From 1f76cce14ac4e4698a554b65a24f28000b50396e Mon Sep 17 00:00:00 2001
From: Kahbazi <A.Kahbazi@gmail.com>
Date: Tue, 7 Apr 2020 01:53:49 +0430
Subject: [PATCH] Add overloads to CookieAuthentication to config options with
 services (#19268)

* Add overloads to CookieAuthentication to config options with services

* Update reference assembly

* Use the new method in sampple

* Add overloads for other authentication providers

* Update ref assemblies

* Change IServiceProvider to TService
---
 ...icrosoft.AspNetCore.Identity.netcoreapp.cs |  2 +
 .../IdentityServiceCollectionExtensions.cs    | 30 ++++++
 .../CertificateAuthenticationExtensions.cs    | 40 +++++++-
 ...tCore.Authentication.Cookies.netcoreapp.cs |  3 +
 .../samples/CookieSessionSample/Startup.cs    |  4 +-
 .../Cookies/src/CookieExtensions.cs           | 27 +++++-
 ...ft.AspNetCore.Authentication.netcoreapp.cs |  4 +
 .../Core/src/AuthenticationBuilder.cs         | 95 +++++++++++++++++--
 .../Facebook/src/FacebookExtensions.cs        | 23 ++++-
 .../Google/src/GoogleExtensions.cs            | 23 ++++-
 .../JwtBearer/src/JwtBearerExtensions.cs      | 23 ++++-
 .../src/MicrosoftAccountExtensions.cs         | 25 ++++-
 .../Negotiate/src/NegotiateExtensions.cs      | 47 ++++++++-
 ...NetCore.Authentication.OAuth.netcoreapp.cs |  4 +
 .../OAuth/src/OAuthExtensions.cs              | 32 ++++++-
 .../src/OpenIdConnectExtensions.cs            | 23 ++++-
 .../Twitter/src/TwitterExtensions.cs          | 23 ++++-
 .../src/WsFederationExtensions.cs             | 47 ++++++++-
 18 files changed, 450 insertions(+), 25 deletions(-)

diff --git a/src/Identity/Core/ref/Microsoft.AspNetCore.Identity.netcoreapp.cs b/src/Identity/Core/ref/Microsoft.AspNetCore.Identity.netcoreapp.cs
index 0ccafd325b..61b1891d26 100644
--- a/src/Identity/Core/ref/Microsoft.AspNetCore.Identity.netcoreapp.cs
+++ b/src/Identity/Core/ref/Microsoft.AspNetCore.Identity.netcoreapp.cs
@@ -188,6 +188,8 @@ namespace Microsoft.Extensions.DependencyInjection
         public static Microsoft.AspNetCore.Identity.IdentityBuilder AddIdentity<TUser, TRole>(this Microsoft.Extensions.DependencyInjection.IServiceCollection services) where TUser : class where TRole : class { throw null; }
         public static Microsoft.AspNetCore.Identity.IdentityBuilder AddIdentity<TUser, TRole>(this Microsoft.Extensions.DependencyInjection.IServiceCollection services, System.Action<Microsoft.AspNetCore.Identity.IdentityOptions> setupAction) where TUser : class where TRole : class { throw null; }
         public static Microsoft.Extensions.DependencyInjection.IServiceCollection ConfigureApplicationCookie(this Microsoft.Extensions.DependencyInjection.IServiceCollection services, System.Action<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions> configure) { throw null; }
+        public static Microsoft.Extensions.DependencyInjection.IServiceCollection ConfigureApplicationCookie<TService>(this Microsoft.Extensions.DependencyInjection.IServiceCollection services, System.Action<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions, TService> configure) where TService : class { throw null; }
         public static Microsoft.Extensions.DependencyInjection.IServiceCollection ConfigureExternalCookie(this Microsoft.Extensions.DependencyInjection.IServiceCollection services, System.Action<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions> configure) { throw null; }
+        public static Microsoft.Extensions.DependencyInjection.IServiceCollection ConfigureExternalCookie<TService>(this Microsoft.Extensions.DependencyInjection.IServiceCollection services, System.Action<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions, TService> configure) where TService : class { throw null; }
     }
 }
diff --git a/src/Identity/Core/src/IdentityServiceCollectionExtensions.cs b/src/Identity/Core/src/IdentityServiceCollectionExtensions.cs
index 45e3d567eb..ffbc9f563e 100644
--- a/src/Identity/Core/src/IdentityServiceCollectionExtensions.cs
+++ b/src/Identity/Core/src/IdentityServiceCollectionExtensions.cs
@@ -110,6 +110,21 @@ namespace Microsoft.Extensions.DependencyInjection
         public static IServiceCollection ConfigureApplicationCookie(this IServiceCollection services, Action<CookieAuthenticationOptions> configure)
             => services.Configure(IdentityConstants.ApplicationScheme, configure);
 
+        /// <summary>
+        /// Configures the application cookie.
+        /// </summary>
+        /// <typeparam name="TService">TService: A service resolved from the IServiceProvider for use when configuring this authentication provider. If you need multiple services then specify IServiceProvider and resolve them directly.</typeparam>
+        /// <param name="services">The services available in the application.</param>
+        /// <param name="configure">An action to configure the <see cref="CookieAuthenticationOptions"/>.</param>
+        /// <returns>The services.</returns>
+        public static IServiceCollection ConfigureApplicationCookie<TService>(this IServiceCollection services, Action<CookieAuthenticationOptions, TService> configure) where TService : class
+        {
+            services.AddOptions<CookieAuthenticationOptions>(IdentityConstants.ApplicationScheme)
+                .Configure(configure);
+
+            return services;
+        }
+
         /// <summary>
         /// Configure the external cookie.
         /// </summary>
@@ -118,5 +133,20 @@ namespace Microsoft.Extensions.DependencyInjection
         /// <returns>The services.</returns>
         public static IServiceCollection ConfigureExternalCookie(this IServiceCollection services, Action<CookieAuthenticationOptions> configure)
             => services.Configure(IdentityConstants.ExternalScheme, configure);
+
+        /// <summary>
+        /// Configure the external cookie.
+        /// </summary>
+        /// <typeparam name="TService">TService: A service resolved from the IServiceProvider for use when configuring this authentication provider. If you need multiple services then specify IServiceProvider and resolve them directly.</typeparam>
+        /// <param name="services">The services available in the application.</param>
+        /// <param name="configure">An action to configure the <see cref="CookieAuthenticationOptions"/>.</param>
+        /// <returns>The services.</returns>
+        public static IServiceCollection ConfigureExternalCookie<TService>(this IServiceCollection services, Action<CookieAuthenticationOptions, TService> configure) where TService : class
+        {
+            services.AddOptions<CookieAuthenticationOptions>(IdentityConstants.ExternalScheme)
+                .Configure(configure);
+
+            return services;
+        }
     }
 }
diff --git a/src/Security/Authentication/Certificate/src/CertificateAuthenticationExtensions.cs b/src/Security/Authentication/Certificate/src/CertificateAuthenticationExtensions.cs
index d49f2c274b..4926a21382 100644
--- a/src/Security/Authentication/Certificate/src/CertificateAuthenticationExtensions.cs
+++ b/src/Security/Authentication/Certificate/src/CertificateAuthenticationExtensions.cs
@@ -28,7 +28,7 @@ namespace Microsoft.Extensions.DependencyInjection
         /// <param name="authenticationScheme"></param>
         /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
         public static AuthenticationBuilder AddCertificate(this AuthenticationBuilder builder, string authenticationScheme)
-            => builder.AddCertificate(authenticationScheme, configureOptions: null);
+            => builder.AddCertificate(authenticationScheme, configureOptions: (Action<CertificateAuthenticationOptions, IServiceProvider>)null);
 
