Need information on how external login works

[Rahul21199]

IdentityServer version

Duende IdentityServer- 7.0.6

.NET version

.net 8

Description

I need some help understanding how authentication works with external login. Here are the steps our application follows:

1. The client application initiates the authorization request with our identity server.
2. Our identity server redirects the user to a third party.
3. After successful authentication The client redirects back to our callback URL with a code and state, e.g., {callbackurl}?code=xyz&state=abc.
   My questions are:

1.Seems this callback is handle by duende. What exactly does Duende do in the callback, and how does it use the code and state passed in the query parameters?
2. In our callback, we read the external identity from external cookies as suggested https://docs.duendesoftware.com/identityserver/v7/ui/login/external/#inspecting-the-external-identity.
How are these cookies created, and how do they contain the external client claims?

Reproduction steps

No response

Expected behavior

No response

Logs

No response

Additional context

No response

[RolandGuijt]

It is more a ASP.NET Core than an IdentityServer feature. The scheme for the external identity provider is configured in the bootstrap code of the application (scroll up from the link you included).
When that scheme is challenged the flow is initiated with the external idp the same way as the client initiated it with the internal idp.

So when after logging into the external idp it will set a session cookie too and redirect to an endpoint on the internal idp that eventually runs the code in the link. The name of the cookie is set when configuring the scheme. When the callback happens that name is used to read the cookie (the call to AuthenticateAsync). The claims are read and then it's up to you what you want to do with the claims. Use them to login the user on the internal idp, provisioning a new user or copying the claims to the internal idp session.