TwoFactorSignIn overwriting IdP for ExternalProviders

[zyofeng]

At the moment, if an external user is flagged as requiring 2FA, the controller redirects the user to SendCode/VerifyCode flow, which ends with the following line of code

AspNetCoreID4External/src/IdentityServerWithAspNetIdentity/Controllers/AccountController.cs

Line 617 in 3fa199a

var result = await _signInManager.TwoFactorSignInAsync(model.Provider, model.Code, model.RememberMe, model.RememberBrowser);

This overwrites the IdP claim against the ClaimsPrincipal with "Local", which prevents upstream logout here

AspNetCoreID4External/src/IdentityServerWithAspNetIdentity/Controllers/AccountController.cs

Line 198 in 3fa199a

if (idp != null && idp != IdentityServerConstants.LocalIdentityProvider)

The workaround I have without having to rewrite TwoFactorSignInAsync is this, I am wondering if there is a more elegant solution?

var result = await _signInManager.TwoFactorSignInAsync(model.Provider, model.Code, model.RememberMe, model.RememberBrowser).ConfigureAwait(false);

//This is a workaround to override the Idp if it's an external provider
if (result.Succeeded)
{
var info = await _signInManager.GetExternalLoginInfoAsync().ConfigureAwait(false);
if (info != null)
return await _signInManager.ExternalLoginSignInAsync(info.LoginProvider, info.ProviderKey, model.RememberMe, true).ConfigureAwait(false);
return result;
}

[damienbod]

@zyofeng I think this could be improved by using different schemes. I would need to look more into detail to understand this better.

Greetings Damien