         /// <summary>
         /// Adds certificate authentication.
@@ -39,6 +39,16 @@ namespace Microsoft.Extensions.DependencyInjection
         public static AuthenticationBuilder AddCertificate(this AuthenticationBuilder builder, Action<CertificateAuthenticationOptions> configureOptions)
             => builder.AddCertificate(CertificateAuthenticationDefaults.AuthenticationScheme, configureOptions);
 
+        /// <summary>
+        /// Adds certificate authentication.
+        /// </summary>
+        /// <typeparam name="TService">TService: A service resolved from the IServiceProvider for use when configuring this authentication provider. If you need multiple services then specify IServiceProvider and resolve them directly.</typeparam>
+        /// <param name="builder">The <see cref="AuthenticationBuilder"/>.</param>
+        /// <param name="configureOptions"></param>
+        /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
+        public static AuthenticationBuilder AddCertificate<TService>(this AuthenticationBuilder builder, Action<CertificateAuthenticationOptions, TService> configureOptions) where TService : class
+            => builder.AddCertificate(CertificateAuthenticationDefaults.AuthenticationScheme, configureOptions);
+
         /// <summary>
         /// Adds certificate authentication.
         /// </summary>
@@ -50,6 +60,32 @@ namespace Microsoft.Extensions.DependencyInjection
             this AuthenticationBuilder builder,
             string authenticationScheme,
             Action<CertificateAuthenticationOptions> configureOptions)
-            => builder.AddScheme<CertificateAuthenticationOptions, CertificateAuthenticationHandler>(authenticationScheme, configureOptions);
+        {
+            Action<CertificateAuthenticationOptions, IServiceProvider> configureOptionsWithServices;
+            if (configureOptions == null)
+            {
+                configureOptionsWithServices = null;
+            }
+            else
+            {
+                configureOptionsWithServices = (options, _) => configureOptions(options);
+            }
+
+            return builder.AddCertificate(authenticationScheme, configureOptionsWithServices);
+        }
+
+        /// <summary>
+        /// Adds certificate authentication.
+        /// </summary>
+        /// <typeparam name="TService">TService: A service resolved from the IServiceProvider for use when configuring this authentication provider. If you need multiple services then specify IServiceProvider and resolve them directly.</typeparam>
+        /// <param name="builder">The <see cref="AuthenticationBuilder"/>.</param>
+        /// <param name="authenticationScheme"></param>
+        /// <param name="configureOptions"></param>
+        /// <returns>The <see cref="AuthenticationBuilder"/>.</returns>
+        public static AuthenticationBuilder AddCertificate<TService>(
+            this AuthenticationBuilder builder,
+            string authenticationScheme,
+            Action<CertificateAuthenticationOptions, TService> configureOptions) where TService : class
+            => builder.AddScheme<CertificateAuthenticationOptions, CertificateAuthenticationHandler, TService>(authenticationScheme, configureOptions);
     }
 }
diff --git a/src/Security/Authentication/Cookies/ref/Microsoft.AspNetCore.Authentication.Cookies.netcoreapp.cs b/src/Security/Authentication/Cookies/ref/Microsoft.AspNetCore.Authentication.Cookies.netcoreapp.cs
index f3d730a1f9..714bdd2ebd 100644
--- a/src/Security/Authentication/Cookies/ref/Microsoft.AspNetCore.Authentication.Cookies.netcoreapp.cs
+++ b/src/Security/Authentication/Cookies/ref/Microsoft.AspNetCore.Authentication.Cookies.netcoreapp.cs
@@ -126,5 +126,8 @@ namespace Microsoft.Extensions.DependencyInjection
         public static Microsoft.AspNetCore.Authentication.AuthenticationBuilder AddCookie(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder builder, string authenticationScheme) { throw null; }
         public static Microsoft.AspNetCore.Authentication.AuthenticationBuilder AddCookie(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder builder, string authenticationScheme, System.Action<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions> configureOptions) { throw null; }
         public static Microsoft.AspNetCore.Authentication.AuthenticationBuilder AddCookie(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder builder, string authenticationScheme, string displayName, System.Action<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions> configureOptions) { throw null; }
+        public static Microsoft.AspNetCore.Authentication.AuthenticationBuilder AddCookie<TService>(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder builder, System.Action<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions, TService> configureOptions) where TService : class { throw null; }
+        public static Microsoft.AspNetCore.Authentication.AuthenticationBuilder AddCookie<TService>(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder builder, string authenticationScheme, System.Action<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions, TService> configureOptions) where TService : class { throw null; }
+        public static Microsoft.AspNetCore.Authentication.AuthenticationBuilder AddCookie<TService>(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder builder, string authenticationScheme, string displayName, System.Action<Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationOptions, TService> configureOptions) where TService : class { throw null; }
     }
 }
diff --git a/src/Security/Authentication/Cookies/samples/CookieSessionSample/Startup.cs b/src/Security/Authentication/Cookies/samples/CookieSessionSample/Startup.cs
index f7b8f2bb88..c538866d7e 100644
--- a/src/Security/Authentication/Cookies/samples/CookieSessionSample/Startup.cs
+++ b/src/Security/Authentication/Cookies/samples/CookieSessionSample/Startup.cs
@@ -14,12 +14,14 @@ namespace CookieSessionSample
     {
         public void ConfigureServices(IServiceCollection services)
         {
+            services.AddSingleton<MemoryCacheTicketStore>();
+
             // This can be removed after https://github.com/aspnet/IISIntegration/issues/371
             services.AddAuthentication(options =>
             {
                 options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-            }).AddCookie(o => o.SessionStore = new MemoryCacheTicketStore());
+            }).AddCookie<MemoryCacheTicketStore>((o, ticketStore) => o.SessionStore = ticketStore);
         }
 
         public void Configure(IApplicationBuilder app)
diff --git a/src/Security/Authentication/Cookies/src/CookieExtensions.cs b/src/Security/Authentication/Cookies/src/CookieExtensions.cs
index 7763e6a624..a67a708149 100644
--- a/src/Security/Authentication/Cookies/src/CookieExtensions.cs
+++ b/src/Security/Authentication/Cookies/src/CookieExtensions.cs
@@ -15,19 +15,40 @@ namespace Microsoft.Extensions.DependencyInjection
             => builder.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme);
 
         public static AuthenticationBuilder AddCookie(this AuthenticationBuilder builder, string authenticationScheme)
-            => builder.AddCookie(authenticationScheme, configureOptions: null);
+            => builder.AddCookie(authenticationScheme, configureOptions: (Action<CookieAuthenticationOptions, IServiceProvider>)null);
 
-        public static AuthenticationBuilder AddCookie(this AuthenticationBuilder builder, Action<CookieAuthenticationOptions> configureOptions) 
+        public static AuthenticationBuilder AddCookie(this AuthenticationBuilder builder, Action<CookieAuthenticationOptions> configureOptions)
+            => builder.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, configureOptions);
+
+        public static AuthenticationBuilder AddCookie<TService>(this AuthenticationBuilder builder, Action<CookieAuthenticationOptions, TService> configureOptions) where TService : class
             => builder.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, configureOptions);
 
         public static AuthenticationBuilder AddCookie(this AuthenticationBuilder builder, string authenticationScheme, Action<CookieAuthenticationOptions> configureOptions)
             => builder.AddCookie(authenticationScheme, displayName: null, configureOptions: configureOptions);
 
