Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Event-like extensions for authentication. #58812

Open
voroninp opened this issue Nov 6, 2024 · 0 comments
Open

Event-like extensions for authentication. #58812

voroninp opened this issue Nov 6, 2024 · 0 comments
Labels
api-suggestion Early API idea and discussion, it is NOT ready for implementation area-security

Comments

@voroninp
Copy link
Contributor

voroninp commented Nov 6, 2024

Background and Motivation

I'd like to run custom actions after authentication succeeds or fails. While some authentication options allow me to define callbacks for various events, there's no generic way to react to authentication process unless I implement IClaimsTransformation which has other intent.
In theory, custom middleware could work but authentication can be performed both by Authentication and Authorization middleware, so it must be enabled at correct place.

Proposed API

I'd like to be able to register a custom implementation of IAuthneticationEvents (maybe multiple implementations):

public interface IAuthneticationEvents
{
    // Always executed after authentication phase.
    ValueTask AuthenticationCompleted(IReadOnlyDictionary<string, AuthenticationResult> resultByScheme);

    // Executed if at least one scheme from the effective policy is successfully authenticated.
    ValueTask AuthenticationSucceeded(IReadOnlySet<string> succededSchemes, ClaimsPrincipal principal);

    // Executed if neither of the schemes from effective policy was successfully authenticated.
    ValueTask AuthenticationFailed(IReadOnlyDictionary<string, AuthenticationResult> resultByScheme);
}

Risks

If I am not mistaken, the current architecture of authentication and authorization process makes implementing this functionality a bit hard. For example, authentication middleware always attempts to authenticate default scheme, but it is not aware of other authentications which will be executed by policy evaluator which belongs to authorization middleware.
@voroninp voroninp added the api-suggestion Early API idea and discussion, it is NOT ready for implementation label Nov 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
api-suggestion Early API idea and discussion, it is NOT ready for implementation area-security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@voroninp