K
K Denham
Guest
I assume you're referring to adding an authentication provider in the Settings > Advanced section. If so, then Sitefinity has a built-in resource of handling the callback your authentication provider generates after a successful sign-in with the identity provider. So the flow looks something like this: User visits the login page and clicks on the "Login with Linked-in" button (or whatever the caption you created says). User gets redirected to the identity provider and one of the components of the redirect is that Sitefinity tells the Provider, via a parameter, "Hey Provider, after this person signs in, send them back to this URL please". That URL looks something like "Yoursite.com/Sitefinity/Authenticate/OpenID/signin-custom". This page is where the magic happens with the authorization token in a couple steps. User enters their credentials and successful signs into the provider After sign-in, the provider generates a redirect back to Sitefinity, sending the user to the /Sitefinity/Authenticate/OpenID/signin-custom page. It's here the token exchange takes place. So under-the-hood, the statement "they will be redirected to the given landing page" isn't really accurate, even though that's what it appears like to the user. Of course, there's always a lot of gotchas to consider when a platform like Sitefinity simplifies an otherwise complicated process.
Continue reading...
Continue reading...