Issue with Swedish Bankid and OIDC - follow up question

Questions and Answers
1

This question was migrated from the previous community

Question:

Hi, we are trying to pass multiple values through the login_hint param in our request from our Azure B2C solution. Unfortunately, the platform does not seem to accept sending two values in the login_hint parameter, and it currently fails when we try to pass two strings in the following way:

Is it possible to pass them as a delimited string, instead of two separate values?

To give some details, we try to pass it to the request in the following way, as part of our profile:

<InputClaim ClaimTypeReferenceId="subject-1990123456" PartnerClaimType="login_hint" />   
<InputClaim ClaimTypeReferenceId="redirect-http://url.com" PartnerClaimType="login_hint" />

What I expect from the querystring:

<url with params here>&login_hint=subject-1990123456&login_hint=redirect-http://url.com

Instead I get an exception.

What I hoped could be possible, unless you guys have a better solution:

    <InputClaim ClaimTypeReferenceId="subject-1990123456<delimiter>redirect-http://url.com" PartnerClaimType="login_hint" />

What would be in the querystring:

    <url with params here>&login_hint=subject-1990123456<urlencoded delimiter>login_hint=redirect-http://url.com

Please contact me if anything is unclear.

2

You can pass multiple values by passing multiple login_hint parameters.

For instance: ?login_hint=subject-nnn&login_hint=telephone-nnnnnnnn

3

Reply from OP:
This is what I wanted to do initially, but Azure B2C seems to not allow multiple login_hint parameters in their implementation of OIDC.

4

If Azure B2C doesn’t support multiple login_hints you may have to build the redirecturl on your own. Note that this is untested by Signicat:

app.UseOpenIdConnectAuthentication(
        new OpenIdConnectAuthenticationOptions
        {
            ClientId = clientId,
            Authority = authority,
            PostLogoutRedirectUri = postLogoutRedirectUri,
            Notifications = new OpenIdConnectAuthenticationNotifications()
                {
                    RedirectToIdentityProvider = (context) =>
                    {
                        var currentUrl = HttpContext.Current.Request.Url;
                        var queryToAppend = "loginHint=baz";
                        context.ProtocolMessage.RedirectUri = new UriBuilder(
                            currentUrl.Scheme,
                            currentUrl.Host,
                            currentUrl.Port, currentUrl.Path, currentUrl.Query + "&" + queryToAppend ).ToString();
                    }
                }
        });

0
5

Reply from OP:
Ok, thank you both for quick responses. Was hoping for a simpler fix, but I will try this :slight_smile: