huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
aspnetcore/samples/OpenIdConnectSample
History
Patrick Westerhoff 06c93669d6 Allow overwriting parameters on challenge requests 
Add a way to overwrite query arguments that are passed as part of the
challenge request to the external authentication provider in OAuth-based
authentication providers, including OpenID Connect.

This uses the new `AuthenticationProperties.Parameters` collection to
pass parameters to the authentication handler which will then look for
special items within that property bag, overwriting previously
configured values within the authentication options.

This can be used for example to overwrite the OAuth scopes that are
requested from an authentication provider, or to explicitly trigger a
reauthentication by requiring a login prompt with OpenID Connect. By
being able to specify this on individual challenge requests (using
`HttpContext.ChallengeAsync`), this is independent from the global
scheme configuration.

Custom ~ChallengeProperties types, e.g. `OAuthChallengeProperties` for
OAuth-based authentication providers, provide assistance in setting the
challenge request parameters but are not required to make the handlers
use the overwritten values.

- Adjust authentication handlers to respect the custom parameters, and
  add ~ChallengeProperties types.
- Introduce `OAuthHandler.FormatScope(IEnumerable<string>)` to format a
  custom set of scopes. Subclasses requiring a different scope format
  should override this method instead of the parameterless overload.
  Overriding just `FormatScope()` will prevent handlers from supporting
  overwriting the OAuth `scope` in a challenge request.
- Refactor GoogleHandler to support parameterization through both the
  `Parameters` and the `Items` collection (former is preferred) to keep
  compatibility with the old behavior.
- Add an OpenIdConnect sample to overwrite the prompt argument in a
  challenge request.
- Add extensive tests.
 		2018-03-23 02:09:05 +01:00
..
Properties
compiler/resources
OpenIdConnectSample.csproj Update samples and tests to target netcoreapp2.1 2017-11-13 17:24:59 -08:00
Program.cs Make samples work. Fix AddOAuthAuthentication extension. (#1226) 2017-05-22 10:01:44 -07:00
Readme.md
Startup.cs Allow overwriting parameters on challenge requests 2018-03-23 02:09:05 +01:00

Readme.md

How to set up the sample locally

The OpenIdConnect sample supports multilpe authentication providers. In these instruction, we will explore how to set up this sample with both Azure Active Directory and Google Identity Platform.

Determine your development environment and a few key variables

This sample is configured to run on port 44318 locally. In Visual Studio, the setting is carried out in .\properties\launchSettings.json. When the application is run from command line, the URL is coded in Program.cs.

If the application is run from command line or terminal, environment variable ASPNETCORE_ENVIRONMENT should be set to DEVELOPMENT to enable user secret.

Configure the Authorization server

Configure with Azure Active Directory

  1. Set up a new Azure Active Directory (AAD) in your Azure Subscription.
  2. Open the newly created AAD in Azure web portal.
  3. Navigate to the Applications tab.
  4. Add a new Application to the AAD. Set the "Sign-on URL" to sample application's URL.
  5. Naigate to the Application, and click the Configure tab.
  6. Find and save the "Client Id".
  7. Add a new key in the "Keys" section. Save value of the key, which is the "Client Secret".
  8. Click the "View Endpoints" on the drawer, a dialog will shows six endpoint URLs. Copy the "OAuth 2.0 Authorization Endpoint" to a text editor and remove the "/oauth2/authorize" from the string. The remaining part is the authority URL. It looks like https://login.microsoftonline.com/<guid>.

Configure with Google Identity Platform

  1. Create a new project through Google APIs.
  2. In the sidebar choose "Credentials".
  3. Navigate to "OAuth consent screen" tab, fill in the project name and save.
  4. Navigate to "Credentials" tab. Click "Create credentials". Choose "OAuth client ID".
  5. Select "Web application" as the application type. Fill in the "Authorized redirect URIs" with https://localhost:44318/signin-oidc.
  6. Save the "Client ID" and "Client Secret" shown in the dialog.
  7. The "Authority URL" for Google Authentication is https://accounts.google.com/.

Configure the sample application

  1. Restore the application.
  2. Set user secrets:
dotnet user-secrets set oidc:clientid <Client Id>
dotnet user-secrets set oidc:clientsecret <Client Secret>
dotnet user-secrets set oidc:authority <Authority URL>