Created
April 19, 2017 18:29
-
-
Save jatovar/46e8dd513f699187f55a52b3ae043978 to your computer and use it in GitHub Desktop.
Oauth2 and OpenID with ASP identity manager
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public void ConfigureAuth(IAppBuilder app) | |
| { | |
| //AntiForgeryConfig.UniqueClaimTypeIdentifier = Constants.ClaimTypes.Subject; | |
| JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>(); | |
| // Configure the db context and user manager to use a single instance per request | |
| app.CreatePerOwinContext(ApplicationDbContext.Create); | |
| app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create); | |
| AntiForgeryConfig.UniqueClaimTypeIdentifier = "Subject"; | |
| app.UseCookieAuthentication(new CookieAuthenticationOptions | |
| { | |
| AuthenticationType = "Cookies" | |
| }); | |
| // Enable the application to use a cookie to store information for the signed in user | |
| // and to use a cookie to temporarily store information about a user logging in with a third party login provider | |
| app.UseCookieAuthentication(new CookieAuthenticationOptions()); | |
| app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie); | |
| // Configure the application for OAuth based flow | |
| PublicClientId = "self"; | |
| OAuthOptions = new OAuthAuthorizationServerOptions | |
| { | |
| TokenEndpointPath = new PathString("/Token"), | |
| Provider = new ApplicationOAuthProvider(PublicClientId), | |
| AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"), | |
| AccessTokenExpireTimeSpan = TimeSpan.FromDays(14), | |
| // In production mode set AllowInsecureHttp = false | |
| AllowInsecureHttp = true | |
| }; | |
| /* | |
| app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions | |
| { | |
| Authority = "https://localhost:44333/core", | |
| ClientId = "mvc", | |
| ResponseType = "id_token token", | |
| RedirectUri = "http://localhost:61633/", | |
| SignInAsAuthenticationType = "Cookies", | |
| Notifications = new OpenIdConnectAuthenticationNotifications | |
| { | |
| SecurityTokenValidated = async n => | |
| { | |
| var userInfoClient = new UserInfoClient( | |
| new Uri(n.Options.Authority + "/connect/userinfo"), | |
| n.ProtocolMessage.AccessToken); | |
| Debug.WriteLine(userInfoClient.ToString()); | |
| var userInfo = await userInfoClient.GetAsync(); | |
| // create new identity and set name and role claim type | |
| var nid = new ClaimsIdentity( | |
| n.AuthenticationTicket.Identity.AuthenticationType, | |
| "GivenName", | |
| "FamilyName"); | |
| userInfo.Claims.ToList().ForEach(c => nid.AddClaim(new Claim(c.Item1, c.Item2))); | |
| // keep the id_token for logout | |
| nid.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken)); | |
| // add access token for sample API | |
| nid.AddClaim(new Claim("access_token", n.ProtocolMessage.AccessToken)); | |
| // keep track of access token expiration | |
| nid.AddClaim(new Claim("expires_at", DateTimeOffset.Now.AddSeconds(int.Parse(n.ProtocolMessage.ExpiresIn)).ToString())); | |
| // add some other app specific claim | |
| nid.AddClaim(new Claim("app_specific", "some data")); | |
| n.AuthenticationTicket = new AuthenticationTicket( | |
| nid, | |
| n.AuthenticationTicket.Properties); | |
| } | |
| } | |
| }); | |
| app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions | |
| { | |
| Authority = "https://localhost:44333/core", | |
| ClientId = "mvc" | |
| }); | |
| app.Map("/api", apimap => { | |
| apimap.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions | |
| { | |
| Authority = "https://localhost:44333/core", | |
| ClientId = "mvc", | |
| ValidationMode = ValidationMode.ValidationEndpoint, | |
| } | |
| ); | |
| }); | |
| */ | |
| // Enable the application to use bearer tokens to authenticate users | |
| app.UseOAuthBearerTokens(OAuthOptions); | |
| // Uncomment the following lines to enable logging in with third party login providers | |
| //app.UseMicrosoftAccountAuthentication( | |
| // clientId: "", | |
| // clientSecret: ""); | |
| //app.UseTwitterAuthentication( | |
| // consumerKey: "", | |
| // consumerSecret: ""); | |
| //app.UseFacebookAuthentication( | |
| // appId: "", | |
| // appSecret: ""); | |
| //app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions() | |
| //{ | |
| // ClientId = "", | |
| // ClientSecret = "" | |
| //}); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment