Shaddix.OpenIddict.ExternalAuthentication
2.7.1
dotnet add package Shaddix.OpenIddict.ExternalAuthentication --version 2.7.1
NuGet\Install-Package Shaddix.OpenIddict.ExternalAuthentication -Version 2.7.1
<PackageReference Include="Shaddix.OpenIddict.ExternalAuthentication" Version="2.7.1" />
paket add Shaddix.OpenIddict.ExternalAuthentication --version 2.7.1
#r "nuget: Shaddix.OpenIddict.ExternalAuthentication, 2.7.1"
// Install Shaddix.OpenIddict.ExternalAuthentication as a Cake Addin #addin nuget:?package=Shaddix.OpenIddict.ExternalAuthentication&version=2.7.1 // Install Shaddix.OpenIddict.ExternalAuthentication as a Cake Tool #tool nuget:?package=Shaddix.OpenIddict.ExternalAuthentication&version=2.7.1
OpenIddictExternalAuthentication
Library that simplifies integration of OpenIdDict to a several lines of code.
It contain basic implementation of AuthenticationController
, mostly taken from OpenIddict Samples.
What's inside
- Required endpoints to support 3rd party authentication (e.g. Google, Facebook, etc.)
- JWT access_token/refresh_token generation (i.e. default
/connect/token
endpoint) - Refresh token flow
- Authorization Code flow
- Resource Owner Password Flow (disabled by default, could be enabled via configuration)
EnableIdentityServerRefreshTokens()
option that eases the migration from IdentityServer (i.e., that RefreshTokens from IdentityServer will still work, ifPersistedGrants
table remains)app.UseOpenIdDictConversionMiddleware()
helps to support old clients when migrating from IdentityServer. It allows to do the following:- Remove non-existing scopes
- Remove header authorization (if client_id/client_secret are passed in Form parameters)
- Remove client_secret for public clients (otherwise OpenIdDict complains)
- Change name of form parameters (e.g.
userName
→username
)
Here's the vanilla js or react demo of Google/Facebook authentication using OpenIddict on backend. The page has several buttons to log in via different providers.
How to
PREREQUISITE: it's implied, that openiddict is installed and configured in your project already (if it's not, head over to one of the samples).
Install nuget to add the library to your project.
dotnet add package Shaddix.OpenIddict.ExternalAuthentication
Create you own
AuthorizationController
by inheriting fromOpenIdAuthorizationControllerBase
. This could look like:public class AuthorizationController : OpenIdAuthorizationControllerBase<IdentityUser, string> { public AuthorizationController(SignInManager<IdentityUser> signInManager, UserManager<IdentityUser> userManager, IOpenIddictClientConfigurationProvider clientConfigurationProvider) : base(signInManager, userManager, clientConfigurationProvider) { } }
Override some functions (e.g.
CreateNewUser
orGetClaims
) if you want to customize user creation behavior or provide more claims.From
Configure
function inStartup.cs
add the following calls (in addition to standard OpenIddict setup):services .AddOpenIddict() .AddOpenIddictConfigurations(Configuration) .AddDefaultAuthorizationController()
You could customize default authorization controller configuration (or even default OpenIddict configuration) by doing:
.AddDefaultAuthorizationController(options => options.DisableRefreshTokenFlow())
or
.AddDefaultAuthorizationController(options => options.OpenIddictServerBuilder.AllowNoneFlow())
Add external auth providers (i.e.
.AddAuthentication().AddGoogle()
,.AddFacebook()
, etc.). Follow instructions on how to set up applications on OAuth provider side.
You could also take a look at OpenIddictExternalAuthentication.Example for example usage (keep in mind, that there are hardcoded ClientId/ClientSecret for FB and Google within Example app. They are for demo purposes and everyone can use them, so beware).
Frontend
- Use some proven openid client library (I personally recommend oidc-client-ts).
- Use standard auth code flow according to the library instructions, pointing to standard Authorize endpoint and passing
?provider=Google
as a query parameter (i.e. authorization endpoint should look like/connect/authorize?provider=Google
). - You could check example implementation in plain-js or React
External user storage
We use standard Asp.Net Identity mechanism to store external logins (namely, AspNetUserLogins
table). To find a user by external OAuth id you need to use _userManager.FindByLoginAsync(providerName, externalUserId)
FAQ
- Error in browser: "The specified 'redirect_uri' is not valid for this client application."
- Check
OpenIddictApplications
table and verify thatRedirectUris
field contains the URI you are redirecting to. - If URI is not there, check
RedirectUris
inappsettings.json
for the respective application. - If problematic URI is a relative one, make sure that you called
options.SetPublicUrl()
with correct URL inAddDefaultAuthorizationController
configuration callback.
- Check
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
-
net6.0
- IdentityModel (>= 6.0.0)
- Microsoft.EntityFrameworkCore.Relational (>= 7.0.0)
- Microsoft.Extensions.Identity.Core (>= 7.0.0)
- Microsoft.Extensions.Identity.Stores (>= 7.0.0)
- OpenIddict.AspNetCore (>= 4.3.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated |
---|---|---|
2.7.1 | 183 | 11/8/2024 |
2.6.9 | 2,790 | 3/6/2024 |
2.6.8 | 8,692 | 12/24/2023 |
2.6.7 | 124 | 12/24/2023 |
2.6.6 | 4,402 | 5/2/2023 |
2.6.5 | 165 | 5/2/2023 |
2.6.4 | 348 | 5/2/2023 |
2.6.3 | 150 | 5/2/2023 |
2.6.2 | 153 | 5/2/2023 |
2.6.1 | 146 | 5/2/2023 |
2.5.1 | 169 | 5/1/2023 |
2.4.3 | 8,936 | 12/23/2022 |
2.4.2 | 2,549 | 12/17/2022 |
2.4.1 | 288 | 12/17/2022 |
2.3.2 | 1,770 | 10/24/2022 |
2.3.1 | 2,237 | 8/15/2022 |
2.2.2 | 2,239 | 7/23/2022 |
2.2.1 | 529 | 7/20/2022 |
2.1.3 | 801 | 7/8/2022 |
2.1.2 | 431 | 7/7/2022 |
2.1.1 | 451 | 7/6/2022 |
2.0.3 | 1,051 | 6/21/2022 |
2.0.2 | 479 | 6/20/2022 |
2.0.1 | 399 | 6/20/2022 |
1.4.5 | 467 | 6/20/2022 |
1.4.4 | 400 | 6/20/2022 |
1.4.3 | 433 | 6/20/2022 |
1.4.2 | 422 | 6/19/2022 |
1.4.1 | 426 | 6/19/2022 |
1.3.2 | 435 | 6/18/2022 |
1.3.1 | 438 | 6/17/2022 |
1.2.3 | 491 | 6/9/2022 |
1.2.2 | 402 | 6/9/2022 |
1.2.1 | 429 | 6/8/2022 |
1.1.4 | 431 | 5/29/2022 |
1.1.3 | 988 | 5/5/2022 |
1.1.2 | 1,207 | 3/14/2022 |
1.0.5 | 442 | 3/14/2022 |
1.0.4 | 454 | 3/13/2022 |
1.0.2 | 435 | 3/13/2022 |
1.0.1 | 419 | 3/13/2022 |