+        public static AuthenticationBuilder AddCookie<TService>(this AuthenticationBuilder builder, string authenticationScheme, Action<CookieAuthenticationOptions, TService> configureOptions) where TService : class
+            => builder.AddCookie(authenticationScheme, displayName: null, configureOptions: configureOptions);
+
         public static AuthenticationBuilder AddCookie(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<CookieAuthenticationOptions> configureOptions)
+        {
+            Action<CookieAuthenticationOptions, IServiceProvider> configureOptionsWithServices;
+            if (configureOptions == null)
+            {
+                configureOptionsWithServices = null;
+            }
+            else
+            {
+                configureOptionsWithServices = (options, _) => configureOptions(options);
+            }
+
+            return builder.AddCookie(authenticationScheme, displayName, configureOptionsWithServices);
+        }
+
+        public static AuthenticationBuilder AddCookie<TService>(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<CookieAuthenticationOptions, TService> configureOptions) where TService : class
         {
             builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<CookieAuthenticationOptions>, PostConfigureCookieAuthenticationOptions>());
             builder.Services.AddOptions<CookieAuthenticationOptions>(authenticationScheme).Validate(o => o.Cookie.Expiration == null, "Cookie.Expiration is ignored, use ExpireTimeSpan instead.");
-            return builder.AddScheme<CookieAuthenticationOptions, CookieAuthenticationHandler>(authenticationScheme, displayName, configureOptions);
+            return builder.AddScheme<CookieAuthenticationOptions, CookieAuthenticationHandler, TService>(authenticationScheme, displayName, configureOptions);
         }
     }
 }
diff --git a/src/Security/Authentication/Core/ref/Microsoft.AspNetCore.Authentication.netcoreapp.cs b/src/Security/Authentication/Core/ref/Microsoft.AspNetCore.Authentication.netcoreapp.cs
index 1a1d21a774..1cf17c4f5f 100644
--- a/src/Security/Authentication/Core/ref/Microsoft.AspNetCore.Authentication.netcoreapp.cs
+++ b/src/Security/Authentication/Core/ref/Microsoft.AspNetCore.Authentication.netcoreapp.cs
@@ -16,9 +16,13 @@ namespace Microsoft.AspNetCore.Authentication
         public AuthenticationBuilder(Microsoft.Extensions.DependencyInjection.IServiceCollection services) { }
         public virtual Microsoft.Extensions.DependencyInjection.IServiceCollection Services { [System.Runtime.CompilerServices.CompilerGeneratedAttribute] get { throw null; } }
         public virtual Microsoft.AspNetCore.Authentication.AuthenticationBuilder AddPolicyScheme(string authenticationScheme, string displayName, System.Action<Microsoft.AspNetCore.Authentication.PolicySchemeOptions> configureOptions) { throw null; }
+        public virtual Microsoft.AspNetCore.Authentication.AuthenticationBuilder AddPolicyScheme<TService>(string authenticationScheme, string displayName, System.Action<Microsoft.AspNetCore.Authentication.PolicySchemeOptions, TService> configureOptions) where TService : class { throw null; }
         public virtual Microsoft.AspNetCore.Authentication.AuthenticationBuilder AddRemoteScheme<TOptions, THandler>(string authenticationScheme, string displayName, System.Action<TOptions> configureOptions) where TOptions : Microsoft.AspNetCore.Authentication.RemoteAuthenticationOptions, new() where THandler : Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<TOptions> { throw null; }
+        public virtual Microsoft.AspNetCore.Authentication.AuthenticationBuilder AddRemoteScheme<TOptions, THandler, TService>(string authenticationScheme, string displayName, System.Action<TOptions, TService> configureOptions) where TOptions : Microsoft.AspNetCore.Authentication.RemoteAuthenticationOptions, new() where THandler : Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<TOptions> where TService : class { throw null; }
         public virtual Microsoft.AspNetCore.Authentication.AuthenticationBuilder AddScheme<TOptions, THandler>(string authenticationScheme, System.Action<TOptions> configureOptions) where TOptions : Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions, new() where THandler : Microsoft.AspNetCore.Authentication.AuthenticationHandler<TOptions> { throw null; }
         public virtual Microsoft.AspNetCore.Authentication.AuthenticationBuilder AddScheme<TOptions, THandler>(string authenticationScheme, string displayName, System.Action<TOptions> configureOptions) where TOptions : Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions, new() where THandler : Microsoft.AspNetCore.Authentication.AuthenticationHandler<TOptions> { throw null; }
+        public virtual Microsoft.AspNetCore.Authentication.AuthenticationBuilder AddScheme<TOptions, THandler, TService>(string authenticationScheme, System.Action<TOptions, TService> configureOptions) where TOptions : Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions, new() where THandler : Microsoft.AspNetCore.Authentication.AuthenticationHandler<TOptions> where TService : class { throw null; }
+        public virtual Microsoft.AspNetCore.Authentication.AuthenticationBuilder AddScheme<TOptions, THandler, TService>(string authenticationScheme, string displayName, System.Action<TOptions, TService> configureOptions) where TOptions : Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions, new() where THandler : Microsoft.AspNetCore.Authentication.AuthenticationHandler<TOptions> where TService : class { throw null; }
     }
     public abstract partial class AuthenticationHandler<TOptions> : Microsoft.AspNetCore.Authentication.IAuthenticationHandler where TOptions : Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions, new()
     {
diff --git a/src/Security/Authentication/Core/src/AuthenticationBuilder.cs b/src/Security/Authentication/Core/src/AuthenticationBuilder.cs
index d4efd0c847..829fe007d7 100644
--- a/src/Security/Authentication/Core/src/AuthenticationBuilder.cs
+++ b/src/Security/Authentication/Core/src/AuthenticationBuilder.cs
@@ -25,25 +25,31 @@ namespace Microsoft.AspNetCore.Authentication
         /// </summary>
         public virtual IServiceCollection Services { get; }
 
-        private AuthenticationBuilder AddSchemeHelper<TOptions, THandler>(string authenticationScheme, string displayName, Action<TOptions> configureOptions)
+        private AuthenticationBuilder AddSchemeHelper<TOptions, THandler, TService>(string authenticationScheme, string displayName, Action<TOptions, TService> configureOptions) where TService : class
             where TOptions : AuthenticationSchemeOptions, new()
             where THandler : class, IAuthenticationHandler
         {
             Services.Configure<AuthenticationOptions>(o =>
             {
-                o.AddScheme(authenticationScheme, scheme => {
+                o.AddScheme(authenticationScheme, scheme =>
+                {
                     scheme.HandlerType = typeof(THandler);
                     scheme.DisplayName = displayName;
                 });
             });
+
+            var optionsBuilder = Services.AddOptions<TOptions>(authenticationScheme)
+                .Validate(o =>
+                {
+                    o.Validate(authenticationScheme);
+                    return true;
+                });
+
             if (configureOptions != null)
             {
-                Services.Configure(authenticationScheme, configureOptions);
+                optionsBuilder.Configure(configureOptions);
             }
-            Services.AddOptions<TOptions>(authenticationScheme).Validate(o => {
-                o.Validate(authenticationScheme);
-                return true;
-            });
+
             Services.AddTransient<THandler>();
             return this;
         }
@@ -60,7 +66,22 @@ namespace Microsoft.AspNetCore.Authentication
         public virtual AuthenticationBuilder AddScheme<TOptions, THandler>(string authenticationScheme, string displayName, Action<TOptions> configureOptions)
             where TOptions : AuthenticationSchemeOptions, new()
             where THandler : AuthenticationHandler<TOptions>
-            => AddSchemeHelper<TOptions, THandler>(authenticationScheme, displayName, configureOptions);
+            => AddSchemeHelper<TOptions, THandler, IServiceProvider>(authenticationScheme, displayName, MapConfiguration(configureOptions));
+
+        /// <summary>
+        /// Adds a <see cref="AuthenticationScheme"/> which can be used by <see cref="IAuthenticationService"/>.
+        /// </summary>
+        /// <typeparam name="TOptions">The <see cref="AuthenticationSchemeOptions"/> type to configure the handler."/>.</typeparam>
+        /// <typeparam name="THandler">The <see cref="AuthenticationHandler{TOptions}"/> used to handle this scheme.</typeparam>
+        /// <typeparam name="TService">TService: A service resolved from the IServiceProvider for use when configuring this authentication provider. If you need multiple services then specify IServiceProvider and resolve them directly.</typeparam>
+        /// <param name="authenticationScheme">The name of this scheme.</param>
+        /// <param name="displayName">The display name of this scheme.</param>
+        /// <param name="configureOptions">Used to configure the scheme options.</param>
+        /// <returns>The builder.</returns>
+        public virtual AuthenticationBuilder AddScheme<TOptions, THandler, TService>(string authenticationScheme, string displayName, Action<TOptions, TService> configureOptions) where TService : class
+            where TOptions : AuthenticationSchemeOptions, new()
+            where THandler : AuthenticationHandler<TOptions>
+            => AddSchemeHelper<TOptions, THandler, TService>(authenticationScheme, displayName, configureOptions);
 
