My aim is to show External Provider log in only for a STS user authentication flow. A simple authentication system, to get users signed up quickly and securely. I do want to get their image/picture/avatar as well though, to pass on to the clients, if available.

I've enabled the Quickstart UI Home View to show the claims without needing to add a Client.

• Got to the Home Controller & uncomment the code to make it as it should be for production purposes.

But you can add your own Client to see how it works as a STS, or go to Client Demo to see a live Angular ( Firebase ) Client demo.

I'm persisting data to Azure Storage Table, through ElCamino package by Dave Melendez.

• https://github.com/dlmelendez/identityazuretable
• https://www.nuget.org/packages/ElCamino.AspNet.Identity.AzureTable/

In my Startup file; - ElCamino configuration -or- local Azure Storage Emulator - OpenID Connect Implicit Flow for Google and Microsoft - .AddOpenIdConnect() - ASP.NET Identity default provided server flow with - .AddFacebook() - OAuth example also using the server flow - .AddOAuth()

In my External Controller; - AutoRegister function to provision and persist a new user provided by the external log in. - UpdateClaims to check if they've updated either their name or picture since their last log in

Copy the repo, restore Nuget packages and run off https://localhost:5001 in your launchSettings.json for development. - Use https as some providers will only accept SSL Configure an app in each of the external providers you want to add, and make sure you include the correct callback uri. - eg. "https://localhost:5001/signin-{nameOfExternalProvider}" - And, add API for LogIn or OpenID and Profile scopes... whatever your provider calls those resources. Then, add application id and secret to your application's settings or secret manager.

OR - try the STS now

Visit live demo website and log in with a provider you have an account with to see the claims that will be passed on to the Client

OR - try a Client

Visit live demo Client

OR

Connect using your own Client... at localhost:4200 with these settings - You can copy this Angular Starter Client to run a basic app using this Security Token Service with AuthService and AuthGuard.

CONNECTION SETTINGS
authority: 'https://demo-sts-authentication-only.azurewebsites.net', or 'https://localhost:5001' if you're running it locally,
client_id: 'Client',
response_type: 'id_token',
redirect_uri: 'http://localhost:4200/auth-callback', or whatever you choose to use to handle the OIDC callback
post_logout_redirect_uri: 'http://localhost:4200',
scope: 'openid profile'

OR... none of the above.

The desire to make users information secure and managed over any applications I develop in the future, brought me to the identity space.

I first came to this video tutorial with Brock Allen and Scott Hanselman in the Microsoft Virtual Academy. They really cover a lot in only a couple of hours. Great for starting out, like I was.

The on to watching Nate Barbetini for Okta and for Microsoft, explaing about OpenID, OAuth and ASP.NET Identity. He speaks clearly about the identity space and the two protocols, OpenID and OAuth.

I found a more thorough explanation of ASP.NET identity with this video by Adam Tuliper and Jeremy Foster. This seems like a much deeper dive than Nate's videos, although I recommend watching both. Repeatedly.

Along the way, with these great introductions I spent a lot of time in Visual Studio, quickly discovering bugs in my code and patiently finding the answers; through lots of stackoverflows from people like myself, pouring over the documentation, dicovering well-known endpoints, and protocol specifications.

I chose to persist the user data to Azure Storage, mostly because i didn't want to pay any extra costs associated with a SQL Server, but after a while because I just wanted to prove it wasn't complicated.

I chose to run with my decision of using Azure Storage, although creating my own ( of any great quailty for production ) would take longer than I wanted.

That lead me to install Dave Melendez's package which provides an excellent and professional solution.

Although I will come back to this and create something more streamlined for my specific use case.

So here we are with my demo for the first step in Identity and creating a STS for Authentication, with various examples of how to include external providers.

The next step will be adding APIs protected behind TFA.

..and moving away from InMemory sources into a better interface for registering Clients and the like.

Docs

• OpenID Connect
• OAuth

Video

• Nate Barbettini for Okta - 1 hour

Examples

• Jerrie Pelser

Docs

• Official Documentaion

News

• Dom Baier

Video

• Brock Allen & Scott Hansleman - 2 hours

Examples

• Startup.cs

Docs

• Introduction to Identity

Video

• Jeremy Foster & Adam Tuliper - 4:30 hours
• Identity with Nate - 1 hour talk @Microsoft

Examples

• Introduction to Identity

External Providers

• Google = Register your app & See the docs
• Microsoft = Register your app & See the docs
• LinkedIn = Register your app & See the docs
• facebook = Register your app & See the docs
• Google Authentication for .NET
• Google OpenID Connect, how to...
• Microsoft OpenID Connect, how to...

Useful documentation

• User Manager, and methods.
• UserStore, and methods.
• UserClaims, and methods.
• UserLogin, and methods.
• Persist additional claims

Docs

• Quickstarts
• Table Service REST APIs
• Design Guide
• Concurrency in Azure Blob Storage
• Overview for .NET
• Getting Started with .NET

Examples

• Tahir Naushad tutorial
• Tahir Naushad on GitHub
• RavenDb example on GitHub, Startup.cs configuration.
• Dave Melendez on GitHub

Packages

• El Camino by Dave Melendez

Development

• Storage Emulator, on SSMS on (local)\MSSQLLocalDb engine