During AuthenticationEvents (OIDC) I stored some data in the AuthenticationProperties, since that was the place I thought it to be practical (namely i stored the Adal Token Cache there, which might or might not be a good idea).
Then I use a claim transformation, which will add the user profile claims from another service. That service will use OAuth-Bearer-Authentication. The token required for the bearer-authentication is retrieved from the AuthenticationProperties, by calling httpContext.Authentication.GetTokenAsync(_sharedAuthOptions.SignInScheme, tokenName);
Now the fun part: GetTokenAsync() will call AuthenticationManager.Authenticate(), which will then try to run my claim injection, which will try to contact the service, which needs the oAuth-Bearer-Token, which will call GetTokenAsync(), which will call AuthManager.Authetnicate(), which will then run my claim injection, etc. etc. (StackOverflowException - yay)
Some code snippets:
Saving the tokens
public static async Task<AuthenticationResult> AuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
{
var clientCred = new ClientCredential(context.Options.ClientId, context.Options.ClientSecret);
var authContext = new AuthenticationContext(context.Options.Authority, false, new TokenCache());
var result = await authContext.AcquireTokenByAuthorizationCodeAsync(context.ProtocolMessage.Code,
new Uri(context.Properties.Items[OpenIdConnectDefaults.RedirectUriForCodePropertiesKey]), clientCred, context.Options.Resource);
var authToken = SerializeCache(authContext.TokenCache);
var properties = new List<AuthenticationToken> { authToken };
context.Properties.StoreTokens(properties);
return result;
}
Reading the tokens
await httpContext.Authentication.GetTokenAsync(_sharedAuthOptions.SignInScheme, AdalTokenCacheName);
Now the questions: Is there a way to access the AuthenticationProperties without rerunning the auth-pipeline? If not is there a good way to save additional data to the generated principal claims?
