Example #1
0
        public static IServiceCollection AddCustomOpenIddict(this IServiceCollection services)
        {
            // Configure Identity to use the same JWT claims as OpenIddict instead
            // of the legacy WS-Federation claims it uses by default (ClaimTypes),
            // which saves you from doing the mapping in your authorization controller.
            services.Configure <IdentityOptions>(options =>
            {
                options.ClaimsIdentity.UserNameClaimType = OpenIdConnectConstants.Claims.Name;
                options.ClaimsIdentity.UserIdClaimType   = OpenIdConnectConstants.Claims.Subject;
                options.ClaimsIdentity.RoleClaimType     = OpenIdConnectConstants.Claims.Role;
            });

            // Register the OpenIddict services.
            services.AddOpenIddict(options =>
            {
                // Register the Entity Framework stores.
                options.AddEntityFrameworkCoreStores <SQLServerContext>();

                // Register the ASP.NET Core MVC binder used by OpenIddict.
                // Note: if you don't call this method, you won't be able to
                // bind OpenIdConnectRequest or OpenIdConnectResponse parameters.
                options.AddMvcBinders();

                // Enable the token endpoint.
                // Form password flow (used in username/password login requests)
                options.EnableTokenEndpoint("/connect/token");

                // Enable the authorization endpoint.
                // Form implicit flow (used in social login redirects)
                options.EnableAuthorizationEndpoint("/connect/authorize");

                // Enable the password and the refresh token flows.
                options.AllowPasswordFlow()
                .AllowRefreshTokenFlow()
                .AllowImplicitFlow();        // To enable external logins to authenticate

                options.SetAccessTokenLifetime(TimeSpan.FromSeconds(Convert.ToInt32(SiteConfiguration.GetAccessTokenLifetime())));
                options.SetIdentityTokenLifetime(TimeSpan.FromSeconds(Convert.ToInt32(SiteConfiguration.GetIdentityTokenLifetime())));
                options.SetRefreshTokenLifetime(TimeSpan.FromSeconds(Convert.ToInt32(SiteConfiguration.GetRefreshTokenLifetime())));
                // During development, you can disable the HTTPS requirement.
                options.DisableHttpsRequirement();

                // Note: to use JWT access tokens instead of the default
                // encrypted format, the following lines are required:
                //
                // options.UseJsonWebTokens();
                options.AddEphemeralSigningKey();
            });

            // If you prefer using JWT, don't forget to disable the automatic
            // JWT -> WS-Federation claims mapping used by the JWT middleware:
            //
            // JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
            // JwtSecurityTokenHandler.DefaultOutboundClaimTypeMap.Clear();
            //
            // services.AddAuthentication()
            //     .AddJwtBearer(options =>
            //     {
            //         options.Authority = "http://localhost:54895/";
            //         options.Audience = "resource_server";
            //         options.RequireHttpsMetadata = false;
            //         options.TokenValidationParameters = new TokenValidationParameters
            //         {
            //             NameClaimType = OpenIdConnectConstants.Claims.Subject,
            //             RoleClaimType = OpenIdConnectConstants.Claims.Role
            //         };
            //     });

            // Alternatively, you can also use the introspection middleware.
            // Using it is recommended if your resource server is in a
            // different application/separated from the authorization server.
            //
            // services.AddAuthentication()
            //     .AddOAuthIntrospection(options =>
            //     {
            //         options.Authority = new Uri("http://localhost:54895/");
            //         options.Audiences.Add("resource_server");
            //         options.ClientId = "resource_server";
            //         options.ClientSecret = "875sqd4s5d748z78z7ds1ff8zz8814ff88ed8ea4z4zzd";
            //         options.RequireHttpsMetadata = false;
            //     });

            services.AddAuthentication(options =>
            {
                // This will override default cookies authentication scheme
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultForbidScheme       = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme    = JwtBearerDefaults.AuthenticationScheme;
            })
            .AddOAuthValidation()

