a user’s first time to signup & login
… after being returned from the Universal Login so that you can process additional steps like creating the user profile on your side of the application or asking for additional information.
The quickstart is using the standard OpenID Connect Middleware and not a separate package from Auth0. I haven’t been able to locate a good way to add event handling after a successful (or failed) sign-in.
From the OIDC protocol perspective the sign-up is just a secondary step to complete the authentication process, but in terms of response the result is the same: a token containing information about the user who just authenticated.
In your application you receive that user information (a unique user id at the very least). If you keep the user profile on your application, for instance, you can detect if the user id that the OIDC protocol send in the response doesn’t exist in your application, it means that it’s a new user.
There are multiple ways to do this. The OIDC middleware, in particular, offers an event (OnTicketReceived) that lets you analyze the information of the ticket created (the user that just logged in). In the event you could check if the user is a new user (no profile yet in your database) and add that as an additional claim (e.g. “IsProfileCompleted: true”). See here for an example of modifying/expanding the claims of the user that just logged in.
Then you could create a filter where you would enforce that the profile is completed by looking at the principal claims and, if the profile is not completed, redirect the user to a profile-completion page. You would apply that filter as a global filter or an attribute to certain controllers and/or actions.
(Apologies for the wrong response before, I posted on the wrong thread).
To alter claims after the authentication happened, you can obtain the current principal and authentication properties using AuthenticateAsync, modify the claims and then use SignInAsync to generate the new session cookie:
[Authorize]
public async Task<IActionResult> ModifyClaims()
{
// get the currently signed in principal
// this assumes a user is already signed in
var result = await HttpContext.AuthenticateAsync();
var principal = result.Principal;
var identity = (ClaimsIdentity)principal.Identity;
// how to add a claim
identity.AddClaim(new Claim("MyNewClaim", "1234"));
// how to remove a claim
var claimToRemove = identity.FindFirst("claimType");
if (claimToRemove != null) {
identity.RemoveClaim(claimToRemove);
}
// set the new principal
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal, result.Properties);
// now continue with your logic
return this.RedirectToAction("Home");
}
You’re awesome! Thank you so much. This should totally go into the ASP.NET quick start walkthroughs. It would be super useful to anyone getting started.