         /// <summary>
         /// Adds a <see cref="AuthenticationScheme"/> which can be used by <see cref="IAuthenticationService"/>.
@@ -75,6 +96,20 @@ namespace Microsoft.AspNetCore.Authentication
             where THandler : AuthenticationHandler<TOptions>
             => AddScheme<TOptions, THandler>(authenticationScheme, displayName: null, configureOptions: configureOptions);
 
+        /// <summary>
+        /// Adds a <see cref="AuthenticationScheme"/> which can be used by <see cref="IAuthenticationService"/>.
+        /// </summary>
+        /// <typeparam name="TOptions">The <see cref="AuthenticationSchemeOptions"/> type to configure the handler."/>.</typeparam>
+        /// <typeparam name="THandler">The <see cref="AuthenticationHandler{TOptions}"/> used to handle this scheme.</typeparam>
+        /// <typeparam name="TService">TService: A service resolved from the IServiceProvider for use when configuring this authentication provider. If you need multiple services then specify IServiceProvider and resolve them directly.</typeparam>
+        /// <param name="authenticationScheme">The name of this scheme.</param>
+        /// <param name="configureOptions">Used to configure the scheme options.</param>
+        /// <returns>The builder.</returns>
+        public virtual AuthenticationBuilder AddScheme<TOptions, THandler, TService>(string authenticationScheme, Action<TOptions, TService> configureOptions) where TService : class
+            where TOptions : AuthenticationSchemeOptions, new()
+            where THandler : AuthenticationHandler<TOptions>
+            => AddScheme<TOptions, THandler, TService>(authenticationScheme, displayName: null, configureOptions: configureOptions);
+
         /// <summary>
         /// Adds a <see cref="RemoteAuthenticationHandler{TOptions}"/> based <see cref="AuthenticationScheme"/> that supports remote authentication
         /// which can be used by <see cref="IAuthenticationService"/>.
@@ -93,6 +128,25 @@ namespace Microsoft.AspNetCore.Authentication
             return AddScheme<TOptions, THandler>(authenticationScheme, displayName, configureOptions: configureOptions);
         }
 
+        /// <summary>
+        /// Adds a <see cref="RemoteAuthenticationHandler{TOptions}"/> based <see cref="AuthenticationScheme"/> that supports remote authentication
+        /// which can be used by <see cref="IAuthenticationService"/>.
+        /// </summary>
+        /// <typeparam name="TOptions">The <see cref="RemoteAuthenticationOptions"/> type to configure the handler."/>.</typeparam>
+        /// <typeparam name="THandler">The <see cref="RemoteAuthenticationHandler{TOptions}"/> used to handle this scheme.</typeparam>
+        /// <typeparam name="TService">TService: A service resolved from the IServiceProvider for use when configuring this authentication provider. If you need multiple services then specify IServiceProvider and resolve them directly.</typeparam>
+        /// <param name="authenticationScheme">The name of this scheme.</param>
+        /// <param name="displayName">The display name of this scheme.</param>
+        /// <param name="configureOptions">Used to configure the scheme options.</param>
+        /// <returns>The builder.</returns>
+        public virtual AuthenticationBuilder AddRemoteScheme<TOptions, THandler, TService>(string authenticationScheme, string displayName, Action<TOptions, TService> configureOptions) where TService : class
+            where TOptions : RemoteAuthenticationOptions, new()
+            where THandler : RemoteAuthenticationHandler<TOptions>
+        {
+            Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<TOptions>, EnsureSignInScheme<TOptions>>());
+            return AddScheme<TOptions, THandler, TService>(authenticationScheme, displayName, configureOptions: configureOptions);
+        }
+
         /// <summary>
         /// Adds a <see cref="PolicySchemeHandler"/> based authentication handler which can be used to 
         /// redirect to other authentication schemes.
@@ -102,7 +156,30 @@ namespace Microsoft.AspNetCore.Authentication
         /// <param name="configureOptions">Used to configure the scheme options.</param>
         /// <returns>The builder.</returns>
         public virtual AuthenticationBuilder AddPolicyScheme(string authenticationScheme, string displayName, Action<PolicySchemeOptions> configureOptions)
-            => AddSchemeHelper<PolicySchemeOptions, PolicySchemeHandler>(authenticationScheme, displayName, configureOptions);
+            => AddSchemeHelper<PolicySchemeOptions, PolicySchemeHandler, IServiceProvider>(authenticationScheme, displayName, MapConfiguration(configureOptions));
+
+        /// <summary>
+        /// Adds a <see cref="PolicySchemeHandler"/> based authentication handler which can be used to 
+        /// redirect to other authentication schemes.
+        /// </summary>
+        /// <param name="authenticationScheme">The name of this scheme.</param>
+        /// <param name="displayName">The display name of this scheme.</param>
+        /// <param name="configureOptions">Used to configure the scheme options.</param>
+        /// <returns>The builder.</returns>
+        public virtual AuthenticationBuilder AddPolicyScheme<TService>(string authenticationScheme, string displayName, Action<PolicySchemeOptions, TService> configureOptions) where TService : class
+            => AddSchemeHelper<PolicySchemeOptions, PolicySchemeHandler, TService>(authenticationScheme, displayName, configureOptions);
+
+        private Action<TOptions, IServiceProvider> MapConfiguration<TOptions>(Action<TOptions> configureOptions)
+        {
+            if (configureOptions == null)
+            {
+                return null;
+            }
+            else
+            {
+                return (options, _) => configureOptions(options);
+            }
+        }
 
         // Used to ensure that there's always a default sign in scheme that's not itself
         private class EnsureSignInScheme<TOptions> : IPostConfigureOptions<TOptions> where TOptions : RemoteAuthenticationOptions
diff --git a/src/Security/Authentication/Facebook/src/FacebookExtensions.cs b/src/Security/Authentication/Facebook/src/FacebookExtensions.cs
index 2273724a42..b32b35c6c1 100644
--- a/src/Security/Authentication/Facebook/src/FacebookExtensions.cs
+++ b/src/Security/Authentication/Facebook/src/FacebookExtensions.cs
@@ -15,10 +15,31 @@ namespace Microsoft.Extensions.DependencyInjection
         public static AuthenticationBuilder AddFacebook(this AuthenticationBuilder builder, Action<FacebookOptions> configureOptions)
             => builder.AddFacebook(FacebookDefaults.AuthenticationScheme, configureOptions);
 
