ASP.Net Core 3.1 LTI Development and OAUTH tokens

Jump to solution
edwin_laarakker
Community Novice

What I'm trying to figure out is the following: 

I have an LTI that can be accessed from the course menu, in the LTI launch event we get the usual parameters and we can verify the signature etc. in the launch event. Witihin the launch event, after some LTI checks such as oauth_signature, I use the command: 

await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(claimsIdentity));

This results in that the user has signed in with some additional claims that I added to the claimsIdentity parameter in my application( such as User.Identity..)

The next thing that I want to achieve is to run API actions as the logged in user, for that I need a token for the user, which I can retrieve with OAuth. I did implement the solution described in Implementing OAuth in an ASP.NET Core 2.2 MVC web app 

But in this blog post a challenge action is performed in the accountcontroller / login method. If I perform a challenge to retrieve tokens, the application overrides the logged in User with the claims retrieved from the OAuth event. This results in that additional claims are lost.

So the question is: How to handle such case?

Labels (1)
0 Likes
1 Solution
bclauss
Community Member

 @Alexandre_Sch ,

I'm following along with Garth Egbert's Blog series that ends with .NET - OAuth2 Workflow: Part 3 - Refresh Token and I'm running into an issue where he's using the (seemingly deprecated) HttpRequestBase class from System.Web.

I've added the newer LtiLibrary.AspNetCore from Andy Miller, but I'm not sure how to get the HttpRequest information needed to complete the GenerateSignature to verify the OAuth request or to get the list of parameters (NameValueCollection) that the old HttpRequestBase.Forms used to provide.

Can you provide some direction on this?

Thank you,

  Bryan Clauss

View solution in original post

0 Likes