Use Universal Login without OpenIdConnect in .NET Core

Hi all,

I have an existing 3rd party that we use for authentication. The current flow is: user logs in on a webpage, the credentials are sent to the 3rd party, and if this is a success we set a .NET Authentication Cookie.

I want to implement Auth0 since the 3rd party doesn’t support things like MFA or any other advanced security features. So I was planning on using the Universal Login, then passing the Auth0 code (JWT token) after successful authentication (yes user credentials will need to be stored in Auth0) and pass it, together with the provided username or email, to an external API that will verify the token and, if valid, will login the user to the external party. This is all possible.

My issue is that all the examples and quickstart guides with Universal Login do too much - from what I can see they all rely on the .NET OpenIdConnect functionalities which set an authentication cookie. I don’t want that. I want the Universal Login to redirect to a certain path in my webapplication, where I can read the Auth0 authentication token from the request, and then use that to call my external API. Only then, on success, do I want to create a valid session.

Is this possible? Any examples out there that do this? Any pointers are more than welcome. Thanks.

For anyone wondering, I got this working by using the TokenValidated method in the OpenIdEvents method and setting custom claims with a custom AuthenticationTicket.

1 Like

Glad you have figured it out and thanks for sharing it with the rest of community!