Open damienbod opened 1 year ago
ping?
@damienbod woops, looks like I missed the first ping, sorry 😅
That would definitely be a nice-to-have doc' and AFAICT by looking at the TOC, most of the interesting aspects already seem to be listed 👍🏻
For the Using third party provider clients
part, may I suggest mentioning the OpenIddict client? With its ~60 web providers, it's now a better option than the aspnet-contrib providers (specially for services that implement OpenID Connect, as the aspnet-contrib providers don't implement the full OIDC validation logic, unlike the OpenIddict client).
/cc @bradygaster: you may be interested as it seems related to https://github.com/dotnet/aspnetcore/issues/42192.
@RickAndMSFT @blowdart @JeremyLikness @kevinchalet
What do you think?
Oops, I don't monitor @RickAndMSFT, just @Rick-Anderson We'd love to have some help. @JeremyLikness should respond soon
@damienbod this would be a great topic. I love the proposed outline. I'd like to loop in @halter73 as our identity-focused engineer in case he has any thoughts and wants to be involved in review/development.
Yeah, I ran into this in #31082 where the previously working (in .NET7 Blazor) RedirectUri https://foo/
was just fine but got flagged by the antiforgery middleware if it wasn't set to include the magic string https://foo/signin-oidc
After Github Copilot rode to my rescue with regards to the signin-oidc
everything seems to work. Didn't look yet at whether the requested scopes / role-assignments get passed, though.
@Rick-Anderson EDIT fixed by #33908 and @halter73 owns the review EDIT related issue #33877 I would like to create a new doc in the Security and Identity, Authentication area.
Menu: Configure OIDC web authentication
Page Title: Configure OpenID Connect Web (UI) authentication in ASP.NET Core
Sub sections • Overview • What is an OpenID Connect confidential interactive client • Create an OpenID Connect client in ASP.NET Core • Examples with code snippets • Using third party provider clients • Backend for frontend (BFF) security architecture • Advanced features, standards, extending the OIDC client
@RickAndMSFT @blowdart @JeremyLikness @kevinchalet
What do you think?
Associated WorkItem - 330548