IdentityServer4, oauth and re-logging in
Hi,
I have a web app that relies on Azure AD (Entra ID) to authenticate and authorize users in my web app.
My app looks like the following:
Angular SPA -> IdentityServer4 -> AzureAD
And
Angular SPA -> Web API
At a certain point, I need the user to re-enter their credentials. I can force the credentials to be re-entered, but the issue is that the user can log in using different credentials at that stage. I can pass the login_hint to the identityserver to prepopulate the user's email address, but they can still request to log in as a different user when the pop up window shows. I can also pass id_token_hint as well so I assume that I can use that to check whether the current logged in user is different to the one trying to log in.
What I am unsure of is how I can force an error when logging in and how I can handle it gracefully. One location I was trying is in on OnTokenValidated event of the middleware for aad (AzureAD), and I can for example set context.Fail("Some error message") but that shows an exception page. Ideally I'd like to redirect to something a bit more useful. Currently the CallbackPath of my middle where is /signin-aad. It does call back to this, but shows the exception.
I have a web app that relies on Azure AD (Entra ID) to authenticate and authorize users in my web app.
My app looks like the following:
Angular SPA -> IdentityServer4 -> AzureAD
And
Angular SPA -> Web API
At a certain point, I need the user to re-enter their credentials. I can force the credentials to be re-entered, but the issue is that the user can log in using different credentials at that stage. I can pass the login_hint to the identityserver to prepopulate the user's email address, but they can still request to log in as a different user when the pop up window shows. I can also pass id_token_hint as well so I assume that I can use that to check whether the current logged in user is different to the one trying to log in.
What I am unsure of is how I can force an error when logging in and how I can handle it gracefully. One location I was trying is in on OnTokenValidated event of the middleware for aad (AzureAD), and I can for example set context.Fail("Some error message") but that shows an exception page. Ideally I'd like to redirect to something a bit more useful. Currently the CallbackPath of my middle where is /signin-aad. It does call back to this, but shows the exception.
