Shaddix.OpenIddict.ExternalAuthentication 2.7.1

dotnet add package Shaddix.OpenIddict.ExternalAuthentication --version 2.7.1                
NuGet\Install-Package Shaddix.OpenIddict.ExternalAuthentication -Version 2.7.1                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Shaddix.OpenIddict.ExternalAuthentication" Version="2.7.1" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Shaddix.OpenIddict.ExternalAuthentication --version 2.7.1                
#r "nuget: Shaddix.OpenIddict.ExternalAuthentication, 2.7.1"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install Shaddix.OpenIddict.ExternalAuthentication as a Cake Addin
#addin nuget:?package=Shaddix.OpenIddict.ExternalAuthentication&version=2.7.1

// Install Shaddix.OpenIddict.ExternalAuthentication as a Cake Tool
#tool nuget:?package=Shaddix.OpenIddict.ExternalAuthentication&version=2.7.1                

OpenIddictExternalAuthentication

NUGET MIT NET8

Library that simplifies integration of OpenIdDict to a several lines of code. It contain basic implementation of AuthenticationController, mostly taken from OpenIddict Samples.

What's inside

  1. Required endpoints to support 3rd party authentication (e.g. Google, Facebook, etc.)
  2. JWT access_token/refresh_token generation (i.e. default /connect/token endpoint)
  3. Refresh token flow
  4. Authorization Code flow
  5. Resource Owner Password Flow (disabled by default, could be enabled via configuration)
  6. EnableIdentityServerRefreshTokens() option that eases the migration from IdentityServer (i.e., that RefreshTokens from IdentityServer will still work, if PersistedGrants table remains)
  7. app.UseOpenIdDictConversionMiddleware() helps to support old clients when migrating from IdentityServer. It allows to do the following:
    1. Remove non-existing scopes
    2. Remove header authorization (if client_id/client_secret are passed in Form parameters)
    3. Remove client_secret for public clients (otherwise OpenIdDict complains)
    4. Change name of form parameters (e.g. userNameusername)

Here's the vanilla js or react demo of Google/Facebook authentication using OpenIddict on backend. The page has several buttons to log in via different providers. Example workflow

How to

  1. PREREQUISITE: it's implied, that openiddict is installed and configured in your project already (if it's not, head over to one of the samples).

  2. Install nuget to add the library to your project.

     dotnet add package Shaddix.OpenIddict.ExternalAuthentication
    
  3. Create you own AuthorizationController by inheriting from OpenIdAuthorizationControllerBase. This could look like:

    public class AuthorizationController : OpenIdAuthorizationControllerBase<IdentityUser, string>
    {
        public AuthorizationController(SignInManager<IdentityUser> signInManager,
         UserManager<IdentityUser> userManager,
         IOpenIddictClientConfigurationProvider clientConfigurationProvider) : base(signInManager, userManager,
         clientConfigurationProvider)
         {
         }
    
    }
    
  4. Override some functions (e.g. CreateNewUser or GetClaims) if you want to customize user creation behavior or provide more claims.

  5. From Configure function in Startup.cs add the following calls (in addition to standard OpenIddict setup):

    services
       .AddOpenIddict()
       .AddOpenIddictConfigurations(Configuration)
       .AddDefaultAuthorizationController()
    

    You could customize default authorization controller configuration (or even default OpenIddict configuration) by doing:

    .AddDefaultAuthorizationController(options => 
                     options.DisableRefreshTokenFlow())
    

    or

    .AddDefaultAuthorizationController(options =>
                     options.OpenIddictServerBuilder.AllowNoneFlow())
    
  6. Add external auth providers (i.e. .AddAuthentication().AddGoogle(), .AddFacebook(), etc.). Follow instructions on how to set up applications on OAuth provider side.

You could also take a look at OpenIddictExternalAuthentication.Example for example usage (keep in mind, that there are hardcoded ClientId/ClientSecret for FB and Google within Example app. They are for demo purposes and everyone can use them, so beware).

Frontend

  1. Use some proven openid client library (I personally recommend oidc-client-ts).
  2. Use standard auth code flow according to the library instructions, pointing to standard Authorize endpoint and passing ?provider=Google as a query parameter (i.e. authorization endpoint should look like /connect/authorize?provider=Google).
  3. You could check example implementation in plain-js or React

External user storage

We use standard Asp.Net Identity mechanism to store external logins (namely, AspNetUserLogins table). To find a user by external OAuth id you need to use _userManager.FindByLoginAsync(providerName, externalUserId)

FAQ

  1. Error in browser: "The specified 'redirect_uri' is not valid for this client application."
    • Check OpenIddictApplications table and verify that RedirectUris field contains the URI you are redirecting to.
    • If URI is not there, check RedirectUris in appsettings.json for the respective application.
    • If problematic URI is a relative one, make sure that you called options.SetPublicUrl() with correct URL in AddDefaultAuthorizationController configuration callback.
Product Compatible and additional computed target framework versions.
.NET net6.0 is compatible.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
2.7.1 191 11/8/2024
2.6.9 2,963 3/6/2024
2.6.8 8,784 12/24/2023
2.6.7 124 12/24/2023
2.6.6 4,402 5/2/2023
2.6.5 165 5/2/2023
2.6.4 348 5/2/2023
2.6.3 150 5/2/2023
2.6.2 153 5/2/2023
2.6.1 146 5/2/2023
2.5.1 169 5/1/2023
2.4.3 8,936 12/23/2022
2.4.2 2,549 12/17/2022
2.4.1 288 12/17/2022
2.3.2 1,770 10/24/2022
2.3.1 2,237 8/15/2022
2.2.2 2,239 7/23/2022
2.2.1 529 7/20/2022
2.1.3 801 7/8/2022
2.1.2 431 7/7/2022
2.1.1 451 7/6/2022
2.0.3 1,051 6/21/2022
2.0.2 479 6/20/2022
2.0.1 399 6/20/2022
1.4.5 467 6/20/2022
1.4.4 400 6/20/2022
1.4.3 433 6/20/2022
1.4.2 422 6/19/2022
1.4.1 426 6/19/2022
1.3.2 435 6/18/2022
1.3.1 438 6/17/2022
1.2.3 491 6/9/2022
1.2.2 402 6/9/2022
1.2.1 429 6/8/2022
1.1.4 431 5/29/2022
1.1.3 988 5/5/2022
1.1.2 1,207 3/14/2022
1.0.5 442 3/14/2022
1.0.4 454 3/13/2022
1.0.2 435 3/13/2022
1.0.1 419 3/13/2022