Skip IdentityServer3 login screen
We have configured Client App to use IdentityServer3 authentication via OpenID Connect protocol (it's ASP.NET MVC App that uses OWIN middleware to support OIDC).
The IdentityServer3 itself is configured to use both local login and external login (Azure AD, for instance).
In the regular flow once App need to authenticate user it redirects him to the IdentityServer3 login screen - it's fine. But in some cases, on per-request basis, I want to bypass login screen by somehow letting IdentityServer3 know that user want to login with specific external identity provider right away.
Is that possible to do?
Just found the solution in the IdentityServer3's Authorization/Authentication Endpoint documentation!
acr_values (optional) allows to pass additional authentication related information to the user service - there are also values with special meaning: idp:name_of_idp bypasses the login/home realm screen and forwards the user directly to the selected identity provider (if allowed per client configuration) tenant:name_of_tenant can be used to pass a tenant name to the user service
How to pass additional parameters using OWIN OpenID Connect middleware: https://katanaproject.codeplex.com/workitem/325
Here is the sample of the authorization request:
- Keycloak authorization_code invalid format
- Exchanging a google idToken for local openId token c#
- OAuth 2 access_token vs OpenId Connect id_token
- Getting TypeError: client_secret_basic client authentication method requires a client_secret
- ASPNET CORE InvalidOperationException: Cannot redirect to the authorization endpoint, the configuration may be missing or invalid
- Obtain id_token with Keycloak
- Endless troubles with next-auth v4 and FacebookProvider
- oidc-provider and oidc-client-ts: How to create SSO between multiple app when httpOnly cookies are needed
- How to make two web sites appear as one - What features are important?
- Keycloak: After logout, the access token can still be used
- Beta: WebSphere Liberty and tools (September 2016)
- Using OAuth 2.0 Playground for Testing Authorization Code Flow in a Web Server Application
- What is the purpose of redirect_uri parameter when exchanging code for access token
- Golang GAE - Federated Login examples
- Codeigniter OpenID ERR_SSL_PROTOCOL_ERROR
- No email for id token for B2C built in flow
- ASP.NET Core 8 using open id failed to authenticate the Cookie scheme
- OpenID Connect Unable to verify JWT claims
- Why am I getting an error (Invalid Scopes: openid) when trying to login to Facebook?
- Steam API Authentication
- OpenIdDict Velusia Example: What triggers UserInfo to be hit?
- Azure AD B2C login - "contains script errors preventing it from being loaded"
- OpenIddict ClockSkew Configuration Not Working in Blazor Application(WASM)
- How to config OpenID in angular-oauth2-oidc so that some address doesn't need to authenticate
- Why is a iFrame used for Silent Authentication?
- Adding custom claim to ID token OpenID
- Keycloak OpenID Connect redirect_uri behaves inconsistently
- "No converter found capable of converting from type String to OAuth2ClientProperties$Provider" - Spring Boot Oauth 2.0
- C#/.NET6: Build Policies for an API Controller from Scopes in an Access Token (OAuth/OpenID)
- .NET 6 | C# | Blazor Server websocket connection failed after openid auth