Which version of Microsoft Identity Web are you using?
1.3.0
Where is the issue?
It's not possible to disable this library from adding cookie authentication which is problematic if you already have it. This library seems to be trying to do 'everything' which I understand can mean simplicity for some users but it reduces the flexibility. The work around for now is to pass in a "Fake" cookie scheme that doesn't exist, else you will get exceptions if you pass in an existing one since it already exists.
It would be nice to split this method up with additional public methods for more flexibility. See here https://github.com/AzureAD/microsoft-identity-web/blob/c75ea22dd4cf99ff6fc30c805d3d0cffcbc76879/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs#L238 it's doing all sorts of stuff. Ideally there would just be a method to configure the OpenIdConnect options here https://github.com/AzureAD/microsoft-identity-web/blob/c75ea22dd4cf99ff6fc30c805d3d0cffcbc76879/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs#L254
Is this a new or an existing app?
c. This is a new app or an experiment.
Expected behavior
Be able to add/configure the openidconnect options without configuring a bunch of unwanted or already existing services.
Actual behavior
There is not an option to do this
I'm happy to create a PR for this
@Shazwazza
Thanks for the feedback. This is also to support samesite workarounds ... which are a bit of a pain to develop.
Yes, you could provide an experimental PR so that we understand your proposed design. We'd like to avoid breaking changes if possible, and also we want simples scenarios to remain simple, and complex ones to be possible.
Would that work for you?
On the other hand if you have very advanced needs, and know what you are doing, you might not even need to use AddMicrosoftIdentityWebApp. you could iinitialize OpenIdConnect yourself? (with builder.AddOpenIdConnect).
What is your scenario?
What part of Microsoft.Identity.Web do you want to leverage, and which don't you want?
@Shazwazza do you mind trying this branch, which does offers the possibility of not defining the cookie scheme, if you do something like this:
services.AddAuthentication().AddMicrosoftIdentityWebApp(Configuration, cookieScheme: null);
cc: @jmprieur
Hi thanks for the replies.
@jennyf19 that branch you mention would be fine to have the possibility of passing in null instead of something fake, and then people can use post configure options to tweak any OpenIdConnect options created 馃憤
@jmprieur initializing OpenIdConnect manually for Azure AD (and b2c) is something I'd like to avoid where possible since it's quite a lot of code to maintain. It's something I previously had to do before netcore which ended up being a bit of a 'moving target'. I guess what might be ideal is to have public method that registers these OpenIdConnect options/code here https://github.com/AzureAD/microsoft-identity-web/blob/jennyf/cookies/src/Microsoft.Identity.Web/WebAppExtensions/MicrosoftIdentityWebAppAuthenticationBuilderExtensions.cs#L258-L366 which could then be tweaked if necessary in a post configure options callback. Though being able to pass in null for the cookie scheme is almost the same thing
What part of Microsoft.Identity.Web do you want to leverage, and which don't you want?
We're building the netcore version of the Umbraco CMS and just like in the versions previous to netcore we have the ability for people to install and configure external login providers for the back office. All of the auth is pre-configured in Umbraco so the external logins are just extensions to the auth that is already there.
Thanks @Shazwazza
@jennyf19 that branch you mention would be fine to have the possibility of passing in null instead of something fake, and then people can use post configure options to tweak any OpenIdConnect options created 馃憤
passing null to which parameter, @Shazwazza ? In that branch you can pass null to the cookieScheme. For which other parameter would you like to pass-in null?
Sorry I should have been more clear, what @jennyf19 mentioned with this code in that branch:
services.AddAuthentication().AddMicrosoftIdentityWebApp(Configuration, cookieScheme: null);
Allowing passing null for cookieScheme is good and better than having to pass in a fake or unused cookie scheme.
thanks for the quick reply and confirmation @Shazwazza we'll have this fix out this week in 1.4.
Included in 1.4 Release.
Most helpful comment
Sorry I should have been more clear, what @jennyf19 mentioned with this code in that branch:
Allowing passing null for
cookieSchemeis good and better than having to pass in a fake or unused cookie scheme.