16.07.2021
00:08
Hi,
I really like the new option that an user can authenticate himself against an arbitrary authentication provider. Like in most cases this is true for this feature, if you provide a new one there will be immediately questions asking for more. :)
For those who don't know what I'm talking about you an search the change log for 2021 R3 for 'Authentication request endpoints'.
In my case it's the following:
When I click on the sign in button (1) the server will read the configured endpoint (2) and redirect the popup to the page (3). Unfortunately, the provided query parameters are stripped from the URL and only the path and hash remains.
My request is to change the logic that the query parameters are kept. Sample PowerShells script:
$uri = new-object System.UriBuilder('https://login.microsoftonline.com/common/oauth2/v2.0/authorize?ui_locales="de-DE"#ui_locales="de-DE"')
$query = [System.Web.HttpUtility]::ParseQueryString($uri.Query);
$query["redirect_uri"] = "abc";
$query["prompt"] = "none";
$uri.Query = $query.ToString()
$uri
Returns: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?ui_locales="de-DE"&redirect_uri=abc&prompt=none#ui_locales="de-DE"
Reasons:
1. There's a list of 'official parameters' which but they are not necessarily implemented by every authentication provider:
- 'Official': https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
- Google: https://developers.google.com/identity/protocols/oauth2/web-server#creatingclient
- Microsoft: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
2. Those who are using custom endpoints will know what they are doing.
Of course it would be great, if we could use the expression editor for defining the endpoint but this would be a completely other level of change.
Best regards,
Daniel
