Document Web Providers #57
Comments
|
I moved your ticket to the correct repository 😃
I wrote a blog post about that here (and it uses GitHub as the provider): https://kevinchalet.com/2022/12/16/getting-started-with-the-openiddict-web-providers/. I'll use this thread to track adding docs on documentation.openiddict.com.
It's not entirely surprising: the whole new OpenIddict client and the web provider integrations that come with it shipped as part of OpenIddict 4.0, in December 2022, so the usage is still low (and we decided to keep supporting the aspnet-contrib providers, so many folks will likely keep using them). That said, we're considering using them in OrchardCore in the next version and multiple OpenIddict users I know have adopted them.
Yes: when you integrate with GitHub, your application is now acting as an OAuth 2.0 client. Hence the name, "client" 😃
This method is always called by the
Nothing prevents you from reusing the same certificates, but using different ones is recommended. If you use the web providers in a .NET desktop app, read https://kevinchalet.com/2023/02/27/introducing-system-integration-support-for-the-openiddict-client/ for additional considerations.
Assuming you're using the GitHub provider in an ASP.NET Core app: [HttpGet("~/login")]
public ActionResult LogIn(string returnUrl)
{
var properties = new AuthenticationProperties(new Dictionary<string, string>
{
// Note: when only one client is registered in the client options,
// setting the provider property is not required and can be omitted.
[OpenIddictClientAspNetCoreConstants.Properties.ProviderName] = Providers.GitHub
})
{
// Only allow local return URLs to prevent open redirect attacks.
RedirectUri = Url.IsLocalUrl(returnUrl) ? returnUrl : "/"
};
// Ask the OpenIddict client middleware to redirect the user agent to the identity provider.
return Challenge(properties, OpenIddictClientAspNetCoreDefaults.AuthenticationScheme);
}
Assuming you're referring to the special/custom parameter used in one of the samples, no.
Yep, expect the authentication scheme value will need to point to Hope it's clearer. |
|
Thanks a lot, each line was a "aaah 🤯". I was able to get my web provider working along with Steam. Though I think I have some inaccuracies.
In my authorize endpoint I'm now doing a string authenticationScheme = request.IdentityProvider == "Steam"
? SteamAuthenticationDefaults.AuthenticationScheme
: OpenIddictClientAspNetCoreDefaults.AuthenticationScheme;
return Challenge(
authenticationSchemes: authenticationScheme,but at the start of the authorize I'm checking (like in the samples) if an authentication cookie is available using HttpContext.AuthenticateAsync(CookieAuthenticationDefaults.AuthenticationScheme);but here I'm super confused. Since I set the steam's SignInScheme to Also, looking at my cookies in the browser, I can only one cookie named |
As mentioned in aspnet-contrib/AspNet.Security.OAuth.Providers#694 (comment), OpenIddict - unlike the Microsoft and aspnet-contrib OAuth 2.0/OIDC handlers - doesn't have a Instead, you have to implement a /callback action in your code that explicitly calls
Given you use |
Confirm you've already contributed to this project or that you sponsor it
Describe the solution you'd like
Using web providers such as Github is barely documented. In the Contributing a new Web provider, it quickly mentions how to test it's hard to know what to do just for that. On Github it seems like no projects use the web providers (sourcegraph).
Here are the questions I've asked myself when reading trying to use web providers with open iddict:
identity_provider?identity_provider=steam?Additional context
No response
The text was updated successfully, but these errors were encountered: