public static IServiceCollection AddCustomOpenIddict(this IServiceCollection services) { // Configure Identity to use the same JWT claims as OpenIddict instead // of the legacy WS-Federation claims it uses by default (ClaimTypes), // which saves you from doing the mapping in your authorization controller. services.Configure <IdentityOptions>(options => { options.ClaimsIdentity.UserNameClaimType = OpenIdConnectConstants.Claims.Name; options.ClaimsIdentity.UserIdClaimType = OpenIdConnectConstants.Claims.Subject; options.ClaimsIdentity.RoleClaimType = OpenIdConnectConstants.Claims.Role; }); // Register the OpenIddict services. services.AddOpenIddict(options => { // Register the Entity Framework stores. options.AddEntityFrameworkCoreStores <SQLServerContext>(); // Register the ASP.NET Core MVC binder used by OpenIddict. // Note: if you don't call this method, you won't be able to // bind OpenIdConnectRequest or OpenIdConnectResponse parameters. options.AddMvcBinders(); // Enable the token endpoint. // Form password flow (used in username/password login requests) options.EnableTokenEndpoint("/connect/token"); // Enable the authorization endpoint. // Form implicit flow (used in social login redirects) options.EnableAuthorizationEndpoint("/connect/authorize"); // Enable the password and the refresh token flows. options.AllowPasswordFlow() .AllowRefreshTokenFlow() .AllowImplicitFlow(); // To enable external logins to authenticate options.SetAccessTokenLifetime(TimeSpan.FromSeconds(Convert.ToInt32(SiteConfiguration.GetAccessTokenLifetime()))); options.SetIdentityTokenLifetime(TimeSpan.FromSeconds(Convert.ToInt32(SiteConfiguration.GetIdentityTokenLifetime()))); options.SetRefreshTokenLifetime(TimeSpan.FromSeconds(Convert.ToInt32(SiteConfiguration.GetRefreshTokenLifetime()))); // During development, you can disable the HTTPS requirement. options.DisableHttpsRequirement(); // Note: to use JWT access tokens instead of the default // encrypted format, the following lines are required: // // options.UseJsonWebTokens(); options.AddEphemeralSigningKey(); }); // If you prefer using JWT, don't forget to disable the automatic // JWT -> WS-Federation claims mapping used by the JWT middleware: // // JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); // JwtSecurityTokenHandler.DefaultOutboundClaimTypeMap.Clear(); // // services.AddAuthentication() // .AddJwtBearer(options => // { // options.Authority = "http://localhost:54895/"; // options.Audience = "resource_server"; // options.RequireHttpsMetadata = false; // options.TokenValidationParameters = new TokenValidationParameters // { // NameClaimType = OpenIdConnectConstants.Claims.Subject, // RoleClaimType = OpenIdConnectConstants.Claims.Role // }; // }); // Alternatively, you can also use the introspection middleware. // Using it is recommended if your resource server is in a // different application/separated from the authorization server. // // services.AddAuthentication() // .AddOAuthIntrospection(options => // { // options.Authority = new Uri("http://localhost:54895/"); // options.Audiences.Add("resource_server"); // options.ClientId = "resource_server"; // options.ClientSecret = "875sqd4s5d748z78z7ds1ff8zz8814ff88ed8ea4z4zzd"; // options.RequireHttpsMetadata = false; // }); services.AddAuthentication(options => { // This will override default cookies authentication scheme options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultForbidScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddOAuthValidation() // https://developers.facebook.com/apps .AddFacebook(options => { options.AppId = Startup.Configuration[nameof(FacebookAuthenticationOptions.AuthenticationFacebookAppId)] ?? "unified-template-com"; options.AppSecret = Startup.Configuration[nameof(FacebookAuthenticationOptions.AuthenticationFacebookAppSecret)] ?? "unified-template-com"; }) // https://console.developers.google.com/projectselector/apis/library?pli=1 .AddGoogle(options => { options.ClientId = Startup.Configuration[nameof(GoogleAuthenticationOptions.AuthenticationGoogleClientId)] ?? "unified-template-com"; options.ClientSecret = Startup.Configuration[nameof(GoogleAuthenticationOptions.AuthenticationGoogleClientSecret)] ?? "unified-template-com"; }) // https://apps.dev.microsoft.com/?mkt=en-us#/appList .AddMicrosoftAccount(options => { options.ClientId = Startup.Configuration[nameof(MicrosoftAuthenticationOptions.AuthenticationMicrosoftClientId)] ?? "unified-template-com"; options.ClientSecret = Startup.Configuration[nameof(MicrosoftAuthenticationOptions.AuthenticationMicrosoftClientSecret)] ?? "unified-template-com"; }) // https://apps.twitter.com/ .AddTwitter(options => { options.ConsumerKey = Startup.Configuration[nameof(TwitterAuthenticationOptions.AuthenticationTwitterConsumerKey)] ?? "unified-template-com"; options.ConsumerSecret = Startup.Configuration[nameof(TwitterAuthenticationOptions.AuthenticationTwitterConsumerSecret)] ?? "unified-template-com"; }) // .AddOAuth("LinkedIn", options => { // // options.SignInScheme = "external_cookie"; // options.ClientId = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientId)] ?? "unified-template-com"; // options.ClientSecret = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientSecret)] ?? "unified-template-com"; // options.CallbackPath = "/signin-linkedin"; // options.AuthorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization"; // options.TokenEndpoint = "https://www.linkedin.com/oauth/v2/accessToken"; // options.UserInformationEndpoint = "https://api.linkedin.com/v1/people/~:(id,first-name,last-name,email-address,picture-url,picture-urls::(original))"; // options.Scope.Add("r_basicprofile"); // options.Scope.Add("r_emailaddress"); // // options.Events = new OAuthEvents // // { // // OnCreatingTicket = OnCreatingTicketLinkedInCallBack, // // OnTicketReceived = OnTicketReceivedCallback // // }; // }) // Note: Below social providers are supported through this open source library: // https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers // https://www.linkedin.com/secure/developer?newapp= .AddLinkedIn(options => { options.ClientId = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientId)] ?? "unified-template-com"; options.ClientSecret = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientSecret)] ?? "unified-template-com"; }) // https://github.com/settings/developers .AddGitHub(options => { options.ClientId = Startup.Configuration[nameof(GitHubAuthenticationOptions.AuthenticationGitHubClientId)] ?? "unified-template-com"; options.ClientSecret = Startup.Configuration[nameof(GitHubAuthenticationOptions.AuthenticationGitHubClientSecret)] ?? "unified-template-com"; }) // https://developer.paypal.com/developer/applications .AddPaypal(options => { options.ClientId = Startup.Configuration[nameof(PaypalAuthenticationOptions.AuthenticationPaypalClientId)] ?? "unified-template-com"; options.ClientSecret = Startup.Configuration[nameof(PaypalAuthenticationOptions.AuthenticationPaypalClientSecret)] ?? "unified-template-com"; }) // https://developer.yahoo.com/app .AddYahoo(options => { options.ClientId = Startup.Configuration[nameof(YahooAuthenticationOptions.AuthenticationYahooClientId)] ?? "unified-template-com"; options.ClientSecret = Startup.Configuration[nameof(YahooAuthenticationOptions.AuthenticationYahooClientSecret)] ?? "unified-template-com"; }) .AddOAuth("LinkedIn1", options => { // options.SignInScheme = "external_cookie"; options.ClientId = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientId)] ?? "unified-template-com"; options.ClientSecret = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientSecret)] ?? "unified-template-com"; options.CallbackPath = "/signin-linkedin"; options.AuthorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization"; options.TokenEndpoint = "https://www.linkedin.com/oauth/v2/accessToken"; }) .AddOAuth("LinkedIn2", options => { // options.SignInScheme = "external_cookie"; options.ClientId = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientId)] ?? "unified-template-com"; options.ClientSecret = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientSecret)] ?? "unified-template-com"; options.CallbackPath = "/signin-linkedin"; options.AuthorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization"; options.TokenEndpoint = "https://www.linkedin.com/oauth/v2/accessToken"; }) .AddOAuth("LinkedIn3", options => { // options.SignInScheme = "external_cookie"; options.ClientId = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientId)] ?? "unified-template-com"; options.ClientSecret = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientSecret)] ?? "unified-template-com"; options.CallbackPath = "/signin-linkedin"; options.AuthorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization"; options.TokenEndpoint = "https://www.linkedin.com/oauth/v2/accessToken"; }) .AddOAuth("LinkedIn4", options => { // options.SignInScheme = "external_cookie"; options.ClientId = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientId)] ?? "unified-template-com"; options.ClientSecret = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientSecret)] ?? "unified-template-com"; options.CallbackPath = "/signin-linkedin"; options.AuthorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization"; options.TokenEndpoint = "https://www.linkedin.com/oauth/v2/accessToken"; }) .AddOAuth("LinkedIn5", options => { // options.SignInScheme = "external_cookie"; options.ClientId = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientId)] ?? "unified-template-com"; options.ClientSecret = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientSecret)] ?? "unified-template-com"; options.CallbackPath = "/signin-linkedin"; options.AuthorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization"; options.TokenEndpoint = "https://www.linkedin.com/oauth/v2/accessToken"; }) .AddOAuth("LinkedIn6", options => { // options.SignInScheme = "external_cookie"; options.ClientId = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientId)] ?? "unified-template-com"; options.ClientSecret = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientSecret)] ?? "unified-template-com"; options.CallbackPath = "/signin-linkedin"; options.AuthorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization"; options.TokenEndpoint = "https://www.linkedin.com/oauth/v2/accessToken"; }) .AddOAuth("LinkedIn7", options => { // options.SignInScheme = "external_cookie"; options.ClientId = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientId)] ?? "unified-template-com"; options.ClientSecret = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientSecret)] ?? "unified-template-com"; options.CallbackPath = "/signin-linkedin"; options.AuthorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization"; options.TokenEndpoint = "https://www.linkedin.com/oauth/v2/accessToken"; }) .AddOAuth("LinkedIn8", options => { // options.SignInScheme = "external_cookie"; options.ClientId = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientId)] ?? "unified-template-com"; options.ClientSecret = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientSecret)] ?? "unified-template-com"; options.CallbackPath = "/signin-linkedin"; options.AuthorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization"; options.TokenEndpoint = "https://www.linkedin.com/oauth/v2/accessToken"; }) .AddOAuth("LinkedIn9", options => { // options.SignInScheme = "external_cookie"; options.ClientId = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientId)] ?? "unified-template-com"; options.ClientSecret = Startup.Configuration[nameof(LinkedInAuthenticationOptions.AuthenticationLinkedInClientSecret)] ?? "unified-template-com"; options.CallbackPath = "/signin-linkedin"; options.AuthorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization"; options.TokenEndpoint = "https://www.linkedin.com/oauth/v2/accessToken"; }) ; return(services); }