GCN-B-f204c0800192

GCN-G-f204c0800192: Failed to start GoCloudNative.BFF. Registering multiple TIdentityProvider types on the same endpoint is not supported. Remove one of the IdentityProviderConfigurations or configure another endpointName.

It is possible to configure multiple identity providers with GoCloudNative.BFF. This supports the following use case, for example:

Assume you are building a webshop. Customers log in to see the status of the orders via /my-account/login. They log in with Google via Auth0. Back-office employees log in to see what has been ordered so they can prepare the shipment. They log via /back-office/login. They log in via Azure Active directory.

To configure this, write the following code:

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddSecurityBff(o =>
{
    o.ConfigureAuth0(builder.Configuration.GetSection("Auth0"), "my-account");
    o.ConfigureAzureAd(builder.Configuration.GetSection("AzureAd"), "back-office");
}

How to reproduce the error

What causes this error is the fact that multiple identityproviders have been registered on the same endpoint. There are two ways to reproduce this error.

Scenario 1: Register multiple identityproviders without defining the endpoint explicitly:

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddSecurityBff(o =>
{
    o.ConfigureAuth0(builder.Configuration.GetSection("Auth0"));
    // This registers Auth0 
    // at the default endpoint: /account/login

    o.ConfigureAzureAd(builder.Configuration.GetSection("AzureAd"));
    // This registers Azure Active Directory 
    // at the default endpoint: /account/login
    // But Auth0 has already been registered at that endpoint
    // So, an exception is thrown.
}

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddSecurityBff(o =>
{
    o.ConfigureAuth0(builder.Configuration.GetSection("Auth0"), "foo");
    // This registers Auth0 
    // at the default endpoint: /foo/login

    o.ConfigureAzureAd(builder.Configuration.GetSection("AzureAd"), "foo");
    // This registers Azure Active Directory 
    // at the default endpoint: /foo/login
    // But Auth0 has already been registered at that endpoint
    // So, an exception is thrown.
}

Solution

Define the endpoints explicitly like in the first example.