public static IServiceCollection AddAuth0([NotNull] this IServiceCollection services, [NotNull] Action <Auth0Options> configureAuth0Options)
{
Guard.NotNull(services, nameof(services));
Guard.NotNull(configureAuth0Options, nameof(configureAuth0Options));
var auth0Options = new Auth0Options();
configureAuth0Options(auth0Options);
services.Configure(configureAuth0Options);
services.AddOptions();
services.AddServices();
services.AddJwtBearerAuthentication(auth0Options);
services.AddAuthorization(options =>
{
foreach (string policy in auth0Options.Policies)
{
options.AddPolicy(policy, auth0Options.Domain);
}
});
return(services);
}
public static AuthenticationBuilder AddAuth0(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action <Auth0Options> options)
{
var auth0Options = new Auth0Options()
{
};
options(auth0Options);
return(builder.AddOpenIdConnect(authenticationScheme, displayName, oidc =>
{
oidc.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
oidc.SignOutScheme = IdentityServerConstants.SignoutScheme;
oidc.Authority = $"https://{auth0Options.Domain}";
oidc.RequireHttpsMetadata = false;
oidc.ClientId = auth0Options.ClientId;
oidc.ClientSecret = auth0Options.ClientSecret;
oidc.ResponseType = "code";
oidc.Scope.Add("openid");
oidc.Scope.Add("profile");
oidc.CallbackPath = new PathString($"/signin-{authenticationScheme}");
oidc.ClaimsIssuer = "Auth0";
oidc.Events = new OpenIdConnectEvents
{
OnTokenResponseReceived = (context) =>
{
var logger = context.HttpContext.RequestServices.GetRequiredService <ILogger <Startup> >();
logger.LogInformation(context.TokenEndpointResponse.IdToken);
return Task.CompletedTask;
},
// handle the logout redirection
OnRedirectToIdentityProviderForSignOut = (context) =>
{
var logoutUri = $"https://{auth0Options.Domain}/v2/logout?client_id={auth0Options.ClientId}";
var postLogoutUri = context.Properties.RedirectUri;
if (!string.IsNullOrEmpty(postLogoutUri))
{
if (postLogoutUri.StartsWith("/"))
{
// transform to absolute
var request = context.Request;
postLogoutUri = request.Scheme + "://" + request.Host + request.PathBase + postLogoutUri;
}
logoutUri += $"&returnTo={ Uri.EscapeDataString(postLogoutUri)}";
}
context.Response.Redirect(logoutUri);
context.HandleResponse();
return Task.CompletedTask;
}
};
}));
}
private static void AddJwtBearerAuthentication(this IServiceCollection services, Auth0Options auth0Options)
{
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.Authority = auth0Options.JwtAuthority;
options.Audience = auth0Options.JwtAudience;
});
}
