Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Bato 2 posts 92 karma points
    Jan 11, 2023 @ 21:15
    Bato
    0

    Auto Link callback for setting backend user group requires collection of IReadOnlyUserGroup

    Hey everyone I came across an issue while trying to auto-link a backend user using an external auth provider

    I followed pretty much everything in the documentation and I have successfully got everything up and running using Azure AD

    https://docs.umbraco.com/umbraco-cms/reference/security/auto-linking

    Everything is explained well on the page and the default user group can be set using the recommended approach with OpenIdConnectBackOfficeExternalLoginProviderOptions

    defaultUserGroups: new[] { Constants.Security.EditorGroupAlias },
    

    Now that is working fine but I want to use the OnAutoLinking callback to set the user group because I will set the user group based on the claim I receive from my external authentication provider.

    OnAutoLinking = (autoLinkUser, loginInfo) =>
                    {
                        // You can customize the user before it's linked.
                        // i.e. Modify the user's groups based on the Claims returned
                        // in the externalLogin info
                    },
    

    The autoLinkUser in the callback has a method SetGroup but that does not accept an alias of the user group, it only accepts a collection of IReadOnlyUserGroup

    The difficulty I am having here is how I am supposed to access the UserService to get all groups and create a ReadOnlyCollection to set the user group while being inside the callback which I cannot inject the UserService into.

    So basically based on the role I get in the claim which I can find in loginInfo I want to be able to set the backend user group on auto-linking

    This is my full code

    public class OpenIdConnectBackofficeExternalLoginProviderOptions : IConfigureNamedOptions<BackOfficeExternalLoginProviderOptions>
        {
            public const string SchemeName = "BackOffice.OpenIdConnect";
    
            public void Configure(BackOfficeExternalLoginProviderOptions options)
            {
                Configure(options);
            }
    
            public void Configure(string name, BackOfficeExternalLoginProviderOptions options)
            {
                options.DenyLocalLogin = false;
                options.AutoRedirectLoginToExternalProvider = false;
    
                options.AutoLinkOptions = new ExternalSignInAutoLinkOptions(
    
    
    
                    // must be true for auto-linking to be enabled
                    autoLinkExternalAccount: true,
    
                    // Optionally specify default user group, else
                    // assign in the OnAutoLinking callback
                    // (default is editor)
                    defaultUserGroups: new[] { Constants.Security.EditorGroupAlias },
    
                    // Optionally specify the default culture to create
                    // the user as. If null it will use the default
                    // culture defined in the web.config, or it can
                    // be dynamically assigned in the OnAutoLinking
                    // callback.
    
                    defaultCulture: null,
                    // Optionally you can disable the ability to link/unlink
                    // manually from within the back office. Set this to false
                    // if you don't want the user to unlink from this external
                    // provider.
                    allowManualLinking: false
                )
                {
                    // Optional callback
                    OnAutoLinking = (autoLinkUser, loginInfo) =>
                    {
                        //This has to be set! Or else when the user is created it will be marked as disabled!
    
                        autoLinkUser.IsApproved = true;
    
    
                        // You can customize the user before it's linked.
                        // i.e. Modify the user's groups based on the Claims returned
                        // in the externalLogin info
                        autoLinkUser.SetGroups();
                    },
                    OnExternalLogin = (user, loginInfo) =>
                    {
                        // You can customize the user before it's saved whenever they have
                        // logged in with the external provider.
                        // i.e. Sync the user's name based on the Claims returned
                        // in the externalLogin info
    
                        return true; //returns a boolean indicating if sign in should continue or not.
                    }
                };
            }
        }
    
  • Bato 2 posts 92 karma points
    Jan 12, 2023 @ 15:13
    Bato
    100

    I solved the issue by simply setting the Roles to (inside of OnAutoLinking and OnExternalLogin)

    user.Roles = new List<IdentityUserRole<string>>() {};
    

    and then adding the Role

    user.AddRole("editor"),
    

    Just in case someone else runs in to this.

Please Sign in or register to post replies

Write your reply to:

Draft