+        public static AuthenticationBuilder AddFacebook<TService>(this AuthenticationBuilder builder, Action<FacebookOptions, TService> configureOptions) where TService : class
+            => builder.AddFacebook(FacebookDefaults.AuthenticationScheme, configureOptions);
+
         public static AuthenticationBuilder AddFacebook(this AuthenticationBuilder builder, string authenticationScheme, Action<FacebookOptions> configureOptions)
             => builder.AddFacebook(authenticationScheme, FacebookDefaults.DisplayName, configureOptions);
 
+        public static AuthenticationBuilder AddFacebook<TService>(this AuthenticationBuilder builder, string authenticationScheme, Action<FacebookOptions, TService> configureOptions) where TService : class
+            => builder.AddFacebook(authenticationScheme, FacebookDefaults.DisplayName, configureOptions);
+
         public static AuthenticationBuilder AddFacebook(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<FacebookOptions> configureOptions)
-            => builder.AddOAuth<FacebookOptions, FacebookHandler>(authenticationScheme, displayName, configureOptions);
+        {
+            Action<FacebookOptions, IServiceProvider> configureOptionsWithServices;
+            if (configureOptions == null)
+            {
+                configureOptionsWithServices = null;
+            }
+            else
+            {
+                configureOptionsWithServices = (options, _) => configureOptions(options);
+            }
+
+            return builder.AddFacebook(authenticationScheme, displayName, configureOptionsWithServices);
+        }
+
+        public static AuthenticationBuilder AddFacebook<TService>(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<FacebookOptions, TService> configureOptions) where TService : class
+            => builder.AddOAuth<FacebookOptions, FacebookHandler, TService>(authenticationScheme, displayName, configureOptions);
     }
 }
diff --git a/src/Security/Authentication/Google/src/GoogleExtensions.cs b/src/Security/Authentication/Google/src/GoogleExtensions.cs
index 95547014ca..88add9610d 100644
--- a/src/Security/Authentication/Google/src/GoogleExtensions.cs
+++ b/src/Security/Authentication/Google/src/GoogleExtensions.cs
@@ -15,10 +15,31 @@ namespace Microsoft.Extensions.DependencyInjection
         public static AuthenticationBuilder AddGoogle(this AuthenticationBuilder builder, Action<GoogleOptions> configureOptions)
             => builder.AddGoogle(GoogleDefaults.AuthenticationScheme, configureOptions);
 
+        public static AuthenticationBuilder AddGoogle<TService>(this AuthenticationBuilder builder, Action<GoogleOptions, TService> configureOptions) where TService : class
+            => builder.AddGoogle(GoogleDefaults.AuthenticationScheme, configureOptions);
+
         public static AuthenticationBuilder AddGoogle(this AuthenticationBuilder builder, string authenticationScheme, Action<GoogleOptions> configureOptions)
             => builder.AddGoogle(authenticationScheme, GoogleDefaults.DisplayName, configureOptions);
 
+        public static AuthenticationBuilder AddGoogle<TService>(this AuthenticationBuilder builder, string authenticationScheme, Action<GoogleOptions, TService> configureOptions) where TService : class
+            => builder.AddGoogle(authenticationScheme, GoogleDefaults.DisplayName, configureOptions);
+
         public static AuthenticationBuilder AddGoogle(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<GoogleOptions> configureOptions)
-            => builder.AddOAuth<GoogleOptions, GoogleHandler>(authenticationScheme, displayName, configureOptions);
+        {
+            Action<GoogleOptions, IServiceProvider> configureOptionsWithServices;
+            if (configureOptions == null)
+            {
+                configureOptionsWithServices = null;
+            }
+            else
+            {
+                configureOptionsWithServices = (options, _) => configureOptions(options);
+            }
+
+            return builder.AddGoogle(authenticationScheme, displayName, configureOptionsWithServices);
+        }
+
+        public static AuthenticationBuilder AddGoogle<TService>(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<GoogleOptions, TService> configureOptions) where TService : class
+            => builder.AddOAuth<GoogleOptions, GoogleHandler, TService>(authenticationScheme, displayName, configureOptions);
     }
 }
diff --git a/src/Security/Authentication/JwtBearer/src/JwtBearerExtensions.cs b/src/Security/Authentication/JwtBearer/src/JwtBearerExtensions.cs
index 334407c0da..a5aa46a451 100644
--- a/src/Security/Authentication/JwtBearer/src/JwtBearerExtensions.cs
+++ b/src/Security/Authentication/JwtBearer/src/JwtBearerExtensions.cs
@@ -17,13 +17,34 @@ namespace Microsoft.Extensions.DependencyInjection
         public static AuthenticationBuilder AddJwtBearer(this AuthenticationBuilder builder, Action<JwtBearerOptions> configureOptions)
             => builder.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, configureOptions);
 
+        public static AuthenticationBuilder AddJwtBearer<TService>(this AuthenticationBuilder builder, Action<JwtBearerOptions, TService> configureOptions) where TService : class
+            => builder.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, configureOptions);
+
         public static AuthenticationBuilder AddJwtBearer(this AuthenticationBuilder builder, string authenticationScheme, Action<JwtBearerOptions> configureOptions)
             => builder.AddJwtBearer(authenticationScheme, displayName: null, configureOptions: configureOptions);
 
+        public static AuthenticationBuilder AddJwtBearer<TService>(this AuthenticationBuilder builder, string authenticationScheme, Action<JwtBearerOptions, TService> configureOptions) where TService : class
+            => builder.AddJwtBearer(authenticationScheme, displayName: null, configureOptions: configureOptions);
+
         public static AuthenticationBuilder AddJwtBearer(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<JwtBearerOptions> configureOptions)
+        {
+            Action<JwtBearerOptions, IServiceProvider> configureOptionsWithServices;
+            if (configureOptions == null)
+            {
+                configureOptionsWithServices = null;
+            }
+            else
+            {
+                configureOptionsWithServices = (options, _) => configureOptions(options);
+            }
+
+            return builder.AddJwtBearer(authenticationScheme, displayName, configureOptionsWithServices);
+        }
+
+        public static AuthenticationBuilder AddJwtBearer<TService>(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<JwtBearerOptions, TService> configureOptions) where TService : class
         {
             builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<JwtBearerOptions>, JwtBearerPostConfigureOptions>());
-            return builder.AddScheme<JwtBearerOptions, JwtBearerHandler>(authenticationScheme, displayName, configureOptions);
+            return builder.AddScheme<JwtBearerOptions, JwtBearerHandler, TService>(authenticationScheme, displayName, configureOptions);
         }
     }
 }
diff --git a/src/Security/Authentication/MicrosoftAccount/src/MicrosoftAccountExtensions.cs b/src/Security/Authentication/MicrosoftAccount/src/MicrosoftAccountExtensions.cs
index 7f24e5af77..0c59ce3504 100644
--- a/src/Security/Authentication/MicrosoftAccount/src/MicrosoftAccountExtensions.cs
+++ b/src/Security/Authentication/MicrosoftAccount/src/MicrosoftAccountExtensions.cs
@@ -15,10 +15,31 @@ namespace Microsoft.Extensions.DependencyInjection
         public static AuthenticationBuilder AddMicrosoftAccount(this AuthenticationBuilder builder, Action<MicrosoftAccountOptions> configureOptions)
             => builder.AddMicrosoftAccount(MicrosoftAccountDefaults.AuthenticationScheme, configureOptions);
 
+        public static AuthenticationBuilder AddMicrosoftAccount<TService>(this AuthenticationBuilder builder, Action<MicrosoftAccountOptions, TService> configureOptions) where TService : class
+            => builder.AddMicrosoftAccount(MicrosoftAccountDefaults.AuthenticationScheme, configureOptions);
+
         public static AuthenticationBuilder AddMicrosoftAccount(this AuthenticationBuilder builder, string authenticationScheme, Action<MicrosoftAccountOptions> configureOptions)
             => builder.AddMicrosoftAccount(authenticationScheme, MicrosoftAccountDefaults.DisplayName, configureOptions);
 
