AnsweredAssumed Answered

ASP.Net Core 3.1 LTI Development and OAUTH tokens

Question asked by Edwin Laarakkers on Apr 17, 2020

What I'm trying to figure out is the following: 

I have an LTI that can be accessed from the course menu, in the LTI launch event we get the usual parameters and we can verify the signature etc. in the launch event. Witihin the launch event, after some LTI checks such as oauth_signature, I use the command: 

await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,
new ClaimsPrincipal(claimsIdentity));

This results in that the user has signed in with some additional claims that I added to the claimsIdentity parameter in my application( such as User.Identity..)


The next thing that I want to achieve is to run API actions as the logged in user, for that I need a token for the user, which I can retrieve with OAuth. I did implement the solution described in Implementing OAuth in an ASP.NET Core 2.2 MVC web app 


But in this blog post a challenge action is performed in the accountcontroller / login method. If I perform a challenge to retrieve tokens, the application overrides the logged in User with the claims retrieved from the OAuth event. This results in that additional claims are lost.


So the question is: How to handle such case?