public IEnumerator <object[]> GetEnumerator()
{
var a = new AppleAuthSetting("a", "b", "https://apple.com");
var b = new AppleTokenGenerator("a", "b", new AppleKeySetting("a", "b"));
var c = new HttpClient();
yield return(new object[] { a, b, null });
yield return(new object[] { a, null, c });
yield return(new object[] { null, b, c });
}
/// <summary>
/// Adds Apple OAuth-based authentication to <see cref="AuthenticationBuilder"/> using the default scheme.
/// The default scheme is specified by <see cref="AppleDefaults.AuthenticationScheme"/>.
/// <para>
/// Apple authentication allows application users to sign in with their Apple account.
/// </para>
/// </summary>
/// <param name="builder">The <see cref="AuthenticationBuilder"/>.</param>
/// <param name="authenticationScheme">The authentication scheme.</param>
/// <param name="displayName">A display name for the authentication handler.</param>
/// <param name="configureOptions">A delegate to configure <see cref="OpenIdConnectOptions"/>.</param>
/// <returns>A reference to <paramref name="builder"/> after the operation has completed.</returns>
public static AuthenticationBuilder AddAppleID(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action <AppleOptions> configureOptions)
=> builder.AddOpenIdConnect(authenticationScheme, displayName, (options) => {
var appleOptions = new AppleOptions()
{
CallbackPath = "/signin-apple",
SignInScheme = "cookie"
};
configureOptions?.Invoke(appleOptions);
if (string.IsNullOrWhiteSpace(appleOptions.TeamId))
{
throw new ArgumentOutOfRangeException(nameof(appleOptions.TeamId), "Apple ID. The '{0}' option must be provided.");
}
if (string.IsNullOrWhiteSpace(appleOptions.ServiceId))
{
throw new ArgumentOutOfRangeException(nameof(appleOptions.ServiceId), "Apple ID. The '{0}' option must be provided.");
}
if (string.IsNullOrWhiteSpace(appleOptions.PrivateKey))
{
throw new ArgumentOutOfRangeException(nameof(appleOptions.PrivateKey), "Apple ID. The '{0}' option must be provided.");
}
if (string.IsNullOrWhiteSpace(appleOptions.PrivateKeyId))
{
throw new ArgumentOutOfRangeException(nameof(appleOptions.PrivateKeyId), "Apple ID. The '{0}' option must be provided.");
}
options.Authority = AppleDefaults.Authority; // Discovery document: https://appleid.apple.com/.well-known/openid-configuration
options.CallbackPath = appleOptions.CallbackPath; // Corresponding to your redirect URI.
options.SignInScheme = appleOptions.SignInScheme;
options.ResponseType = "code id_token"; // Hybrid flow due to lack of PKCE support.
options.DisableTelemetry = true;
options.Scope.Clear(); // Apple does not support the profile scope.
options.Scope.Add("openid");
options.Scope.Add("email");
options.Scope.Add("name");
options.ClientId = appleOptions.ServiceId;
options.Events = appleOptions.Events;
// Custom client secret generation - secret can be re-used for up to 6 months.
options.Events.OnAuthorizationCodeReceived = context => {
context.TokenEndpointRequest.ClientSecret = AppleTokenGenerator.CreateNewToken(appleOptions.TeamId, context.Options.Authority, context.Options.ClientId, appleOptions.PrivateKey, appleOptions.PrivateKeyId);
return(Task.CompletedTask);
};
options.Events.OnRedirectToIdentityProviderForSignOut = context => {
context.HandleResponse(); // Apple does not support EndSessionEndpoint.
return(Task.CompletedTask);
};
options.UsePkce = false; // Apple does not currently support PKCE (April 2021).
});
