We have our own provider of OpenID Connect. We also have our own SDK for the Relying Party, which creates requests and then analyzes the result. And now we want to do work with our provider with Owin / Katana clients.
According to the OpenID Connect Spec, we can use the Request object http://openid.net/specs/openid-connect-core-1_0.html#JWTRequests , in which we can transfer the requested claims and claims values to the OpenID connection provider.
So, my first question is : how can I pass a Request object with the requested statements and their values using the Owin / Katana middleware? I cannot find a way to do this using the Microsoft.Owin.Security.OpenIdConnect assembly. It seems we can only request areas and that’s it.
And the second question (this is not important for us, but nonetheless): Does Owin support the "request" response mode? By default, Owin uses an implicit stream and the "form_post" response mode. But when I tried to use the "request" response mode, I did not have any result (our provider redirected redirect_uri with id_token to the request parameter, but Owin did not catch it, and the "form_post" response mode worked fine). Tried this code:
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
...
Response_Mode = "query",
...
});
I would be grateful for your help.