External Member providers don't AutoLink, options never get hit

RM82

09/09/2024, 12:04 PM

I have raised this here https://github.com/umbraco/Umbraco-CMS/issues/17027 but wondering if anyone has run into this issue where you can setup an external membership login provder but the AutoLinking event never gets fired, in fact the IConfigureNamedOptions Configure method is never touched, at all, so it seems that MemberExternalLoginProviderOptions is never actually being registered. We have an equivalent with the BackOfficeExternalLoginProviderOptions and that works fine, and you can see it registering the custom methods. This is real blocking issue for a project we are on, but its not obvious what is failing. We also tried to copy the documented version as is, and that has the same issue. Any insight or round about way of getting around it owuld be really appreciated.

rickbutterfield

09/09/2024, 12:08 PM

@RM82 are you able to share your code with anything important/secrets redacted?

RM82

09/09/2024, 12:23 PM

Hi Rick, the code on the github post is basically what we have (its the same as the docs). We have also tried OIDC but its still the same, the IConfigureNamedOptions doesn't fire

rickbutterfield

09/09/2024, 12:25 PM

There looks to be duplicated code (even in the docs) which could be causing issues

Copy code

diff
public static class MemberAuthenticationExtensions
{
    public static IUmbracoBuilder ConfigureAuthenticationMembers(this IUmbracoBuilder builder)
    {
-        builder.Services.ConfigureOptions<EntraIDB2CMembersExternalLoginProviderOptions>();
-        builder.AddMemberExternalLogins(logins =>
-        {
            builder.Services.ConfigureOptions<EntraIDB2CMembersExternalLoginProviderOptions>();
            builder.AddMemberExternalLogins(logins =>
            {
                logins.AddMemberLogin(
                    membersAuthenticationBuilder =>
                    {
                        ...
                    });
            });
-        });
        return builder;
    }
}

RM82

09/09/2024, 12:35 PM

Yeah, we have tried every which way (with or without it), we noticed the duplication too (i will give it another go now), but to make sure that wasn't the issue, on the last version we left it in. But the results are the same, it never fires, we have also tried explicity setting the config section builder.Services.Configure directly instead but its the same. BackOfficeExternalLoginProviderOptions works just fine and you can step through it registering the configure methods, it seems specific to MemberExternalLoginProviderOptions where the behavior is different or failing silently

RM82

09/10/2024, 10:14 AM

@here I pulled down the Umbraco source code ensure it wasn't a project specific issue and the same behavior is noted in the v13/contrib branch where options are not registered specifically for members.

james.bong

09/12/2024, 11:50 AM

@here Hello, I think I have just discovered this problem. Just spun up a new instance of 13.4.1, ported over code that we have previously developed and confirmed working (in v12) for an Azure provider. However this code in 13.4.1 the AutoLink event is not being hit. The previous v12 project where it has been working is in the process of being upgraded to 13 by a colleague, so I'll need to check if it is still working or if it has broken that existing build.

james.bong

09/12/2024, 1:43 PM

I can confirm after doing our upgrade, the functionality does still work so this issue comes down to some gaps in documentation. I have been able to get my fresh v13 implementation working too now. After reviewing our original implementation I now recall that some of the claims needed for AutoLinking to work were missing, specifically the email claim and also the name claim. Missing email claim doesn't appear to throw any kind of error but missing name claim will. So in order to fix this in terms of the missing email claim and in the case of Azure B2C, I had to make sure Email Addresses was ticked against the User Flow's Application Claim settings in the Azure Portal. Then I had to update the OnTokenValidated event in the BuildExtensions file to include something like this:

Copy code

options.Events.OnTokenValidated = async context =>
{
  var claims = context.Principle?Claims.ToList();
  
  if (claims != null)
  {
    var email = claims.SingleOrDefault(x => x.Type == "email");
    if (email != null)
    {
      claims.Add(new Claim(ClaimTypes.Email, email.Value));
    }
  }

  context.Principle = new ClaimsPrinciple etc etc
}

Depending on the Azure AD B2C instance, you may have to do something similar with the *name * claim too (this should throw an error though). With this added, hopefully the login flow will then hit the AutoLink event and the associated Umbraco Member should be created. Lewis

33 Views

Previous Next

Umbraco

A hub and casual space for you to interact with fellow community members and learn more about Umbraco!