Everything is explained well on the page and the default user group can be set using the recommended approach with OpenIdConnectBackOfficeExternalLoginProviderOptions
Now that is working fine but I want to use the OnAutoLinking callback to set the user group because I will set the user group based on the claim I receive from my external authentication provider.
OnAutoLinking = (autoLinkUser, loginInfo) =>
{
// You can customize the user before it's linked.
// i.e. Modify the user's groups based on the Claims returned
// in the externalLogin info
},
The autoLinkUser in the callback has a method SetGroup but that does not accept an alias of the user group, it only accepts a collection of IReadOnlyUserGroup
The difficulty I am having here is how I am supposed to access the UserService to get all groups and create a ReadOnlyCollection to set the user group while being inside the callback which I cannot inject the UserService into.
So basically based on the role I get in the claim which I can find in loginInfo I want to be able to set the backend user group on auto-linking
This is my full code
public class OpenIdConnectBackofficeExternalLoginProviderOptions : IConfigureNamedOptions<BackOfficeExternalLoginProviderOptions>
{
public const string SchemeName = "BackOffice.OpenIdConnect";
public void Configure(BackOfficeExternalLoginProviderOptions options)
{
Configure(options);
}
public void Configure(string name, BackOfficeExternalLoginProviderOptions options)
{
options.DenyLocalLogin = false;
options.AutoRedirectLoginToExternalProvider = false;
options.AutoLinkOptions = new ExternalSignInAutoLinkOptions(
// must be true for auto-linking to be enabled
autoLinkExternalAccount: true,
// Optionally specify default user group, else
// assign in the OnAutoLinking callback
// (default is editor)
defaultUserGroups: new[] { Constants.Security.EditorGroupAlias },
// Optionally specify the default culture to create
// the user as. If null it will use the default
// culture defined in the web.config, or it can
// be dynamically assigned in the OnAutoLinking
// callback.
defaultCulture: null,
// Optionally you can disable the ability to link/unlink
// manually from within the back office. Set this to false
// if you don't want the user to unlink from this external
// provider.
allowManualLinking: false
)
{
// Optional callback
OnAutoLinking = (autoLinkUser, loginInfo) =>
{
//This has to be set! Or else when the user is created it will be marked as disabled!
autoLinkUser.IsApproved = true;
// You can customize the user before it's linked.
// i.e. Modify the user's groups based on the Claims returned
// in the externalLogin info
autoLinkUser.SetGroups();
},
OnExternalLogin = (user, loginInfo) =>
{
// You can customize the user before it's saved whenever they have
// logged in with the external provider.
// i.e. Sync the user's name based on the Claims returned
// in the externalLogin info
return true; //returns a boolean indicating if sign in should continue or not.
}
};
}
}
Auto Link callback for setting backend user group requires collection of IReadOnlyUserGroup
Hey everyone I came across an issue while trying to auto-link a backend user using an external auth provider
I followed pretty much everything in the documentation and I have successfully got everything up and running using Azure AD
https://docs.umbraco.com/umbraco-cms/reference/security/auto-linking
Everything is explained well on the page and the default user group can be set using the recommended approach with OpenIdConnectBackOfficeExternalLoginProviderOptions
Now that is working fine but I want to use the OnAutoLinking callback to set the user group because I will set the user group based on the claim I receive from my external authentication provider.
The autoLinkUser in the callback has a method SetGroup but that does not accept an alias of the user group, it only accepts a collection of IReadOnlyUserGroup
The difficulty I am having here is how I am supposed to access the UserService to get all groups and create a ReadOnlyCollection to set the user group while being inside the callback which I cannot inject the UserService into.
So basically based on the role I get in the claim which I can find in loginInfo I want to be able to set the backend user group on auto-linking
This is my full code
I solved the issue by simply setting the Roles to (inside of OnAutoLinking and OnExternalLogin)
and then adding the Role
Just in case someone else runs in to this.
is working on a reply...