Add support for prompt and enroll_amr_values. (#225)

okta · Nov 14, 2022 · a64086e · a64086e
1 parent 33494dc
commit a64086e
Show file tree

Hide file tree

Showing 11 changed files with 92 additions and 15 deletions.
diff --git a/Okta.AspNet.Abstractions/CHANGELOG.md b/Okta.AspNet.Abstractions/CHANGELOG.md
@@ -1,12 +1,17 @@
 # Changelog
 Running changelog of releases since `3.0.5`
 
-## v4.1.0
+## v4.2.0
 
 ### Features
 
-- Add support for AcrValues
+- Add support for `prompt` and `enroll_amr_values`
+
+## v4.1.0
+
+### Features
 
+- Add support for `acr_values`
 
 ## v4.0.1
 

diff --git a/Okta.AspNet.Abstractions/Okta.AspNet.Abstractions.csproj b/Okta.AspNet.Abstractions/Okta.AspNet.Abstractions.csproj
@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <TargetFrameworks>net452;netstandard2.0</TargetFrameworks>
-    <Version>4.1.0</Version>
+    <Version>4.2.0</Version>
   </PropertyGroup>
 
   <PropertyGroup>

diff --git a/Okta.AspNet.Abstractions/OktaParams.cs b/Okta.AspNet.Abstractions/OktaParams.cs
@@ -33,9 +33,20 @@ public static class OktaParams
         /// </summary>
         public const string AcrValues = "acr_values";
 
+
+        /// <summary>
+        /// Used to support enrollment of a factor during an /authorize call.
+        /// </summary>
+        public const string Prompt = "prompt";
+
+        /// <summary>
+        /// Used to pass a case-sensitive string that represents a list of authenticator method references.
+        /// </summary>
+        public const string EnrollAmrValues = "enroll_amr_values";
+
         /// <summary>
         /// A list with all Okta well-known params.
         /// </summary>
-        public static readonly IList<string> AllParams = new List<string>() { SessionToken, Idp, LoginHint, AcrValues };
+        public static readonly IList<string> AllParams = new List<string>() { SessionToken, Idp, LoginHint, AcrValues, Prompt, EnrollAmrValues };
     }
 }
diff --git a/Okta.AspNet/CHANGELOG.md b/Okta.AspNet/CHANGELOG.md
@@ -1,11 +1,17 @@
 # Changelog
 Running changelog of releases since `1.6.0`
 
+## v3.2.0
+
+### Features
+
+- Add support for `prompt` and `enroll_amr_values`
+
 ## v3.1.0
 
 ### Features
 
-- Add support for AcrValues
+- Add support for `acr_values`
 
 
 ## v3.0.2

diff --git a/Okta.AspNet/Okta.AspNet.csproj b/Okta.AspNet/Okta.AspNet.csproj
@@ -3,7 +3,7 @@
   <PropertyGroup>
     <Description>Official Okta middleware for ASP.NET 4.6.2+. Easily add authentication and authorization to ASP.NET applications.</Description>
     <Copyright>(c) 2019 Okta, Inc.</Copyright>
-    <Version>3.1.0</Version>
+    <Version>3.2.0</Version>
     <Authors>Okta, Inc.</Authors>
     <TargetFramework>net462</TargetFramework>
     <AssemblyName>Okta.AspNet</AssemblyName>

diff --git a/Okta.AspNetCore.Mvc.IntegrationTest/Controllers/AccountController.cs b/Okta.AspNetCore.Mvc.IntegrationTest/Controllers/AccountController.cs
@@ -61,6 +61,21 @@ public IActionResult LoginWithAcrValues()
             return RedirectToAction("Index", "Home");
         }
 
+        public IActionResult LoginWithEnrollAmrValues()
+        {
+            if (!HttpContext.User.Identity.IsAuthenticated)
+            {
+                var properties = new AuthenticationProperties();
+                properties.Items.Add(OktaParams.Prompt, "enroll_authenticator");
+                properties.Items.Add(OktaParams.EnrollAmrValues, "sms okta_verify ");
+                properties.RedirectUri = "/Home/";
+
+                return Challenge(properties, OktaDefaults.MvcAuthenticationScheme);
+            }
+
+            return RedirectToAction("Index", "Home");
+        }
+
         [HttpPost]
         public IActionResult Logout()
         {

diff --git a/Okta.AspNetCore.Mvc.IntegrationTest/OktaMiddlewareShould.cs b/Okta.AspNetCore.Mvc.IntegrationTest/OktaMiddlewareShould.cs
@@ -4,6 +4,7 @@
 using System;
 using System.Net.Http;
 using System.Threading.Tasks;
+using System.Web;
 using Xunit;
 
 namespace Okta.AspNetCore.Mvc.IntegrationTest
@@ -67,6 +68,19 @@ public async Task IncludeLoginHintInAuthorizeUrlAsync()
             }
         }
 