+        public static AuthenticationBuilder AddMicrosoftAccount<TService>(this AuthenticationBuilder builder, string authenticationScheme, Action<MicrosoftAccountOptions, TService> configureOptions) where TService : class
+            => builder.AddMicrosoftAccount(authenticationScheme, MicrosoftAccountDefaults.DisplayName, configureOptions);
+
         public static AuthenticationBuilder AddMicrosoftAccount(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<MicrosoftAccountOptions> configureOptions)
-            => builder.AddOAuth<MicrosoftAccountOptions, MicrosoftAccountHandler>(authenticationScheme, displayName, configureOptions);
+        {
+            Action<MicrosoftAccountOptions, IServiceProvider> configureOptionsWithServices;
+            if (configureOptions == null)
+            {
+                configureOptionsWithServices = null;
+            }
+            else
+            {
+                configureOptionsWithServices = (options, _) => configureOptions(options);
+            }
+
+            return builder.AddMicrosoftAccount(authenticationScheme, displayName, configureOptionsWithServices);
+        }
+
+        public static AuthenticationBuilder AddMicrosoftAccount<TService>(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<MicrosoftAccountOptions, TService> configureOptions) where TService : class
+            => builder.AddOAuth<MicrosoftAccountOptions, MicrosoftAccountHandler, TService>(authenticationScheme, displayName, configureOptions);
     }
-}
\ No newline at end of file
+}
diff --git a/src/Security/Authentication/Negotiate/src/NegotiateExtensions.cs b/src/Security/Authentication/Negotiate/src/NegotiateExtensions.cs
index f5bbf8cbc8..401c3dc839 100644
--- a/src/Security/Authentication/Negotiate/src/NegotiateExtensions.cs
+++ b/src/Security/Authentication/Negotiate/src/NegotiateExtensions.cs
@@ -31,6 +31,16 @@ namespace Microsoft.Extensions.DependencyInjection
         public static AuthenticationBuilder AddNegotiate(this AuthenticationBuilder builder, Action<NegotiateOptions> configureOptions)
             => builder.AddNegotiate(NegotiateDefaults.AuthenticationScheme, configureOptions);
 
+        /// <summary>
+        /// Adds and configures Negotiate authentication.
+        /// </summary>
+        /// <typeparam name="TService">TService: A service resolved from the IServiceProvider for use when configuring this authentication provider. If you need multiple services then specify IServiceProvider and resolve them directly.</typeparam>
+        /// <param name="builder">The <see cref="AuthenticationBuilder"/>.</param>
+        /// <param name="configureOptions">Allows for configuring the authentication handler.</param>
+        /// <returns>The original builder.</returns>
+        public static AuthenticationBuilder AddNegotiate<TService>(this AuthenticationBuilder builder, Action<NegotiateOptions, TService> configureOptions) where TService : class
+            => builder.AddNegotiate(NegotiateDefaults.AuthenticationScheme, configureOptions);
+
         /// <summary>
         /// Adds and configures Negotiate authentication.
         /// </summary>
@@ -41,6 +51,17 @@ namespace Microsoft.Extensions.DependencyInjection
         public static AuthenticationBuilder AddNegotiate(this AuthenticationBuilder builder, string authenticationScheme, Action<NegotiateOptions> configureOptions)
             => builder.AddNegotiate(authenticationScheme, displayName: null, configureOptions: configureOptions);
 
+        /// <summary>
+        /// Adds and configures Negotiate authentication.
+        /// </summary>
+        /// <typeparam name="TService">TService: A service resolved from the IServiceProvider for use when configuring this authentication provider. If you need multiple services then specify IServiceProvider and resolve them directly.</typeparam>
+        /// <param name="builder">The <see cref="AuthenticationBuilder"/>.</param>
+        /// <param name="authenticationScheme">The scheme name used to identify the authentication handler internally.</param>
+        /// <param name="configureOptions">Allows for configuring the authentication handler.</param>
+        /// <returns>The original builder.</returns>
+        public static AuthenticationBuilder AddNegotiate<TService>(this AuthenticationBuilder builder, string authenticationScheme, Action<NegotiateOptions, TService> configureOptions) where TService : class
+            => builder.AddNegotiate(authenticationScheme, displayName: null, configureOptions: configureOptions);
+
         /// <summary>
         /// Adds and configures Negotiate authentication.
         /// </summary>
@@ -50,9 +71,33 @@ namespace Microsoft.Extensions.DependencyInjection
         /// <param name="configureOptions">Allows for configuring the authentication handler.</param>
         /// <returns>The original builder.</returns>
         public static AuthenticationBuilder AddNegotiate(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<NegotiateOptions> configureOptions)
+        {
+            Action<NegotiateOptions, IServiceProvider> configureOptionsWithServices;
+            if (configureOptions == null)
+            {
+                configureOptionsWithServices = null;
+            }
+            else
+            {
+                configureOptionsWithServices = (options, _) => configureOptions(options);
+            }
+
+            return builder.AddNegotiate(authenticationScheme, displayName, configureOptionsWithServices);
+        }
+
+        /// <summary>
+        /// Adds and configures Negotiate authentication.
+        /// </summary>
+        /// <typeparam name="TService">TService: A service resolved from the IServiceProvider for use when configuring this authentication provider. If you need multiple services then specify IServiceProvider and resolve them directly.</typeparam>
+        /// <param name="builder">The <see cref="AuthenticationBuilder"/>.</param>
+        /// <param name="authenticationScheme">The scheme name used to identify the authentication handler internally.</param>
+        /// <param name="displayName">The name displayed to users when selecting an authentication handler. The default is null to prevent this from displaying.</param>
+        /// <param name="configureOptions">Allows for configuring the authentication handler.</param>
+        /// <returns>The original builder.</returns>
+        public static AuthenticationBuilder AddNegotiate<TService>(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<NegotiateOptions, TService> configureOptions) where TService : class
         {
             builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<NegotiateOptions>, PostConfigureNegotiateOptions>());
-            return builder.AddScheme<NegotiateOptions, NegotiateHandler>(authenticationScheme, displayName, configureOptions);
+            return builder.AddScheme<NegotiateOptions, NegotiateHandler, TService>(authenticationScheme, displayName, configureOptions);
         }
     }
 }
diff --git a/src/Security/Authentication/OAuth/ref/Microsoft.AspNetCore.Authentication.OAuth.netcoreapp.cs b/src/Security/Authentication/OAuth/ref/Microsoft.AspNetCore.Authentication.OAuth.netcoreapp.cs
index 2301daf1ad..94d2fc4d37 100644
--- a/src/Security/Authentication/OAuth/ref/Microsoft.AspNetCore.Authentication.OAuth.netcoreapp.cs
+++ b/src/Security/Authentication/OAuth/ref/Microsoft.AspNetCore.Authentication.OAuth.netcoreapp.cs
@@ -168,8 +168,12 @@ namespace Microsoft.Extensions.DependencyInjection
     {
         public static Microsoft.AspNetCore.Authentication.AuthenticationBuilder AddOAuth(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder builder, string authenticationScheme, System.Action<Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions> configureOptions) { throw null; }
         public static Microsoft.AspNetCore.Authentication.AuthenticationBuilder AddOAuth(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder builder, string authenticationScheme, string displayName, System.Action<Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions> configureOptions) { throw null; }
+        public static Microsoft.AspNetCore.Authentication.AuthenticationBuilder AddOAuth<TService>(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder builder, string authenticationScheme, System.Action<Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions, TService> configureOptions) where TService : class { throw null; }
+        public static Microsoft.AspNetCore.Authentication.AuthenticationBuilder AddOAuth<TService>(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder builder, string authenticationScheme, string displayName, System.Action<Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions, TService> configureOptions) where TService : class { throw null; }
         public static Microsoft.AspNetCore.Authentication.AuthenticationBuilder AddOAuth<TOptions, THandler>(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder builder, string authenticationScheme, System.Action<TOptions> configureOptions) where TOptions : Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions, new() where THandler : Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions> { throw null; }
         public static Microsoft.AspNetCore.Authentication.AuthenticationBuilder AddOAuth<TOptions, THandler>(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder builder, string authenticationScheme, string displayName, System.Action<TOptions> configureOptions) where TOptions : Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions, new() where THandler : Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions> { throw null; }
+        public static Microsoft.AspNetCore.Authentication.AuthenticationBuilder AddOAuth<TOptions, THandler, TService>(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder builder, string authenticationScheme, System.Action<TOptions, TService> configureOptions) where TOptions : Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions, new() where THandler : Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions> where TService : class { throw null; }
+        public static Microsoft.AspNetCore.Authentication.AuthenticationBuilder AddOAuth<TOptions, THandler, TService>(this Microsoft.AspNetCore.Authentication.AuthenticationBuilder builder, string authenticationScheme, string displayName, System.Action<TOptions, TService> configureOptions) where TOptions : Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions, new() where THandler : Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions> where TService : class { throw null; }
     }
     public partial class OAuthPostConfigureOptions<TOptions, THandler> : Microsoft.Extensions.Options.IPostConfigureOptions<TOptions> where TOptions : Microsoft.AspNetCore.Authentication.OAuth.OAuthOptions, new() where THandler : Microsoft.AspNetCore.Authentication.OAuth.OAuthHandler<TOptions>
     {
diff --git a/src/Security/Authentication/OAuth/src/OAuthExtensions.cs b/src/Security/Authentication/OAuth/src/OAuthExtensions.cs
index 22c541a0ac..69bb2d73d3 100644
--- a/src/Security/Authentication/OAuth/src/OAuthExtensions.cs
+++ b/src/Security/Authentication/OAuth/src/OAuthExtensions.cs
@@ -14,20 +14,50 @@ namespace Microsoft.Extensions.DependencyInjection
         public static AuthenticationBuilder AddOAuth(this AuthenticationBuilder builder, string authenticationScheme, Action<OAuthOptions> configureOptions)
             => builder.AddOAuth<OAuthOptions, OAuthHandler<OAuthOptions>>(authenticationScheme, configureOptions);
 
