Trying to setup External Member authentication using Entrada and OIDC has me running around like a chicken w/ my head cutoff (apologies for the American (southern) colloquialism) .
I’ve got the auth working, sorta, I think. I load the site in local dev, it takes me to my Signin template, I click login with OpenIDC, and it lets me in.
What’s not working…
In my MemberAuthenticationExtensions.cs (below) I’ve specified AddMicrosoftGraph. But, subsequent calls to that graphServiceClient appear to be unauthenticated. I’m trying to pull the user’s photo from Graph. Can anybody explain how I can be authenticated with the site, but not authenticated for Graph?
`public static class MemberAuthenticationExtensions
{
public static IUmbracoBuilder ConfigureAuthenticationMembers(this IUmbracoBuilder builder)
{
builder.Services.ConfigureOptions();
builder.AddMemberExternalLogins(logins =>
{
logins.AddMemberLogin(memberAuthenticationBuilder =>
{
memberAuthenticationBuilder.AddMicrosoftIdentityWebApp(
options =>
{
builder.Config.Bind("AzureAd", options);
options.SaveTokens = true;
},
cookieOptions =>
{
cookieOptions.SlidingExpiration = true;
cookieOptions.ExpireTimeSpan = TimeSpan.FromHours(8);
},
memberAuthenticationBuilder.SchemeForMembers(
EntraIDMembersExternalLoginProviderOptions.SchemeName))
.EnableTokenAcquisitionToCallDownstreamApi()
.AddMicrosoftGraph(builder.Config.GetSection("Graph"))
.AddDistributedTokenCaches();
});
});
return builder;
}
}`