            // https://developers.facebook.com/apps
            .AddFacebook(options => {
                options.AppId     = Startup.Configuration[nameof(FacebookAuthenticationOptions.AuthenticationFacebookAppId)] ?? "unified-template-com";
                options.AppSecret = Startup.Configuration[nameof(FacebookAuthenticationOptions.AuthenticationFacebookAppSecret)] ?? "unified-template-com";
            })
            // https://console.developers.google.com/projectselector/apis/library?pli=1
            .AddGoogle(options => {
                options.ClientId     = Startup.Configuration[nameof(GoogleAuthenticationOptions.AuthenticationGoogleClientId)] ?? "unified-template-com";
                options.ClientSecret = Startup.Configuration[nameof(GoogleAuthenticationOptions.AuthenticationGoogleClientSecret)] ?? "unified-template-com";
            })
            // https://apps.dev.microsoft.com/?mkt=en-us#/appList
            .AddMicrosoftAccount(options => {
                options.ClientId     = Startup.Configuration[nameof(MicrosoftAuthenticationOptions.AuthenticationMicrosoftClientId)] ?? "unified-template-com";
                options.ClientSecret = Startup.Configuration[nameof(MicrosoftAuthenticationOptions.AuthenticationMicrosoftClientSecret)] ?? "unified-template-com";
            })
            // https://apps.twitter.com/
            .AddTwitter(options => {
                options.ConsumerKey    = Startup.Configuration[nameof(TwitterAuthenticationOptions.AuthenticationTwitterConsumerKey)] ?? "unified-template-com";
                options.ConsumerSecret = Startup.Configuration[nameof(TwitterAuthenticationOptions.AuthenticationTwitterConsumerSecret)] ?? "unified-template-com";
            })
            // .AddOAuth("LinkedIn", options => {
            //     // options.SignInScheme = "external_cookie";
            //     options.ClientId = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientId)] ?? "unified-template-com";
            //     options.ClientSecret = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientSecret)] ?? "unified-template-com";
            //     options.CallbackPath = "/signin-linkedin";

            //     options.AuthorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization";
            //     options.TokenEndpoint = "https://www.linkedin.com/oauth/v2/accessToken";
            //     options.UserInformationEndpoint = "https://api.linkedin.com/v1/people/~:(id,first-name,last-name,email-address,picture-url,picture-urls::(original))";

            //     options.Scope.Add("r_basicprofile");
            //     options.Scope.Add("r_emailaddress");

            //     // options.Events = new OAuthEvents
            //     // {
            //     //     OnCreatingTicket = OnCreatingTicketLinkedInCallBack,
            //     //     OnTicketReceived = OnTicketReceivedCallback
            //     // };
            // })
            // Note: Below social providers are supported through this open source library:
            // https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers

