public static IServiceCollection AddAuth0([NotNull] this IServiceCollection services, [NotNull] Action <Auth0Options> configureAuth0Options)
        {
            Guard.NotNull(services, nameof(services));
            Guard.NotNull(configureAuth0Options, nameof(configureAuth0Options));

            var auth0Options = new Auth0Options();

            configureAuth0Options(auth0Options);

            services.Configure(configureAuth0Options);

            services.AddOptions();

            services.AddServices();

            services.AddJwtBearerAuthentication(auth0Options);

            services.AddAuthorization(options =>
            {
                foreach (string policy in auth0Options.Policies)
                {
                    options.AddPolicy(policy, auth0Options.Domain);
                }
            });

            return(services);
        }
Example #2
0
        public static AuthenticationBuilder AddAuth0(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action <Auth0Options> options)
        {
            var auth0Options = new Auth0Options()
            {
            };

            options(auth0Options);

            return(builder.AddOpenIdConnect(authenticationScheme, displayName, oidc =>
            {
                oidc.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
                oidc.SignOutScheme = IdentityServerConstants.SignoutScheme;

                oidc.Authority = $"https://{auth0Options.Domain}";
                oidc.RequireHttpsMetadata = false;

                oidc.ClientId = auth0Options.ClientId;
                oidc.ClientSecret = auth0Options.ClientSecret;
                oidc.ResponseType = "code";

                oidc.Scope.Add("openid");
                oidc.Scope.Add("profile");

                oidc.CallbackPath = new PathString($"/signin-{authenticationScheme}");

                oidc.ClaimsIssuer = "Auth0";

                oidc.Events = new OpenIdConnectEvents
                {
                    OnTokenResponseReceived = (context) =>
                    {
                        var logger = context.HttpContext.RequestServices.GetRequiredService <ILogger <Startup> >();
                        logger.LogInformation(context.TokenEndpointResponse.IdToken);
                        return Task.CompletedTask;
                    },
                    // handle the logout redirection
                    OnRedirectToIdentityProviderForSignOut = (context) =>
                    {
                        var logoutUri = $"https://{auth0Options.Domain}/v2/logout?client_id={auth0Options.ClientId}";

                        var postLogoutUri = context.Properties.RedirectUri;
                        if (!string.IsNullOrEmpty(postLogoutUri))
                        {
                            if (postLogoutUri.StartsWith("/"))
                            {
                                // transform to absolute
                                var request = context.Request;
                                postLogoutUri = request.Scheme + "://" + request.Host + request.PathBase + postLogoutUri;
                            }
                            logoutUri += $"&returnTo={ Uri.EscapeDataString(postLogoutUri)}";
                        }

                        context.Response.Redirect(logoutUri);
                        context.HandleResponse();

                        return Task.CompletedTask;
                    }
                };
            }));
        }
 private static void AddJwtBearerAuthentication(this IServiceCollection services, Auth0Options auth0Options)
 {
     services.AddAuthentication(options =>
     {
         options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
         options.DefaultChallengeScheme    = JwtBearerDefaults.AuthenticationScheme;
     }).AddJwtBearer(options =>
     {
         options.Authority = auth0Options.JwtAuthority;
         options.Audience  = auth0Options.JwtAudience;
     });
 }