From 6cee57752f81f2e5989d03c0daa5957f0d127cd6 Mon Sep 17 00:00:00 2001
From: Troy Dai <troy.dai@outlook.com>
Date: Mon, 11 Jul 2016 15:35:38 -0700
Subject: [PATCH] Update OpenIdConnectSample

1. Add instruction for OpenIdConnectSample
2. Clear unused using statements
3. Hardcoded server URL in `Program.cs`
---
 samples/OpenIdConnectSample/Program.cs   |  1 +
 samples/OpenIdConnectSample/Readme.md    | 44 ++++++++++++++++++++++++
 samples/OpenIdConnectSample/Startup.cs   |  3 ++
 samples/OpenIdConnectSample/project.json |  5 +--
 4 files changed, 51 insertions(+), 2 deletions(-)
 create mode 100644 samples/OpenIdConnectSample/Readme.md

diff --git a/samples/OpenIdConnectSample/Program.cs b/samples/OpenIdConnectSample/Program.cs
index fe77dd1a7c..b370c85a9e 100644
--- a/samples/OpenIdConnectSample/Program.cs
+++ b/samples/OpenIdConnectSample/Program.cs
@@ -17,6 +17,7 @@ namespace OpenIdConnectSample
                     var serverCertificate = LoadCertificate();
                     options.UseHttps(serverCertificate);
                 })
+                .UseUrls("https://localhost:44318")
                 .UseContentRoot(Directory.GetCurrentDirectory())
                 .UseIISIntegration()
                 .UseStartup<Startup>()
diff --git a/samples/OpenIdConnectSample/Readme.md b/samples/OpenIdConnectSample/Readme.md
new file mode 100644
index 0000000000..293820759d
--- /dev/null
+++ b/samples/OpenIdConnectSample/Readme.md
@@ -0,0 +1,44 @@
+# How to set up the sample locally
+
+The OpenIdConnect sample supports multilpe authentication providers. In these instruction, we will explore how to set up this sample with both Azure Active Directory and Google Identity Platform
+
+## Determine your development environment and a few key variables
+
+This sample is configured to run on port __44318__ locally. In Visual Studio, the setting is carried out in `.\properties\launchSettings.json`. When the application is run from command line, the URL is coded in `Program.cs`.
+
+If the application is run from command line or terminal, environment variable ASPNETCORE_ENVIRONMENT should be set to DEVELOPMENT to enable user secret.
+
+## Configure the Authorization server
+
+### Configure with Azure Active Directory
+
+1. Set up a new Azure Active Directory (AAD) in your Azure Subscription.
+2. Open the newly created AAD in Azure web portal
+3. Navigate to the Applications tab
+4. Add a new Application to the AAD. Set the "Sign-on URL" to sample application's URL.
+5. Naigate to the Application, and click the Configure tab.
+6. Find and save the "Client Id".
+7. Add a new key in the "Keys" section. Save value of the key, which is the "Client Secret".
+8. Click the "View Endpoints" on the drawer, a dialog will shows six endpoint URLs. Copy the "OAuth 2.0 Authorization Endpoint" to a text editor and remove the "/oauth2/authorize" from the string. The remaining part is the __authority URL__. It looks like __https://login.microsoftonline.com/<guid>__
+
+### Configure with Google Identity Platform 
+
+1. Create a new project through [Google APIs](console.developers.google.com)
+2. In the sidebar choose "Credentials"
+3. Navigate to "OAuth consent screen" tab, fill in the project name and save.
+4. Navigate to "Credentials" tab. Click "Create credentials". Choose "OAuth client ID". 
+5. Select "Web application" as the application type. Fill in the "Authorized redirect URIs" with __https://localhost:44318/signin-oidc__
+6. Save the "Client ID" and "Client Secret" shown in the dialog.
+7. Save the "Authority URL" for Google Authentication is __https://accounts.google.com/
+
+## Configure the sample application
+
+1. Restore the application.
+2. Set user secrets
+
+```
+dotnet user-secrets set oidc:clientid <Client Id>
+dotnet user-secrets set oidc:clientsecret <Client Secret>
+dotnet user-secrets set oidc:authority <Authority URL>
+```
+
diff --git a/samples/OpenIdConnectSample/Startup.cs b/samples/OpenIdConnectSample/Startup.cs
index 3a39919032..32d4739d19 100644
--- a/samples/OpenIdConnectSample/Startup.cs
+++ b/samples/OpenIdConnectSample/Startup.cs
@@ -86,6 +86,7 @@ namespace OpenIdConnectSample
                     await context.Response.WriteAsync($"</body></html>");
                     return;
                 }
+
                 if (context.Request.Path.Equals("/signout"))
                 {
                     await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
@@ -95,6 +96,7 @@ namespace OpenIdConnectSample
                     await context.Response.WriteAsync($"</body></html>");
                     return;
                 }
+
                 if (context.Request.Path.Equals("/signout-remote"))
                 {
                     // Redirects
@@ -105,6 +107,7 @@ namespace OpenIdConnectSample
                     });
                     return;
                 }
+
                 if (context.Request.Path.Equals("/Account/AccessDenied"))
                 {
                     await context.Authentication.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
diff --git a/samples/OpenIdConnectSample/project.json b/samples/OpenIdConnectSample/project.json
index 6a24f3da60..a6a16a29fc 100644
--- a/samples/OpenIdConnectSample/project.json
+++ b/samples/OpenIdConnectSample/project.json
@@ -33,9 +33,10 @@
   },
   "userSecretsId": "aspnet5-OpenIdConnectSample-20151210110318",
   "tools": {
-    "Microsoft.AspNetCore.Server.IISIntegration.Tools": "1.0.0-*"
+    "Microsoft.AspNetCore.Server.IISIntegration.Tools": "1.0.0-*",
+    "Microsoft.Extensions.SecretManager.Tools": "1.0.0-*"
   },
   "scripts": {
     "postpublish": "dotnet publish-iis --publish-folder %publish:OutputPath% --framework %publish:FullTargetFramework%"
   }
-}
\ No newline at end of file
+}