Skip to content
This repository has been archived by the owner on Sep 18, 2021. It is now read-only.

idp not set in IUserService.IsActiveAsync on validating subject in refresh #834

Closed
mbubnich opened this issue Jan 28, 2015 · 2 comments
Closed

Comments

@mbubnich
Copy link

Is there a reason that the identity provider claim (idp) is not set when a refresh token is used to get a new access token in the call to IUserService.IsActiveAsync?

I have an implementation of an IUserService that depending on a configuration value in the client will authenticate the user in different ways against different sets of users (i.e. a custom identity provider based on the client).

To achieve this when the authentication request arrives based on the client id I load the client from the IClientStore. I have extended the client with an IdentityProvider property, using this property I then load an appropriate IIdentityProvider (this interface is basically a copy of the IUserService) and delegate the call to the loaded IIdentityProvider. This identity provider sets the IdentityProvider in the returned AuthenticateResult resulting in the idp claim being set in the ClaimsPrincipal. This idp claim is then used to load the appropriate provider in subsequent call's to GetProfileDataAsync and IsActiveAsync. However when a refresh token is used the call to IsActiveAsync only has the subject id claim, as the subject id can be repeated in different identity providers and provides no indication as to what provider it relates to the call cannot be delegated to an IIdentityProvider.

To work around this I have prepended onto the subject id the provider followed by a '-' that I can then use to workout the appropriate provider. This feels a bit like a hack and I am wondering if I am doing something fundamentally wrong or if there is something I am missing?

@leastprivilege
Copy link
Member

Thanks! Working on it.

@leastprivilege
Copy link
Member

pushed to nuget v1.0.1

@leastprivilege leastprivilege removed this from the 1.1 milestone Feb 1, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

2 participants