+        public static AuthenticationBuilder AddOAuth<TService>(this AuthenticationBuilder builder, string authenticationScheme, Action<OAuthOptions, TService> configureOptions) where TService : class
+            => builder.AddOAuth<OAuthOptions, OAuthHandler<OAuthOptions>, TService>(authenticationScheme, configureOptions);
+
         public static AuthenticationBuilder AddOAuth(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<OAuthOptions> configureOptions)
             => builder.AddOAuth<OAuthOptions, OAuthHandler<OAuthOptions>>(authenticationScheme, displayName, configureOptions);
 
+        public static AuthenticationBuilder AddOAuth<TService>(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<OAuthOptions, TService> configureOptions) where TService : class
+            => builder.AddOAuth<OAuthOptions, OAuthHandler<OAuthOptions>, TService>(authenticationScheme, displayName, configureOptions);
+
         public static AuthenticationBuilder AddOAuth<TOptions, THandler>(this AuthenticationBuilder builder, string authenticationScheme, Action<TOptions> configureOptions)
             where TOptions : OAuthOptions, new()
             where THandler : OAuthHandler<TOptions>
             => builder.AddOAuth<TOptions, THandler>(authenticationScheme, OAuthDefaults.DisplayName, configureOptions);
 
+        public static AuthenticationBuilder AddOAuth<TOptions, THandler, TService>(this AuthenticationBuilder builder, string authenticationScheme, Action<TOptions, TService> configureOptions)
+            where TOptions : OAuthOptions, new()
+            where THandler : OAuthHandler<TOptions>
+            where TService : class
+            => builder.AddOAuth<TOptions, THandler, TService>(authenticationScheme, OAuthDefaults.DisplayName, configureOptions);
+
         public static AuthenticationBuilder AddOAuth<TOptions, THandler>(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<TOptions> configureOptions)
             where TOptions : OAuthOptions, new()
             where THandler : OAuthHandler<TOptions>
+        {
+            Action<TOptions, IServiceProvider> configureOptionsWithServices;
+            if (configureOptions == null)
+            {
+                configureOptionsWithServices = null;
+            }
+            else
+            {
+                configureOptionsWithServices = (options, _) => configureOptions(options);
+            }
+
+            return builder.AddOAuth<TOptions, THandler, IServiceProvider>(authenticationScheme, displayName, configureOptionsWithServices);
+        }
+
+        public static AuthenticationBuilder AddOAuth<TOptions, THandler, TService>(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<TOptions, TService> configureOptions)
+            where TOptions : OAuthOptions, new()
+            where THandler : OAuthHandler<TOptions>
+            where TService : class
         {
             builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<TOptions>, OAuthPostConfigureOptions<TOptions, THandler>>());
-            return builder.AddRemoteScheme<TOptions, THandler>(authenticationScheme, displayName, configureOptions);
+            return builder.AddRemoteScheme<TOptions, THandler, TService>(authenticationScheme, displayName, configureOptions);
         }
     }
 }
diff --git a/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectExtensions.cs b/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectExtensions.cs
index f427bebaff..482452bca2 100644
--- a/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectExtensions.cs
+++ b/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectExtensions.cs
@@ -17,13 +17,34 @@ namespace Microsoft.Extensions.DependencyInjection
         public static AuthenticationBuilder AddOpenIdConnect(this AuthenticationBuilder builder, Action<OpenIdConnectOptions> configureOptions)
             => builder.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, configureOptions);
 
+        public static AuthenticationBuilder AddOpenIdConnect<TService>(this AuthenticationBuilder builder, Action<OpenIdConnectOptions, TService> configureOptions) where TService : class
+            => builder.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, configureOptions);
+
         public static AuthenticationBuilder AddOpenIdConnect(this AuthenticationBuilder builder, string authenticationScheme, Action<OpenIdConnectOptions> configureOptions)
             => builder.AddOpenIdConnect(authenticationScheme, OpenIdConnectDefaults.DisplayName, configureOptions);
 
+        public static AuthenticationBuilder AddOpenIdConnect<TService>(this AuthenticationBuilder builder, string authenticationScheme, Action<OpenIdConnectOptions, TService> configureOptions) where TService : class
+            => builder.AddOpenIdConnect(authenticationScheme, OpenIdConnectDefaults.DisplayName, configureOptions);
+
         public static AuthenticationBuilder AddOpenIdConnect(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<OpenIdConnectOptions> configureOptions)
+        {
+            Action<OpenIdConnectOptions, IServiceProvider> configureOptionsWithServices;
+            if (configureOptions == null)
+            {
+                configureOptionsWithServices = null;
+            }
+            else
+            {
+                configureOptionsWithServices = (options, _) => configureOptions(options);
+            }
+
+            return builder.AddOpenIdConnect(authenticationScheme, displayName, configureOptionsWithServices);
+        }
+
+        public static AuthenticationBuilder AddOpenIdConnect<TService>(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<OpenIdConnectOptions, TService> configureOptions) where TService : class
         {
             builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<OpenIdConnectOptions>, OpenIdConnectPostConfigureOptions>());
-            return builder.AddRemoteScheme<OpenIdConnectOptions, OpenIdConnectHandler>(authenticationScheme, displayName, configureOptions);
+            return builder.AddRemoteScheme<OpenIdConnectOptions, OpenIdConnectHandler, TService>(authenticationScheme, displayName, configureOptions);
         }
     }
 }
diff --git a/src/Security/Authentication/Twitter/src/TwitterExtensions.cs b/src/Security/Authentication/Twitter/src/TwitterExtensions.cs
index 7243805692..f6f6b93a9e 100644
--- a/src/Security/Authentication/Twitter/src/TwitterExtensions.cs
+++ b/src/Security/Authentication/Twitter/src/TwitterExtensions.cs
@@ -17,13 +17,34 @@ namespace Microsoft.Extensions.DependencyInjection
         public static AuthenticationBuilder AddTwitter(this AuthenticationBuilder builder, Action<TwitterOptions> configureOptions)
             => builder.AddTwitter(TwitterDefaults.AuthenticationScheme, configureOptions);
 
