This project has moved. For the latest updates, please go here.

Multiple provider credentials in a single app

Feb 18, 2014 at 8:01 PM
Edited Feb 18, 2014 at 8:02 PM
For web applications with multiple white-labelled front-ends (branded for different clients), it is not adequate to have only one platform-wide OAuth credential per provider (e.g. Facebook App Id & App Secret) set in Startup.ConfigureAuth. We need to be able to pick the credentials at runtime, depending on who the user is or which domain name they are visiting the site from.

My present plan is to fork the codebase to make the AppId and AppSecret properties on the *AuthenticationOption classes virtual, then to override in my own subclasses which will return the appropriate credentials. (Of course it is up to me to make sure the callbacks use the same credentials, etc.)

Is there any better way to handle dynamic credentials that I've missed?
Coordinator
Feb 18, 2014 at 8:58 PM
How many different facebook ids are we talking about here? Just a few or very many? You could have multiple instances of a middleware and provide more specific auth types (FacebookApp1, FacebookApp2).
Feb 18, 2014 at 9:22 PM
Edited Feb 18, 2014 at 9:22 PM
Tratcher wrote:
How many different facebook ids are we talking about here? Just a few or very many? You could have multiple instances of a middleware and provide more specific auth types (FacebookApp1, FacebookApp2).
Currently more than 50. We want to be able to add future ids/secrets without changing any code or configuration. It should be as easy as adding a row to a database.
Coordinator
Feb 18, 2014 at 9:26 PM
Yikes. Good luck with that.

I suspect you'll have to just replace the AppId and AppSecret properties with methods that take in the request state you need and return the associated values.