Feature request: Persistent external authentication sessions

[gvkries]

Is your feature request related to a problem? Please describe.

Currently, external authentication with providers is session-based, requiring users to manually sign in after closing the browser. Unlike local Orchard accounts, there's no option to persist the login cookie for external providers.

Describe the solution you'd like

Introduce a configuration option or a checkbox on the login form to enable users to keep the external authentication cookie for an extended period. This feature mirrors the existing functionality available for local Orchard accounts. Consider reusing the existing checkbox for this purpose to maintain consistency.

Describe alternatives you've considered

Alternatively, consider implementing a mechanism to challenge the last used external provider, akin to the scenario when only one external provider is available and the option UseExternalProviderIfOnlyOneDefined is enabled. To achieve this, an additional persistent cookie storing the last used authentication method may be necessary. The advantage of this approach is that it relies solely on the existing persistence settings of the external provider.

[sebastienros]

there's no option to persist the login cookie for external providers

But these don't use cookies. And it would but up to these providers to support persistant authentication tokens.

@kevinchalet is that a thing?

[gvkries]

SignInManager<TUser>.ExternalLoginSignInAsync() sets a local cookie and allows to specify it as persistent, using the same expiry settings as with a local account. See https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.identity.signinmanager-1.externalloginsigninasync?view=aspnetcore-8.0