Using Auth0 alongside Umbraco instead of adding as an external login provider

I am currently trying to implement a login feature on our website using Auth0.

I’m able to log in I’m able to retrieve/use the credentials received from Auth0 but as soon as I’m logged in and submit a form (Umbraco Forms) I get the following error:

I don’t need to store anything in Umbraco as I just need to retrieve some values from the claims returned by Auth0. This is why it’s not implemented as an external login provider, which seems to be causing the problem I’m facing.

Can I in anyway implement this without storing anything as members in Umbraco?

My implementation

I have followed the basics from the Auth0 Quickstarts section:
Add Login to your ASP.NET OWIN Application.

In startup.cs I have added the following in ConfigureServices():

builder.Services.AddAuth0WebAppAuthentication(options =>
{
    options.Domain = this._config.GetValue<string>(ConfigKeys.Auth0.Domain) ?? throw new ArgumentNullException(nameof(ConfigKeys.Auth0.Domain));
    options.ClientId = this._config.GetValue<string>(ConfigKeys.Auth0.ClientId) ?? throw new ArgumentNullException(nameof(ConfigKeys.Auth0.ClientId));
    options.CallbackPath = "/auth0/callback/";
});

Logging the visitor in is handled by a method in a SurfaceController:

public async Task Login(string returnUrl = "/")
{
    if (!this.Url.IsLocalUrl(returnUrl))
    {
        returnUrl = "/";
    }
    AuthenticationProperties authenticationProperties = new LoginAuthenticationPropertiesBuilder()
      .WithRedirectUri(returnUrl)
      .WithScope("openid profile email")
      .Build();

    await this.HttpContext.ChallengeAsync(
      Auth0Constants.AuthenticationScheme,
      authenticationProperties
    );
}

Once signed, the following session cookies is set in my browser:

The image shows a table with two columns, the left column showing ".AspNetCore.Cookies", ".AspNetCore.CookiesC1", and ".AspNetCore.CookiesC2", and the right column showing "chunks-2" and long strings of characters, possibly cookies or session data. (Captioned by AI)

I am running Umbraco 13.7.2 and using Umbraco Forms 13.3.3.

Here’s how I fixed it for myself. I was getting this error when I tried to login to the backoffice, using an external login provider. For me, this was a db record issue.

  1. Open SMSS, connect to the database.
  2. Locate the records in the table “umbracoExternalLogin”. ex.
SELECT  [id]
      ,[loginProvider]
      ,[providerKey]
      ,[createDate]
      ,[userOrMemberKey]
      ,[userData]
  FROM [dbo].[umbracoExternalLogin] where providerkey like 'waad|A2z%'

Where ‘waad|A2z’ matches the beginning of the user id in the error. Note the [id] of the result.

  1. You must delete the [umbracoExternalLoginToken] records matching the result id:
delete FROM [dbo].[umbracoExternalLoginToken] where externalLoginId = MY_ID
  1. Now delete the [umbracoExternalLogin] record that was returned earlier:
delete from  [dbo].[umbracoExternalLogin] where id = MY_ID
  1. Clear your browser cookies, Restart the site, try logging in again.
1 Like

Thanks for the input Aaron!
I didn’t implement it as an external login provider, so my IDs shouldn’t end up in the database at any point.

I ended up contacting Umbraco Support and they told me that PR #18320 most likely would solve my issue. After upgrading to Umbraco 13.8.0 my issue was resolved.

1 Like