Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // Get the client secret used for signing the tokens
- var keyAsBytes = Encoding.UTF8.GetBytes(Configuration["Auth0:ClientSecret"]);
- // if using non-base64 encoded key, just use:
- //var keyAsBase64 = auth0Settings.Value.ClientSecret.Replace('_', '/').Replace('-', '+');
- //var keyAsBytes = Convert.FromBase64String(keyAsBase64);
- var issuerSigningKey = new SymmetricSecurityKey(keyAsBytes);
- // Add authentication services
- services.AddAuthentication(options =>
- {
- options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
- options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
- options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
- })
- .AddCookie()
- .AddOpenIdConnect("Auth0", options =>
- {
- // Set the authority to your Auth0 domain
- options.Authority = $"https://{Configuration["Auth0:Domain"]}";
- // Configure the Auth0 Client ID and Client Secret
- options.ClientId = Configuration["Auth0:ClientId"];
- options.ClientSecret = Configuration["Auth0:ClientSecret"];
- // Set response type to code
- options.ResponseType = "code";
- // https://community.auth0.com/t/authentication-broken-on-asp-net-core-and-safari-on-ios-12-mojave/16077
- options.ResponseMode = "query";
- // Configure the scope
- options.Scope.Clear();
- options.Scope.Add("openid");
- options.Scope.Add("user_id");
- options.Scope.Add("name");
- options.Scope.Add("profile");
- options.Scope.Add("email");
- // Set the callback path, so Auth0 will call back to http://localhost:5000/signin-auth0
- // Also ensure that you have added the URL as an Allowed Callback URL in your Auth0 dashboard
- options.CallbackPath = new PathString("/signin-auth0");
- // Configure the Claims Issuer to be Auth0
- options.ClaimsIssuer = "Auth0";
- // Set the correct name claim type
- // FIXME: This doesn't seem to work for some reason
- options.TokenValidationParameters = new TokenValidationParameters
- {
- NameClaimType = "name",
- RoleClaimType = "https://schemas.scrapify.io/roles"
- };
- // manually setup the signature validation key
- options.TokenValidationParameters = new TokenValidationParameters
- {
- IssuerSigningKey = issuerSigningKey
- };
- options.Events = new OpenIdConnectEvents
- {
- // handle the logout redirection
- OnRedirectToIdentityProviderForSignOut = (context) =>
- {
- var logoutUri =
- $"https://{Configuration["Auth0:Domain"]}/v2/logout?client_id={Configuration["Auth0:ClientId"]}";
- var postLogoutUri = context.Properties.RedirectUri;
- if (!string.IsNullOrEmpty(postLogoutUri))
- {
- if (postLogoutUri.StartsWith("/"))
- {
- // transform to absolute
- var request = context.Request;
- postLogoutUri = request.Scheme + "://" + request.Host + request.PathBase +
- postLogoutUri;
- }
- logoutUri += $"&returnTo={Uri.EscapeDataString(postLogoutUri)}";
- }
- context.Response.Redirect(logoutUri);
- context.HandleResponse();
- return Task.CompletedTask;
- },
- OnTicketReceived = (context) =>
- {
- // stop by `/Account/Continue` instead of going directly to the ReturnUri
- // to work around Safari's issues with SameSite=lax session cookies not being
- // returned on the final redirect of the authentication flow.
- context.ReturnUri = "/Account/Continue?returnUrl="+ System.Net.WebUtility.UrlEncode(context.ReturnUri ?? "/");
- return Task.CompletedTask;
- }
- };
- });
- services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
Add Comment
Please, Sign In to add comment