Skip to content

Add new event to OpenIdConnectEvents to handle specific error scenario #63566

New issue
New issue
Open
Open
Add new event to OpenIdConnectEvents to handle specific error scenario#63566
Labels
api-suggestionEarly API idea and discussion, it is NOT ready for implementationarea-authIncludes: Authn, Authz, OAuth, OIDC, Bearer
Milestone
Backlog
@bigred8982

Description

@bigred8982
bigred8982
opened on Sep 5, 2025

Background and Motivation

In reference to #59462, there is a new scenario during OIDC PAR login flow where a configuration would result in an error. The optimal solution would be to add a new OIDC event to the API to make it easier to handle this error.

Proposed API

In reference to #61947, add new event to OpenIdConnectEvents class. Event name would be OnPushAuthorizationFailed.

Usage Examples

Example originally documented in #61947

builder.Services.AddAuthentication(...)
  .AddOpenIdConnect("oidc", options => 
  {
    ...
    options.Events.OnPushAuthorizationFailed = (ctx) => {
        var logger = ctx.HttpContext.RequestServices.GetRequiredService<ILogger<Program>>();
        logger.LogError(ctx.Exception, "Received error while sending PAR request.");
        
        ctx.Response.Redirect("FriendlyErrorPage");
        ctx.Handled = true;
        return Task.CompletedTask;
    };
  });

Alternative Designs

No. I attempted to follow the existing API event design.

Risks

No exceptional risks identified.

Metadata

Metadata

Assignees

No one assigned

    Labels

    api-suggestionEarly API idea and discussion, it is NOT ready for implementationarea-authIncludes: Authn, Authz, OAuth, OIDC, Bearer

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions