public static IServiceCollection AddOpenIdConnectBFF(this IServiceCollection services, IConfiguration config, string openIdConnectConfigKey = "Security:OpenIdConnect") { services.AddAuthentication(options => { options.DefaultScheme = "cookies"; options.DefaultChallengeScheme = "oidc"; }) .AddCookie("cookies", options => { options.Cookie.Name = "bff"; options.Cookie.SameSite = SameSiteMode.Strict; }) .AddOpenIdConnect("oidc", options => { var settings = new OpenIdConnectSettings(); config.BindSectionOrThrow(openIdConnectConfigKey, settings); options.Authority = settings.Authority; options.ClientId = settings.ClientId; options.ClientSecret = settings.ClientSecret; options.ResponseType = "code"; options.GetClaimsFromUserInfoEndpoint = true; options.SaveTokens = true; options.Scope.Clear(); foreach (var scope in settings.Scope) { options.Scope.Add(scope); } if (!options.Scope.Contains("openid")) { options.Scope.Add("openid"); } if (!options.Scope.Contains("offline_access")) { options.Scope.Add("offline_access"); } options.TokenValidationParameters = new TokenValidationParameters { NameClaimType = "name", RoleClaimType = "role" }; }); return(services); }
public static AuthenticationBuilder AddOpenIdConnect(this AuthenticationBuilder builder, IConfiguration config, string configKey = "Security:OpenIdConnect") { var settings = new OpenIdConnectSettings(); config.BindSectionOrThrow(configKey, settings); builder .AddOpenIdConnect("oidc", OpenIdConnectDefaults.DisplayName, opt => settings.LoadOptions(opt) ); return(builder); }