Aspnetcore: Microsoft.AspNetCore.Authentication.AzureAD.UI throws OptionsValidationException: The 'Instance' option must be provided, if there is another OpenId Connect Authentication

Created on 25 Mar 2020  路  3Comments  路  Source: dotnet/aspnetcore

Describe the bug

Adding Azure AD Authentication fails if there is are more than one openid connect schemes registered.

This is the same bug as fixed in #13480 just in a different configuration type, this was fixed for the other types by @Tratcher but unfortunately the same lines exist in:
https://github.com/dotnet/aspnetcore/blob/76add623c9d64c26e5cb847004903bc658a4f7df/src/Azure/AzureAD/Authentication.AzureAD.UI/src/AzureADOpenIdConnectOptionsConfiguration.cs#L23-L24

In the other files the following was changed in #13480
https://github.com/dotnet/aspnetcore/blob/76add623c9d64c26e5cb847004903bc658a4f7df/src/Azure/AzureAD/Authentication.AzureAD.UI/src/AzureADCookieOptionsConfiguration.cs#L23-L29

https://github.com/dotnet/aspnetcore/blob/76add623c9d64c26e5cb847004903bc658a4f7df/src/Azure/AzureAD/Authentication.AzureAD.UI/src/AzureADJwtBearerOptionsConfiguration.cs#L26-L32

To Reproduce

The source code example was taken from https://github.com/dotnet/aspnetcore/pull/13327#issuecomment-574246887 where the same problem was noticed, but apparently no bug was filed.

services.AddAuthentication()
.AddOpenIdConnect("okta", "Okta", options => Configuration.Bind("Okta", options));
.AddAzureAD(options =>
{
options.Instance = "https://login.microsoftonline.com/";
options.Domain = "tenant.com";
options.TenantId = "xxxx";
options.ClientId = "xxxx";
options.CallbackPath = "/signin-oidc";
});
area-security bug
Source
picture Tornhoof
👍1

Most helpful comment

@ArturDorochowicz In our codebase we worked around this bug by doing the following:

```csharp
// Configure Azure AD as usual
services.AddAuthentication(AzureADDefaults.AuthenticationScheme).AddAzureAD(options =>
{
Configuration.Bind("AzureAd", options));
}

// Temporary workaround for https://github.com/dotnet/aspnetcore/issues/20136
services.Configure(Options.DefaultName, options =>
{
options.Instance = "https://login.microsoftonline.com/";
});

picture castholm on 16 Jun 2020
👍2

All 3 comments

Are there any workarounds known for this bug?

ArturDorochowicz picture ArturDorochowicz on 15 Jun 2020

@ArturDorochowicz In our codebase we worked around this bug by doing the following:

```csharp
// Configure Azure AD as usual
services.AddAuthentication(AzureADDefaults.AuthenticationScheme).AddAzureAD(options =>
{
Configuration.Bind("AzureAd", options));
}

// Temporary workaround for https://github.com/dotnet/aspnetcore/issues/20136
services.Configure(Options.DefaultName, options =>
{
options.Instance = "https://login.microsoftonline.com/";
});

castholm picture castholm on 16 Jun 2020
👍2

Jun to retarget to 3.1

blowdart picture blowdart on 18 Jun 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

markrendle picture markrendle  路  3Comments
farhadibehnam picture farhadibehnam  路  3Comments
fayezmm picture fayezmm  路  3Comments
TanvirArjel picture TanvirArjel  路  3Comments
ermithun picture ermithun  路  3Comments