Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

It's not possible to set extra query parameters on auth code redemption #2193

Closed
jmprieur opened this issue Apr 11, 2023 · 1 comment
Closed

It's not possible to set extra query parameters on auth code redemption #2193

jmprieur opened this issue Apr 11, 2023 · 1 comment
Assignees
@jmprieur @jennyf19
Labels
CIAM feature request fixed
Milestone
2.8.0

Comments

@jmprieur
Copy link
Collaborator

Microsoft.Identity.Web Library

Microsoft.Identity.Web

Microsoft.Identity.Web version

2.x

Web app

Sign-in users

Web API

Not Applicable

Token cache serialization

Not Applicable

Description

Why?

Sometimes, all calls to the IdP need to have extra query parameters (for instance a test slice):

  1. Getting the OIDC metadata document (for web apps)
  2. Going to the authorize endpoint (this is done by ASP.NET Core OIDC middleware)
  3. Redeeming the code (done by MSAL going to the token endpoint. but no TokenAcquirerOptions possibliity)
  4. Calling downstream APIs: MSAL going to the token endpoint, using TokenAcquirerOptions.

It's possible to pass-in extra query parameters for 1. and 2.

services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme,
  options =>
  {
      var previous = options.Events.OnRedirectToIdentityProvider;
      options.Events.OnRedirectToIdentityProvider = async context =>
      {
          // In the case you want to change the tenant ID based on the MyApp query parameter:
          context.ProtocolMessage.Parameters.Add("dc", "test-slice-name");
          await previous(context);
      };
  });

It's not possible for 3.

It's possible for 4, by setting extra query parameters in TokenAcquirerOptions

Reproduction steps

See above

Error message

No response

Id Web logs

No response

Relevant code snippets

See above

Regression

No response

Expected behavior

Have the possibility of setting the ExtraQueryParameters in the MicrosoftIdentityApplicationOptions, and apply them automatically to:

  1. Getting the OIDC metadata document (for web apps)
  2. Going to the authorize endpoint (this is done by ASP.NET Core OIDC middleware)
  3. Redeeming the code (done by MSAL going to the token endpoint. but no TokenAcquirerOptions possibliity)

Then, for calling a downstream APIs override (if needed) these application options with the TokenAcquirerOptions.ExtraQueryParameters that would have the same key
@jmprieur jmprieur added the bug Something isn't working label Apr 11, 2023
@jennyf19 jennyf19 added feature request CIAM and removed bug Something isn't working labels Apr 11, 2023
@bgavrilMS
Copy link
Member

In my testing, the code below did not add the param on (1)

services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme,
  options =>
  {
      var previous = options.Events.OnRedirectToIdentityProvider;
      options.Events.OnRedirectToIdentityProvider = async context =>
      {
          // In the case you want to change the tenant ID based on the MyApp query parameter:
          context.ProtocolMessage.Parameters.Add("dc", "test-slice-name");
          await previous(context);
      };
  });

@jennyf19 jennyf19 mentioned this issue Apr 12, 2023
Merged
@jennyf19 jennyf19 added this to the 2.8.0 milestone Apr 12, 2023
@jmprieur jmprieur added the fixed label Apr 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jmprieur jmprieur

@jennyf19 jennyf19

Labels
CIAM feature request fixed
Projects
None yet
Milestone
2.8.0
Development

No branches or pull requests
4 participants
@bgavrilMS @jmprieur @jennyf19 @westin-m