All geek questions in one place

Getting user organization in a Stormpath in .Net Core?

I have a setup application with Stormpath middleware for authentication. I also have an account setup to use a group for each organization model. It seems that the login is all, but I'm struggling to find a reasonable way to get the organization identifier or name database at the login.

With the Stormpath.SDK.Account link, I can do something like:

private readonly IAccount _account; var name = _account.FullName;

I would expect something similar to be available to retrieve the organization, but I cannot find anything in their SDK link. So far I have tried:

Extracting an organization from my application. It seems that it will be available through the "onk" application , but I do not see this as an option when viewing the _claim properties from the following code:

 ClaimsPrincipal _claim = new ClaimsPrincipal(User.Identity); var OrganizationId = _claim.FindFirst("onk").Value;

I also don't see a way to extract the organization from the header. It shows that the host is available in the header , but the kernel SDK does not seem to allow me to get this.

Ideally, I would like the user to be able to log in without specifying their tenant as a subdomain or field in the login form. Since it will go through my organization’s stores in order, I expect it to be possible.

Any ideas on what I am missing?

+5
source share
2 answers

Stormpath can use namekey .

How to create an Organization

 var bankOfAOrg = client.Instantiate<IOrganization>() .SetName("Bank of A") .SetNameKey("bank-of-a") .SetStatus(OrganizationStatus.Enabled);

Adding account storage to an organization:

 // With a reference to an IDirectory: var newMapping = await bankOfAOrg.AddAccountStoreAsync(existingDirectory); // Or simply by href: newMapping = await bankOfAOrg.AddAccountStoreAsync("directory_href");

In order to be able to add Groups and Accounts to the Organization in the manner described above, we also need to make sure that we have marked this account repository as our default value for both accounts and groups:

 newMapping.SetDefaultAccountStore(true) .SetDefaultGroupStore(true); await newMapping.SaveAsync();

Adding an account to the organization:

 var chewie = client.Instantiate<IAccount>() .SetGivenName("Chewbacca") .SetSurname("the Wookiee") .SetUsername("rrwwgggh") .SetEmail(" chewie@kashyyyk.rim ") .SetPassword("Changeme123!"); chewie.CustomData.Put("favoriteShip", "Millennium Falcon"); await bankOfAOrg.CreateAccountAsync(chewie);

See here for more information.

0
source

You touched on this in your question, but in the current history you will receive an onk application in the user's access token if you specify the Organization during the login.

For instance:

 var request = new PasswordGrantRequest { Username = " nate@foo.bar ", Password = "Secret123?", OrganizationNameKey = "acme-org" } var response = await application.ExecuteOauthRequestAsync(request); // response.AccessTokenString will contain an onk claim

Ideally, I would like the user to be able to log in without specifying their tenant as a subdomain or field in the login form. Since it will go through my organization’s stores in order, I expect it to be possible.

This is not possible at the moment with the Organization object, but it is possible with the Group object, since you can list groups of accounts after the fact.

Disclaimer: I work on Stormpath.

0
source

Source: https://habr.com/ru/post/1257977/

More articles:


All Articles