Support multiple authentication schemes for single identity provider

[howej]

For one identity provider, there may be multiple authentication schemes available. For example, one using standard OAuth, and the other one using QR code. When I implemented the logic as follow within Umbraco 15:

builder.AddBackOfficeExternalLogins(loginsBuilder =>
{
    loginsBuilder.AddBackOfficeLogin(authenticationBuilder =>
    {
        authenticationBuilder
            .AddOAuth("oauth", options =>
            {
                builder.Config.GetRequiredSection("Authentication:OAuth").Bind(options);
            })
            .AddOAuth("qrcode", options =>
            {
                builder.Config.GetRequiredSection("Authentication:QRCode").Bind(options);
            })
            .AddPolicyScheme("AutoSelect", default, options =>
            {
                options.ForwardDefaultSelector = context => context.Request.Headers.UserAgent.Any(ua => ua?.Contains("something", StringComparison.OrdinalIgnoreCase) ?? false) ? "oauth" : "qrcode";
            });
    });
});

I found it works well during authentication, but was not able to link the loginUser to umbracoIdentityUser, because during the link-user process, Umbraco will look for the LoginProvider registered in DI container. The problem would be "AutoSelect" was not in the LoginProviders collection, so the link-user process fails.

My suggestion is, after the user has authenticated and call back to Umbraco authorize endpoint, checks the auth scheme. If PolicyScheme is detected, check its ForwardDefaultSelector to get the actual auth scheme, then get the login provider object from DI, finally invoke the AutoLink method.