            // https://www.linkedin.com/secure/developer?newapp=
            .AddLinkedIn(options =>
            {
                options.ClientId     = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientId)] ?? "unified-template-com";
                options.ClientSecret = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientSecret)] ?? "unified-template-com";
            })
            // https://github.com/settings/developers
            .AddGitHub(options =>
            {
                options.ClientId     = Startup.Configuration[nameof(GitHubAuthenticationOptions.AuthenticationGitHubClientId)] ?? "unified-template-com";
                options.ClientSecret = Startup.Configuration[nameof(GitHubAuthenticationOptions.AuthenticationGitHubClientSecret)] ?? "unified-template-com";
            })
            // https://developer.paypal.com/developer/applications
            .AddPaypal(options =>
            {
                options.ClientId     = Startup.Configuration[nameof(PaypalAuthenticationOptions.AuthenticationPaypalClientId)] ?? "unified-template-com";
                options.ClientSecret = Startup.Configuration[nameof(PaypalAuthenticationOptions.AuthenticationPaypalClientSecret)] ?? "unified-template-com";
            })
            // https://developer.yahoo.com/app
            .AddYahoo(options =>
            {
                options.ClientId     = Startup.Configuration[nameof(YahooAuthenticationOptions.AuthenticationYahooClientId)] ?? "unified-template-com";
                options.ClientSecret = Startup.Configuration[nameof(YahooAuthenticationOptions.AuthenticationYahooClientSecret)] ?? "unified-template-com";
            })
            .AddOAuth("LinkedIn1", options => {
                // options.SignInScheme = "external_cookie";
                options.ClientId              = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientId)] ?? "unified-template-com";
                options.ClientSecret          = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientSecret)] ?? "unified-template-com";
                options.CallbackPath          = "/signin-linkedin";
                options.AuthorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization";
                options.TokenEndpoint         = "https://www.linkedin.com/oauth/v2/accessToken";
            })
            .AddOAuth("LinkedIn2", options => {
                // options.SignInScheme = "external_cookie";
                options.ClientId              = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientId)] ?? "unified-template-com";
                options.ClientSecret          = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientSecret)] ?? "unified-template-com";
                options.CallbackPath          = "/signin-linkedin";
                options.AuthorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization";
                options.TokenEndpoint         = "https://www.linkedin.com/oauth/v2/accessToken";
            })
            .AddOAuth("LinkedIn3", options => {
                // options.SignInScheme = "external_cookie";
                options.ClientId              = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientId)] ?? "unified-template-com";
                options.ClientSecret          = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientSecret)] ?? "unified-template-com";
                options.CallbackPath          = "/signin-linkedin";
                options.AuthorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization";
                options.TokenEndpoint         = "https://www.linkedin.com/oauth/v2/accessToken";
            })
            .AddOAuth("LinkedIn4", options => {
                // options.SignInScheme = "external_cookie";
                options.ClientId              = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientId)] ?? "unified-template-com";
                options.ClientSecret          = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientSecret)] ?? "unified-template-com";
                options.CallbackPath          = "/signin-linkedin";
                options.AuthorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization";
                options.TokenEndpoint         = "https://www.linkedin.com/oauth/v2/accessToken";
            })
            .AddOAuth("LinkedIn5", options => {
                // options.SignInScheme = "external_cookie";
                options.ClientId              = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientId)] ?? "unified-template-com";
                options.ClientSecret          = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientSecret)] ?? "unified-template-com";
                options.CallbackPath          = "/signin-linkedin";
                options.AuthorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization";
                options.TokenEndpoint         = "https://www.linkedin.com/oauth/v2/accessToken";
            })
            .AddOAuth("LinkedIn6", options => {
                // options.SignInScheme = "external_cookie";
                options.ClientId              = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientId)] ?? "unified-template-com";
                options.ClientSecret          = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientSecret)] ?? "unified-template-com";
                options.CallbackPath          = "/signin-linkedin";
                options.AuthorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization";
                options.TokenEndpoint         = "https://www.linkedin.com/oauth/v2/accessToken";
            })
            .AddOAuth("LinkedIn7", options => {
                // options.SignInScheme = "external_cookie";
                options.ClientId              = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientId)] ?? "unified-template-com";
                options.ClientSecret          = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientSecret)] ?? "unified-template-com";
                options.CallbackPath          = "/signin-linkedin";
                options.AuthorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization";
                options.TokenEndpoint         = "https://www.linkedin.com/oauth/v2/accessToken";
            })
            .AddOAuth("LinkedIn8", options => {
                // options.SignInScheme = "external_cookie";
                options.ClientId              = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientId)] ?? "unified-template-com";
                options.ClientSecret          = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientSecret)] ?? "unified-template-com";
                options.CallbackPath          = "/signin-linkedin";
                options.AuthorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization";
                options.TokenEndpoint         = "https://www.linkedin.com/oauth/v2/accessToken";
            })
            .AddOAuth("LinkedIn9", options => {
                // options.SignInScheme = "external_cookie";
                options.ClientId              = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientId)] ?? "unified-template-com";
                options.ClientSecret          = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientSecret)] ?? "unified-template-com";
                options.CallbackPath          = "/signin-linkedin";
                options.AuthorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization";
                options.TokenEndpoint         = "https://www.linkedin.com/oauth/v2/accessToken";
            })
            ;

            return(services);
        }