to add a standard request parameter to Authentication Request (e.g. "login_hint parameter").

For example Google has "login_hint" and "hd" parameters (https://developers.google.com/accounts/docs/OAuth2Login#sendauthrequest), and we want to have almost the same parameters. But we even cannot find how to send these parameters to Google using Owin. Tried this code:

var googleOptions = new GoogleOAuth2AuthenticationOptions()
{
    ClientId = "...",
    ClientSecret = "...",
};
app.UseGoogleAuthentication(googleOptions);

...

public ActionResult ExternalLogin(string provider)
{
    var ctx = Request.GetOwinContext();
    var properties = new AuthenticationProperties();
    properties.Dictionary.Add("login_hint ", "myemail@gmail.com");
    properties.Dictionary.Add("hd", "hd");
    ctx.Authentication.Challenge(properties, provider);
    return new HttpUnauthorizedResult();
}

But Authentication request url will be generated without "login_hint" and "hd" parameters.

Will be very grateful for any help to resolve this problem.

Aliaksei
  • 191
  • 1
  • 5
  • 2
    See https://katanaproject.codeplex.com/workitem/325 – Tratcher Jul 30 '14 at 20:45
  • Is there a reason that there is a space at the end of your key for login_hint has a space at the end? I can't seem to get it to add at `ctx.Authentication.Challenge` without the space, but the space is never parsed out and it creates a redirect with a space in it, which I do not believe is working. – LavaHot Sep 20 '15 at 02:17

2 Answers2

13

You're almost there! What's left is overriding built-in GoogleOAuth2AuthenticationProvider and here is the example how to do it:

class CustomGoogleAuthProvider : GoogleOAuth2AuthenticationProvider
{
    public CustomGoogleAuthProvider()
    {
        OnApplyRedirect = (GoogleOAuth2ApplyRedirectContext context) =>
        {
            IDictionary<string, string> props = context.OwinContext.Authentication.AuthenticationResponseChallenge.Properties.Dictionary;

            string newRedirectUri = context.RedirectUri;

            string[] paramertsToPassThrough = new[] { "login_hint", "hd", "anything" };

            foreach (var param in paramertsToPassThrough)
            {
                if (props.ContainsKey(param))
                {
                    newRedirectUri += string.Format("&{0}={1}", param, HttpUtility.UrlEncode(props[param]));
                }
            }

            context.Response.Redirect(newRedirectUri);
        };
    }
}

OWIN middleware registration:

app.UseGoogleAuthentication(new Microsoft.Owin.Security.Google.GoogleOAuth2AuthenticationOptions()
{
    // other config ...
    Provider = new CustomGoogleAuthProvider(),
});

The result (by the way with current version (3.0.1) of Google OAuth middleware login_hint flows from Authentication parameters out-of-the-box):

result

Eugene D. Gubenkov
  • 5,127
  • 6
  • 39
  • 71
0

So, having struggled with a similar type of issue, brockallen sent me some code that gives me what I need using identity server 3....

class CustomGoogleAuthProvider : GoogleOAuth2AuthenticationProvider
{
    public CustomGoogleAuthProvider()
    {
        OnApplyRedirect = (GoogleOAuth2ApplyRedirectContext context) =>
        {
            var signinId = context.OwinContext.Request.Query["signin"];
            var msg = context.OwinContext.Environment.GetSignInMessage(signinId);
            var hint = msg.LoginHint;

            var newRedirectUri = context.RedirectUri;
            newRedirectUri += string.Format("&login_hint={0}", HttpUtility.UrlEncode(hint));

            context.Response.Redirect(newRedirectUri);
        };
    }
}
Draken
  • 3,134
  • 13
  • 34
  • 54
Craig Broadman
  • 185
  • 3
  • 8