Identityserver4: Question/Feature Request for select_account
Hey ,
I've been trying to implement a way for the you change the returned token based on acr_values without having to re-login.
I need this because I need to give context to the roles of the identity. This isn't a full tenancy but a role based on a grouping within a single-tenancy.
The solution I came up with is to use a groupId in acr_values and the prompt=select_account, if those two values are supplied, I'd check to see if the user is already authenticated and reissue the principle with the new groupId. (If they are apart of that group of course). Group modification is rare.
The issue is that Idsvr strips the prompt from the url. This makes sense for login. So you don't have the issue of redirecting back all the time, but because idsvr redirect select_account and login back to the same page we have no distinction of whether the user is trying to force a login, or just change the select_account.
I realise adding the prompt back would cause issues, but perhaps having the select_account route to a different url would be an idea, that or pass extra perms to the login page so we can figure out if it's a forced login, select_account or both?
I also tried using the GetProfileDataAsync as a way to modify the claims being returned but idsvr does not supply the acr_values to it, and only supplies the information from the cookie/principle. Ideally I would want it there, as I can compare the principle with the acr_values at the authorize endpoint. But I've noticed there has been some unwilling to change the GetProfileDataAsync interface in issues relating to it.
If there is anything I do with a PR or what not, I would be more then willing to help.
For now I'm going to have to put extra information in the acr_values, which seems like a bit of a hack. And re-implementing the interfaces would be less then ideal because I want to leverage as much of upstream as I can.
jahead
All 10 comments
Thanks. We will discuss this - but we are both very busy right now.
leastprivilege
on 9 Nov 2017
@leastprivilege awesome,. I solved it for now by using two acr_values and using a select_account prompt.
Let me know if you need any help.
jahead
on 16 Nov 2017
We don't have plans for this anytime soon. If your company wants to sponsor the feature, then please contact us directly.
brockallen
on 22 Dec 2017
I don't think our small company will be able to sponsor this. But I'd like to give some of my time in helping this project, as I see it as an important package for the greater open source .net community.
So if not this issue, is there anywhere else you would like work done?
Specially those issues can help this issue along.
jahead
on 4 Jan 2018
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] picture](https://avatars3.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 10 Jan 2020
Just bumping this, and seeing if it has been resolved yet?
Get Outlook for Androidhttps://aka.ms/ghei36
From: stale[bot] notifications@github.com
Sent: Friday, January 10, 2020 10:04:53 PM
To: IdentityServer/IdentityServer4 IdentityServer4@noreply.github.com
Cc: jahead joshua.head@outlook.com; Author author@noreply.github.com
Subject: Re: [IdentityServer/IdentityServer4] Question/Feature Request for select_account (#1721)
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHubhttps://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FIdentityServer%2FIdentityServer4%2Fissues%2F1721%3Femail_source%3Dnotifications%26email_token%3DABGV5ACULVODEWIFAXGX353Q5BI5LA5CNFSM4EC5FHNKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEITSQAQ%23issuecomment-572991490&data=02%7C01%7C%7C673c251ea79545503cfb08d795bcec5b%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637142510960113357&sdata=DgAIq6IRUW0ACkPhn%2FQsnhuvPhC2bNCYV1rI3LSpQKo%3D&reserved=0, or unsubscribehttps://eur05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FABGV5AFSAQP3NYCIPNSQYK3Q5BI5LANCNFSM4EC5FHNA&data=02%7C01%7C%7C673c251ea79545503cfb08d795bcec5b%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637142510960123363&sdata=4%2B7XlRJk%2FnageDGQjsCH12N64qixCsfCrnqqaUuZT%2FI%3D&reserved=0.
jahead
on 10 Jan 2020
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
Questions are community supported only and the authors/maintainers may or may not have time to reply. If you or your company would like commercial support, please see here for more information.
stale[bot]
on 24 Jan 2020
@leastprivilege I know you have limited resources, just confirming that this won't be done anytime soon?
jahead
on 30 Jan 2020
I added it to backlog. We don't have the time to do that anytime soon.
leastprivilege
on 31 Jan 2020
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
![github-actions[bot] picture](https://avatars2.githubusercontent.com/in/15368?v=4&s=40)
github-actions[bot]
on 25 Dec 2020
Related issues
leksim
·
3Comments
osudude
·
3Comments
krgm03
·
3Comments
user1336
·
3Comments
Aravind1729
·
3Comments
Most helpful comment
I don't think our small company will be able to sponsor this. But I'd like to give some of my time in helping this project, as I see it as an important package for the greater open source .net community.
So if not this issue, is there anywhere else you would like work done?
Specially those issues can help this issue along.