+        public static AuthenticationBuilder AddTwitter<TService>(this AuthenticationBuilder builder, Action<TwitterOptions, TService> configureOptions) where TService : class
+            => builder.AddTwitter(TwitterDefaults.AuthenticationScheme, configureOptions);
+
         public static AuthenticationBuilder AddTwitter(this AuthenticationBuilder builder, string authenticationScheme, Action<TwitterOptions> configureOptions)
             => builder.AddTwitter(authenticationScheme, TwitterDefaults.DisplayName, configureOptions);
 
+        public static AuthenticationBuilder AddTwitter<TService>(this AuthenticationBuilder builder, string authenticationScheme, Action<TwitterOptions, TService> configureOptions) where TService : class
+            => builder.AddTwitter(authenticationScheme, TwitterDefaults.DisplayName, configureOptions);
+
         public static AuthenticationBuilder AddTwitter(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<TwitterOptions> configureOptions)
+        {
+            Action<TwitterOptions, IServiceProvider> configureOptionsWithServices;
+            if (configureOptions == null)
+            {
+                configureOptionsWithServices = null;
+            }
+            else
+            {
+                configureOptionsWithServices = (options, _) => configureOptions(options);
+            }
+
+            return builder.AddTwitter(authenticationScheme, displayName, configureOptionsWithServices);
+        }
+
+        public static AuthenticationBuilder AddTwitter<TService>(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<TwitterOptions, TService> configureOptions) where TService : class
         {
             builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<TwitterOptions>, TwitterPostConfigureOptions>());
-            return builder.AddRemoteScheme<TwitterOptions, TwitterHandler>(authenticationScheme, displayName, configureOptions);
+            return builder.AddRemoteScheme<TwitterOptions, TwitterHandler, TService>(authenticationScheme, displayName, configureOptions);
         }
     }
 }
diff --git a/src/Security/Authentication/WsFederation/src/WsFederationExtensions.cs b/src/Security/Authentication/WsFederation/src/WsFederationExtensions.cs
index 47091d58d5..6a9ffad239 100644
--- a/src/Security/Authentication/WsFederation/src/WsFederationExtensions.cs
+++ b/src/Security/Authentication/WsFederation/src/WsFederationExtensions.cs
@@ -31,6 +31,16 @@ namespace Microsoft.Extensions.DependencyInjection
         public static AuthenticationBuilder AddWsFederation(this AuthenticationBuilder builder, Action<WsFederationOptions> configureOptions)
             => builder.AddWsFederation(WsFederationDefaults.AuthenticationScheme, configureOptions);
 
+        /// <summary>
+        /// Registers the <see cref="WsFederationHandler"/> using the default authentication scheme, display name, and the given options configuration.
+        /// </summary>
+        /// <typeparam name="TService">TService: A service resolved from the IServiceProvider for use when configuring this authentication provider. If you need multiple services then specify IServiceProvider and resolve them directly.</typeparam>
+        /// <param name="builder"></param>
+        /// <param name="configureOptions">A delegate that configures the <see cref="WsFederationOptions"/>.</param>
+        /// <returns></returns>
+        public static AuthenticationBuilder AddWsFederation<TService>(this AuthenticationBuilder builder, Action<WsFederationOptions, TService> configureOptions) where TService : class
+            => builder.AddWsFederation(WsFederationDefaults.AuthenticationScheme, configureOptions);
+
         /// <summary>
         /// Registers the <see cref="WsFederationHandler"/> using the given authentication scheme, default display name, and the given options configuration.
         /// </summary>
@@ -41,6 +51,17 @@ namespace Microsoft.Extensions.DependencyInjection
         public static AuthenticationBuilder AddWsFederation(this AuthenticationBuilder builder, string authenticationScheme, Action<WsFederationOptions> configureOptions)
             => builder.AddWsFederation(authenticationScheme, WsFederationDefaults.DisplayName, configureOptions);
 
+        /// <summary>
+        /// Registers the <see cref="WsFederationHandler"/> using the given authentication scheme, default display name, and the given options configuration.
+        /// </summary>
+        /// <typeparam name="TService">TService: A service resolved from the IServiceProvider for use when configuring this authentication provider. If you need multiple services then specify IServiceProvider and resolve them directly.</typeparam>
+        /// <param name="builder"></param>
+        /// <param name="authenticationScheme"></param>
+        /// <param name="configureOptions">A delegate that configures the <see cref="WsFederationOptions"/>.</param>
+        /// <returns></returns>
+        public static AuthenticationBuilder AddWsFederation<TService>(this AuthenticationBuilder builder, string authenticationScheme, Action<WsFederationOptions, TService> configureOptions) where TService : class
+            => builder.AddWsFederation(authenticationScheme, WsFederationDefaults.DisplayName, configureOptions);
+
         /// <summary>
         /// Registers the <see cref="WsFederationHandler"/> using the given authentication scheme, display name, and options configuration.
         /// </summary>
@@ -50,9 +71,33 @@ namespace Microsoft.Extensions.DependencyInjection
         /// <param name="configureOptions">A delegate that configures the <see cref="WsFederationOptions"/>.</param>
         /// <returns></returns>
         public static AuthenticationBuilder AddWsFederation(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<WsFederationOptions> configureOptions)
+        {
+            Action<WsFederationOptions, IServiceProvider> configureOptionsWithServices;
+            if (configureOptions == null)
+            {
+                configureOptionsWithServices = null;
+            }
+            else
+            {
+                configureOptionsWithServices = (options, _) => configureOptions(options);
+            }
+
+            return builder.AddWsFederation(authenticationScheme, displayName, configureOptionsWithServices);
+        }
+
+        /// <summary>
+        /// Registers the <see cref="WsFederationHandler"/> using the given authentication scheme, display name, and options configuration.
+        /// </summary>
+        /// <typeparam name="TService">TService: A service resolved from the IServiceProvider for use when configuring this authentication provider. If you need multiple services then specify IServiceProvider and resolve them directly.</typeparam>
+        /// <param name="builder"></param>
+        /// <param name="authenticationScheme"></param>
+        /// <param name="displayName"></param>
+        /// <param name="configureOptions">A delegate that configures the <see cref="WsFederationOptions"/>.</param>
+        /// <returns></returns>
+        public static AuthenticationBuilder AddWsFederation<TService>(this AuthenticationBuilder builder, string authenticationScheme, string displayName, Action<WsFederationOptions, TService> configureOptions) where TService : class
         {
             builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<WsFederationOptions>, WsFederationPostConfigureOptions>());
-            return builder.AddRemoteScheme<WsFederationOptions, WsFederationHandler>(authenticationScheme, displayName, configureOptions);
+            return builder.AddRemoteScheme<WsFederationOptions, WsFederationHandler, TService>(authenticationScheme, displayName, configureOptions);
         }
     }
 }