Hi Jeroen,
Your work on this is awesome.
I am trying to use a very bad 3rd party system where you have to login on the service, it redirects to its own thing and then can return to your callback with only a refreshtoken.
It is not openID and using OAuth based on your awesome doc its functionality has different URL parameters.
I can create a custom link with parameters to the 3rd party login page, it logs in and redirects to its "SSO" functionality and then back to the callbackURL with refresh token.
I can then use that to a URL to obtain a full accesstoken which contains "UserName" along with tokentype, expiry, expires_in and so on.
What do you recommend is the best way to use that to then properly login/create the Umbraco member.
Basically the Umbraco extension is awesome and I would have no issues doing google, github etc but this solution has not been updated in 4/5 years and I have to use it.
Login link that provides the URL parameters for the platform and direct to login page.
User logs into the platform login. It has a redirect set to another page into its system which has its "SSO" functionality. It is not true SSO really.
It returns a refresh token specific to the user
You use the refresh token and make a request to a /token URL
You get JSON data baskc with a full access_token along with data like when it expires etc.
You actually get the UserName.
From there I am working on checking if the member exists. If they do not exist then I create the member and return a member object. If they do not exist to create the member.
With the member object then log them in.
Does anyone have any advise for the best way to log in / make the account member without the password etc?
Storing external login data
According to this help topic https://our.umbraco.com/documentation/reference/security/auto-linking/#storing-external-login-provider-data we are meant to persist data like access tokens using IExternalLoginWithKeyService by storing it during auto-linking and then persisting it once the user is linked and created. Is there an example of the best practice for this?
Hi Ruby,
I've created an example which does this: https://www.jeroenbreuer.nl/blog/released-umbraco-openid-connect-example-package/
On this line you can see how you can get the tokens: https://github.com/jbreuer/Umbraco-OpenIdConnect-Example/blob/main/Umbraco-OpenIdConnect-Example.Core/Extensions/UmbracoBuilderExtensions.cs#L96
Jeroen
Hi Jeroen, Your work on this is awesome. I am trying to use a very bad 3rd party system where you have to login on the service, it redirects to its own thing and then can return to your callback with only a refreshtoken. It is not openID and using OAuth based on your awesome doc its functionality has different URL parameters.
I can create a custom link with parameters to the 3rd party login page, it logs in and redirects to its "SSO" functionality and then back to the callbackURL with refresh token.
I can then use that to a URL to obtain a full accesstoken which contains "UserName" along with tokentype, expiry, expires_in and so on.
What do you recommend is the best way to use that to then properly login/create the Umbraco member.
Basically the Umbraco extension is awesome and I would have no issues doing google, github etc but this solution has not been updated in 4/5 years and I have to use it.
Hi Liam,
Sorry I only have experience with OpenID Connect. I'm not sure if you can use external login providers for what you are trying.
Jeroen
The steps I have got with it have been:
From there I am working on checking if the member exists. If they do not exist then I create the member and return a member object. If they do not exist to create the member. With the member object then log them in.
Does anyone have any advise for the best way to log in / make the account member without the password etc?
is working on a reply...