I am using OpenIdDict to authenticate users. I have implemented Google and Facebook logins following the example given here, but the account selection window does not open if the user has already logged in to Google or Facebook at least once.
According to Google's documentation, I need to add the prompt=consent parameter to the URL to force the user to re-accept the application. However, I don't know how to do this with OpenIdDict.
Code:
Program:
var builder = WebApplication.CreateBuilder(args);
//Some settings
builder.Services.AddOpenIddict()
.AddClient(options =>
{
options.AllowAuthorizationCodeFlow();
options.AddEncryptionCertificate(certificate)
.AddSigningCertificate(certificate);
options.UseAspNetCore()
.EnableRedirectionEndpointPassthrough();
options.UseWebProviders()
.AddGoogle(options =>
{
options.SetClientId(builder.Configuration["Google:ClientId"]!)
.SetClientSecret(builder.Configuration["Google:ClientSecret"]!)
.SetRedirectUri(builder.Configuration["Google:RedirectEndpoint"]!);
});
});
Controller:
[HttpGet("auth")]
public IActionResult ExternalAuth(string provider)
{
string? redirectEndpoint = provider switch
{
Providers.Google => _googleRedirectEndpoint,
Providers.Apple => _appleRedirectEndpoint,
Providers.Facebook => _facebookRedirectEndpoint,
_ => null
};
if (redirectEndpoint == null)
{
return BadRequest($"Provider \"{provider}\" is not configured.");
}
var properties = new AuthenticationProperties(new Dictionary<string, string?>
{
[OpenIddictClientAspNetCoreConstants.Properties.ProviderName] = provider,
});
return Challenge(properties, OpenIddictClientAspNetCoreDefaults.AuthenticationScheme);
}
You need to use
AuthenticationProperties.Parameters: