public static AuthenticationBuilder AddLiteCrmOAuth( this AuthenticationBuilder builder, IConfiguration configuration) { var liteCrmOAuthOptions = configuration.GetSection(nameof(LiteCrmOAuthOptions)); var loginPath = liteCrmOAuthOptions.GetValue <string>(nameof(LiteCrmOAuthOptions.LoginPath)); var callbackPath = liteCrmOAuthOptions.GetValue <string>(nameof(LiteCrmOAuthOptions.CallbackPath)); var clientId = liteCrmOAuthOptions.GetValue <string>(nameof(LiteCrmOAuthOptions.ClientId)); var clientSecret = liteCrmOAuthOptions.GetValue <string>(nameof(LiteCrmOAuthOptions.ClientSecret)); var scopes = liteCrmOAuthOptions.GetValue <string>(nameof(LiteCrmOAuthOptions.Scopes)); var authorizationUrl = liteCrmOAuthOptions.GetValue <string>(nameof(LiteCrmOAuthOptions.AuthorizationUrl)); var userInfoUrl = liteCrmOAuthOptions.GetValue <string>(nameof(LiteCrmOAuthOptions.UserInfoUrl)); var tokenUrl = liteCrmOAuthOptions.GetValue <string>(nameof(LiteCrmOAuthOptions.TokenUrl)); return(builder .AddOAuth(JwtDefaults.AuthenticationScheme, options => { options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.ClientId = clientId; options.ClientSecret = clientSecret; options.Scope.Add(LiteCrmOAuthDefaults.OpenIdScope); options.Scope.Add(LiteCrmOAuthDefaults.ProfileScope); if (!string.IsNullOrWhiteSpace(scopes)) { scopes .Split(",") .ToList() .ForEach(x => options.Scope.Add(x.Trim())); } options.CallbackPath = new PathString(callbackPath); options.AuthorizationEndpoint = authorizationUrl ?? LiteCrmOAuthDefaults.AuthorizationUrl; options.UserInformationEndpoint = userInfoUrl ?? LiteCrmOAuthDefaults.UserInfoUrl; options.TokenEndpoint = tokenUrl ?? LiteCrmOAuthDefaults.TokenUrl; options.SaveTokens = true; options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, JwtDefaults.IdentifierClaimType); options.ClaimActions.MapJsonKey(ClaimTypes.Email, JwtDefaults.EmailClaimType); options.ClaimActions.MapJsonKey(ClaimTypes.HomePhone, JwtDefaults.PhoneClaimType); options.ClaimActions.MapJsonKey(ClaimTypes.Surname, JwtDefaults.SurnameClaimType); options.ClaimActions.MapJsonKey(ClaimTypes.Name, JwtDefaults.NameClaimType); options.ClaimActions.MapJsonKey(ClaimTypes.DateOfBirth, JwtDefaults.BirthDateClaimType); options.ClaimActions.MapJsonKey(ClaimTypes.Gender, JwtDefaults.GenderClaimType); options.Events = new OAuthEvents { OnCreatingTicket = async context => { var userInfoJson = await UserInfoHelper.GetUserInfoJsonAsync(context); context.AppendRolesToClaims(userInfoJson); }, OnRedirectToAuthorizationEndpoint = context => { if (HasUserAgent(context.HttpContext)) { context.Response.Redirect(context.RedirectUri); } else { context.Response.StatusCode = StatusCodes.Status401Unauthorized; } return Task.CompletedTask; }, OnRemoteFailure = context => { if (HasUserAgent(context.HttpContext)) { context.Response.Redirect(loginPath); } else { context.Response.StatusCode = StatusCodes.Status401Unauthorized; } return Task.CompletedTask; } }; })); }