Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
Kévin Chalet
@kevinchalet
Sorry for the wall of text :trollface:
rallbritain
@rallbritain
Thanks Kevin, I was just talking to someone this morning that suggested I handle all of the auth flow on the server-side. That actually make a ton of sense and I think it will greatly simplify things. Thank you for your help.
Kévin Chalet
@kevinchalet
@rallbritain you're welcome :smile:
rallbritain
@rallbritain
Is it possible in .net to customize the format of the authorize parameters? The current application I am working with will give you all scopes if you leave it off "&scope=..." but if you just make the scope an empty string ( ... &scope=& )it fails as an invalid scope. I know this wouldn't be anything ever done in production, but it sure makes development easy while figuring out what scopes you need. I see alot of people override FormatScope, but I think that is just the list not including the parameter name.
Kévin Chalet
@kevinchalet
@rallbritain the OAuth 2.0 base handler always adds it even if it's empty: https://github.com/dotnet/aspnetcore/blob/main/src/Security/Authentication/OAuth/src/OAuthHandler.cs#L299
So your only option is to override the BuildChallengeUrl and use a similar implementation but that doesn't add the scope to the collection if it's empty.
BTW, thanks for sponsoring me, much appreciated! :smile:
rallbritain
@rallbritain
You are welcome. Finding good information on this is hard! You project and help have saved me a ton of time.
Kévin Chalet
@kevinchalet
:smile:
rallbritain
@rallbritain
One last question (I hope). Should RunClaimActions create and save the user? I have "ClaimTypes.NameIdentifier" and "ClaimTypes.Name" mapped and the json i am passing it looks good, however, It is not creating a user.
Kévin Chalet
@kevinchalet
May I ask if the provider you'd like to support is public?
rallbritain
@rallbritain
I am building for DrChrono https://www.drchrono.com/
Kévin Chalet
@kevinchalet
No, RunClaimActions() only imports the selected claims into the resulting ClaimsPrincipal (that will typically be stored in an authentication cookie).
All the providers are basically stateless: if you want to have a local database, it's up to you to handle that part. You can use ASP.NET Core Identity for that.
rallbritain
@rallbritain
I have that setup for email/password users. Is it typical to save the identyUser in the OnCreatingTicket method?
Kévin Chalet
@kevinchalet
It's an option but definitely not the most common one :smile:
rallbritain
@rallbritain
what is the common workflow?
Kévin Chalet
@kevinchalet
If you use the Identity Razor UI, it has a page dedicated to that.
Let me find the link for you.
rallbritain
@rallbritain
yes, I am using that scaffolding
(I took a brief look at DrChrono and you're lucky: it seems fairly standard :smile:)
rallbritain
@rallbritain
it is.
To get current user it does a redirect and I had to do a little custom code to handle that, but its been pretty straight forward
Biggest hurddle has been learning .NET Oauth
Kévin Chalet
@kevinchalet
It's always a good thing when it's standard. Because when it's not, the number of hacks you need to add can quickly grow... :smile:
rallbritain
@rallbritain
I just registered my first user via OAuth!!!!!! Thank you a ton!
the scaffolding was the last piece I needed
Kévin Chalet
@kevinchalet
I had to make a list of the most horrible providers to determine whether OpenIddict - whose 4th version will introduce a new OAuth 2.0+OIDC client and will come with a web integration package aiming at offering a more flexible/easier-to-maintain option than the aspnet-contrib providers - will have all the needed hooks for that and Lord... https://github.com/openiddict/openiddict-core/issues/1451#issuecomment-1145034502 :trollface:
Haha, you're welcome :smile:
rallbritain
@rallbritain
I've read about OpenIddict. It has similar funtions to IdentityServer? I may need that in the future.
Kévin Chalet
@kevinchalet
Yeah. It's an OAuth 2.0/OIDC server and token validation stack. And 4.0 will introduce a client stack. Hopefully we'll be able to port many/most of the aspnet-contrib providers later this year.
rallbritain
@rallbritain
I will keep an eye out. Thank you again
Kévin Chalet
@kevinchalet
The idea is to keep supporting the 80 aspnet-contrib social providers while reducing the maintenance burden. To achieve that, I opted for a radically different approach: generating the providers using Roslyn source generators, which greatly reduces the amount of code: for fully standard providers, we don't have to write a single line of C# code :smile:
You're welcome!
Orchard Skills
@OrchardSkills
Hi Kevin. How are you?
Heartbeatss1
@Heartbeatss1
Hey Everyone my brain have a blockade right now ;)
I am trying to add an discord Authentication with this package to my minimal Api. Is there anywhere an "manual" or wiki with examples how to do this?
Martin Costello
@martincostello
The process will be similar to this guide, but using the Discord provider instead of the ones listed in the Microsoft documentation.
Heartbeatss1
@Heartbeatss1
thanks ;)
i will check
enggaard
@enggaard

Hello

I am trying to get the discord oauth to work. But cant seem to wrap my head around it.
Its a dotnetcore6 api application. and i have added the
builder.Services.AddAuthentication(options => { }).AddDiscord(options => { options.ClientId = builder.Configuration["Discord:ClientID"]; options.ClientSecret = builder.Configuration["Discord:ClientSecret"]; });

to the program.cs

I have a token from discord that I pass the the api endpoint in as a bearer token in the authorization header. (through postman)

But keep getting this

System.InvalidOperationException: No authenticationScheme was specified, and there was no DefaultAuthenticateScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action<AuthenticationOptions> configureOptions).

also added [Authorize(AuthenticationSchemes = DiscordAuthenticationDefaults.AuthenticationScheme)] to the action in the controller
oh.. just noticed the previous question. gonna take a look at that as well
yeah. thats what I already did
Kévin Chalet
@kevinchalet
Hey.
It's important to note that none of the aspnet-contrib providers (or the providers maintained by MSFT) can be used for API token validation: they are meant to be used for interactive authentication, they can't validate access tokens issued by the providers themselves (that are often opaque anyway)
The best option in those cases is to have your own authorization server to use your own tokens.
enggaard
@enggaard
Hi @kevinchalet thanks for the help. I kind of expected it to be more out of the box :) I'll try the suggestion you link to your blog.