New to Okta and trying to integrate it into .net 7.
The application use case is to have a user authenticate. During their normal application flow, they are asked to re-authenticate (enter username/password). I do NOT want to invalidate or overwrite the previous user credentials or user session. I only need to have a “pass/fail” for this re-authentication as well as their full name so that I can timestamp & post user name who did the re-authenticate.
I’ve tried modifying my program.cs to have two providers; however, I’ve been unsuccessful in my attempts.
builder.Services.AddAuthentication(options =>
{
//options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
//options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
//options.DefaultChallengeScheme = "OpenIdConnect";
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; // Use cookie as the primary authentication scheme
options.ClientId = builder.Configuration.GetValue<string>("Okta:ClientId");
options.ClientSecret = builder.Configuration.GetValue<string>("Okta:ClientSecret");
options.Authority = $"{builder.Configuration.GetValue<string>("Okta:OktaDomain")}/oauth2/default";
options.CallbackPath = "/authorization-code/callback";
options.ResponseType = "code";
options.SaveTokens = true;
options.UseTokenLifetime = false;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role"
};
options.Events = new OpenIdConnectEvents()
{
OnUserInformationReceived = context =>
{
return UserRoleService.AddUserRoles(context);
}
};
});
builder.Services.AddAuthentication("SecondaryAuthentication")
.AddOpenIdConnect("SecondaryAuthentication", options =>
{
options.ClientId = builder.Configuration.GetValue<string>("Okta:ClientId");
options.ClientSecret = builder.Configuration.GetValue<string>("Okta:ClientSecret");
options.Authority = $"{builder.Configuration.GetValue<string>("Okta:OktaDomain")}/oauth2/default";
options.CallbackPath = "/authorization-code-2/callback";
options.ResponseType = "code";
options.SaveTokens = true;
options.UseTokenLifetime = false;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role"
};
});
Do I even need two authentication methods? Is there a way to force the user to re-enter their credentials and get a “pass/fail” without invalidating their current user session?