feat: support identifiers and first_screen sign-in params

darcyYe · darcyYe · commit 207074761a5d · 2024-11-11T18:38:28.000+08:00
diff --git a/samples/sample-blazor/Program.cs b/samples/sample-blazor/Program.cs
@@ -47,8 +47,21 @@
 {
     if (!(context.User?.Identity?.IsAuthenticated ?? false))
     {
-        await context.ChallengeAsync(new AuthenticationProperties { RedirectUri = "/" });
-    } else {
+        var authProperties = new AuthenticationProperties 
+        { 
+            RedirectUri = "/" 
+        };
+
+        authProperties.SetParameter("first_screen", LogtoParameters.Authentication.FirstScreen.Register);
+        authProperties.SetParameter("identifiers", string.Join(",", new[] 
+        { 
+            LogtoParameters.Authentication.Identifiers.Username,
+        }));
+
+        await context.ChallengeAsync(authProperties);
+    } 
+    else 
+    {
         context.Response.Redirect("/");
     }
 });
diff --git a/samples/sample-mvc/Controllers/HomeController.cs b/samples/sample-mvc/Controllers/HomeController.cs
@@ -25,7 +25,18 @@ public async Task<IActionResult> Index()
 
     public IActionResult SignIn()
     {
-        return Challenge(new AuthenticationProperties { RedirectUri = "/" });
+        var authProperties = new AuthenticationProperties 
+        { 
+            RedirectUri = "/" 
+        };
+
+        authProperties.SetParameter("first_screen", LogtoParameters.Authentication.FirstScreen.SignIn);
+        authProperties.SetParameter("identifiers", string.Join(",", new[] 
+        { 
+            LogtoParameters.Authentication.Identifiers.Username,
+        }));
+
+        return Challenge(authProperties);
     }
 
     // Use the `new` keyword to avoid conflict with the `ControllerBase.SignOut` method
diff --git a/samples/sample/Pages/Index.cshtml.cs b/samples/sample/Pages/Index.cshtml.cs
@@ -22,7 +22,18 @@ public async Task OnGetAsync()
 
     public async Task OnPostSignInAsync()
     {
-        await HttpContext.ChallengeAsync(new AuthenticationProperties { RedirectUri = "/" });
+        var authProperties = new AuthenticationProperties 
+        { 
+            RedirectUri = "/" 
+        };
+
+        authProperties.SetParameter("first_screen", LogtoParameters.Authentication.FirstScreen.Register);
+        authProperties.SetParameter("identifiers", string.Join(",", new[] 
+        { 
+            LogtoParameters.Authentication.Identifiers.Username,
+        }));
+
+        await HttpContext.ChallengeAsync(authProperties);
     }
 
     public async Task OnPostSignOutAsync()
diff --git a/src/Logto.AspNetCore.Authentication/LogtoParameters.cs b/src/Logto.AspNetCore.Authentication/LogtoParameters.cs
@@ -115,4 +115,57 @@ public static class Claims
     /// </summary>
     public const string Identities = "identities";
   }
+
+  /// <summary>
+  /// The authentication parameters for Logto sign-in experience customization.
+  /// </summary>
+  public static class Authentication
+  {
+    /// <summary>
+    /// The first screen to show in the sign-in experience.
+    /// </summary>
+    public static class FirstScreen
+    {
+      /// <summary>
+      /// Show the register form first.
+      /// </summary>
+      public const string Register = "identifier:register";
+
+      /// <summary>
+      /// Show the sign-in form first.
+      /// </summary>
+      public const string SignIn = "identifier:sign_in";
+
+      /// <summary>
+      /// Show the single sign-on form first.
+      /// </summary>
+      public const string SingleSignOn = "single_sign_on";
+
+      /// <summary>
+      /// Show the reset password form first.
+      /// </summary>
+      public const string ResetPassword = "reset_password";
+    }
+
+    /// <summary>
+    /// The identifiers to use for authentication.
+    /// </summary>
+    public static class Identifiers
+    {
+      /// <summary>
+      /// Use email for authentication.
+      /// </summary>
+      public const string Email = "email";
+      
+      /// <summary>
+      /// Use phone for authentication.
+      /// </summary>
+      public const string Phone = "phone";
+      
+      /// <summary>
+      /// Use username for authentication.
+      /// </summary>
+      public const string Username = "username";
+    }
+  }
 }
diff --git a/src/Logto.AspNetCore.Authentication/extensions/AuthenticationBuilderExtensions.cs b/src/Logto.AspNetCore.Authentication/extensions/AuthenticationBuilderExtensions.cs
@@ -9,6 +9,7 @@ namespace Logto.AspNetCore.Authentication;
 using Microsoft.IdentityModel.Tokens;
 using System;
 using System.Collections.Generic;
+using System.Threading.Tasks;
 
 /// <summary>
 /// Extension methods to configure Logto authentication.
@@ -101,15 +102,26 @@ private static void ConfigureOpenIdConnectOptions(OpenIdConnectOptions options,
     options.ClaimActions.MapAllExcept("nbf", "nonce", "c_hash", "at_hash");
     options.Events = new OpenIdConnectEvents
     {
+      OnRedirectToIdentityProvider = context =>
+      {
+        if (context.Properties.Parameters.TryGetValue("first_screen", out var firstScreen))
+        {
+          context.ProtocolMessage.Parameters.Add("first_screen", firstScreen?.ToString());
+        }
+
+        if (context.Properties.Parameters.TryGetValue("identifiers", out var identifiers))
+        {
+          context.ProtocolMessage.Parameters.Add("identifiers", identifiers?.ToString());
+        }
+
+        return Task.CompletedTask;
+      },
       OnRedirectToIdentityProviderForSignOut = async context =>
       {
-        // Clean up the cookie when signing out.
         await context.HttpContext.SignOutAsync(cookieScheme);
-
-        // Rebuild parameters since we use <c>client_id</c> for sign-out, no need to use <c>id_token_hint</c>.
         context.ProtocolMessage.Parameters.Remove(OpenIdConnectParameterNames.IdTokenHint);
         context.ProtocolMessage.Parameters.Add(OpenIdConnectParameterNames.ClientId, logtoOptions.AppId);
-      },
+      }
     };
     options.TokenValidationParameters = new TokenValidationParameters
     {
