-
Notifications
You must be signed in to change notification settings - Fork 6
08. Additional authentication paths
This page will cover how you can setup extra paths that the middleware is allowed to work with, this can be helpful when determining the difference between an authentication on one area of an application to another.
You can set this up in the options for the middleware within the call to AddSqrl.
For example:
.AddSqrl(options =>
{
options.OtherAuthenticationPaths = new OtherAuthenticationPath[]
{
new OtherAuthenticationPath()
{
Path = "/MessageMe/Now",
AuthenticateSeparately = false
}
};
});
In this example the middleware is setup to authenticate over the path "/MessageMe/Now" and as AuthenticateSeparately is false the link provided to the SQRL client will only ask it to authenticate the user to the site’s domain and not the path.
If you set AuthenticateSeparately to be true then a link is generated that contains an "x" query string key and an integer value representing the path specified. If AuthenticateSeparately was true for the above example a SQRL link would be generated like this: sqrl://{domain and port}/MessageMe/Now?x=14&nut={a new random nut}
. The SQRL client should be authenticate the user against the domain AND the path which results in a different UserId being generated.
As of version 1.5.0 DynamicOtherAuthenticationPaths can be set if it will overrule the OtherAuthenticationPaths option DynamicOtherAuthenticationPaths is a function that is invoked each time the list of other authentication paths is needed. This will allow a changing set of allowed paths which can be helpful in a case where users need to see dynamic areas of a site as separate authentication areas.