+        [Fact]
+        public async Task IncludePromptAndAmrEnrollValuesInAuthorizeUrlAsync()
+        {
+            var loginWithLoginHintEndpoint = string.Format("{0}/Account/LoginWithEnrollAmrValues", BaseUrl);
+            using (var client = _server.CreateClient())
+            {
+                var response = await client.GetAsync(loginWithLoginHintEndpoint);
+                Assert.True(response.StatusCode == System.Net.HttpStatusCode.Found);
+                Assert.Contains("prompt=enroll_authenticator", response.Headers.Location.AbsoluteUri);
+                Assert.Contains(HttpUtility.UrlPathEncode("enroll_amr_values=sms okta_verify"), response.Headers.Location.AbsoluteUri);
+            }
+        }
+
         [Fact]
         public async Task IncludeAcrValuesInAuthorizeUrlAsync()
         {

diff --git a/Okta.AspNetCore/CHANGELOG.md b/Okta.AspNetCore/CHANGELOG.md
@@ -1,11 +1,17 @@
 # Changelog
 Running changelog of releases since `3.2.0`
 
+## v4.4.0
+
+### Features
+
+- Add support for `prompt` and `enroll_amr_values`
+
 ## v4.3.0
 
 ### Features
 
-- Add support for AcrValues
+- Add support for `acr_values`
 
 ## v4.2.1
 

diff --git a/Okta.AspNetCore/Okta.AspNetCore.csproj b/Okta.AspNetCore/Okta.AspNetCore.csproj
@@ -7,8 +7,8 @@
 	<PropertyGroup>
 		<Description>Official Okta middleware for ASP.NET Core 3.1+. Easily add authentication and authorization to ASP.NET Core applications.</Description>
 		<Copyright>(c) 2020 - present Okta, Inc. All rights reserved.</Copyright>
-		<Version>4.3.0</Version>
-		<VersionPrefix>4.3.0</VersionPrefix>
+		<Version>4.4.0</Version>
+		<VersionPrefix>4.4.0</VersionPrefix>
 		<Authors>Okta, Inc.</Authors>
 		<AssemblyName>Okta.AspNetCore</AssemblyName>
 		<PackageId>Okta.AspNetCore</PackageId>

diff --git a/docs/aspnet4x-mvc.md b/docs/aspnet4x-mvc.md
@@ -181,9 +181,15 @@ public ActionResult Login()
 }
 ```
 
-## Specifying the `acr_values` parameter
+## Specifying the `acr_values`, `enroll_amr_values` and `prompt` parameters
 
-The optional `acr_values` parameter, when included in the authentication request, increases the level of user assurance. For more details see the [Okta documentation](https://developer.okta.com/docs/reference/api/oidc/#request-parameters).
+| Parameter | Description | Required? |
+| ------- |  ------------------------- | ------- |
+|`acr_values` | When included in the authentication request, increases the level of user assurance. | No |
+|`prompt` | Indicate the pipeline the intent of the request, such as, support enrollment of a new factor. | No |
+|`enroll_amr_values` |  A space-delimited, case-sensitive string that represents a list of authenticator method references. | No |
+
+For more details see the [Okta documentation](https://developer.okta.com/docs/reference/api/oidc/#request-parameters).
 
 Add the following action in your controller: 
 
@@ -193,7 +199,12 @@ public ActionResult Login()
     if (!HttpContext.User.Identity.IsAuthenticated)
     {
         var properties = new AuthenticationProperties();
+        // Example 1
         properties.Dictionary.Add(OktaParams.AcrValues, "urn:okta:loa:1fa:pwd");
+        // Example 2
+        properties.Dictionary.Add(OktaParams.Prompt, "enroll_authenticator");
+        properties.Dictionary.Add(OktaParams.EnrollAmrValues, "sms okta_verify");
+
         properties.RedirectUri = "/Home/About";
 
         HttpContext.GetOwinContext().Authentication.Challenge(properties,

diff --git a/docs/aspnetcore-mvc.md b/docs/aspnetcore-mvc.md
@@ -267,20 +267,29 @@ public IActionResult SignIn()
     return RedirectToAction("Index", "Home");
 }
 ```
+## Specifying the `acr_values`, `enroll_amr_values` and `prompt` parameters
 
-## Specifying the `acr_values` parameter
+| Parameter | Description | Required? |
+| ------- |  ------------------------- | ------- |
+|`acr_values` | When included in the authentication request, increases the level of user assurance. | No |
+|`prompt` | Indicate the pipeline the intent of the request, such as, support enrollment of a new factor. | No |
+|`enroll_amr_values` |  A space-delimited, case-sensitive string that represents a list of authenticator method references. | No |
 
-The optional `acr_values` parameter, when included in the authentication request, increases the level of user assurance. For more details see the [Okta documentation](https://developer.okta.com/docs/reference/api/oidc/#request-parameters).
-
-Add the following action in your controller: 
+For more details see the [Okta documentation](https://developer.okta.com/docs/reference/api/oidc/#request-parameters).
 
 ```csharp
 public IActionResult SignIn()
 {
     if (!HttpContext.User.Identity.IsAuthenticated)
     {
         var properties = new AuthenticationProperties();
+        // Example 1
         properties.Items.Add(OktaParams.AcrValues, "urn:okta:loa:1fa:pwd");
+
+        // Example 2
+        properties.Dictionary.Add(OktaParams.Prompt, "enroll_authenticator");
+        properties.Dictionary.Add(OktaParams.EnrollAmrValues, "sms okta_verify");
+
         properties.RedirectUri = "/Home/";
 
         return Challenge(properties, OktaDefaults.MvcAuthenticationScheme);