dotnet / AspNetCore.Docs

Documentation for ASP.NET Core
https://docs.microsoft.com/aspnet/core
Creative Commons Attribution 4.0 International
12.63k stars 25.29k forks source link

New doc: Configure OIDC web authentication #30647

Open damienbod opened 1 year ago

damienbod commented 1 year ago

@Rick-Anderson EDIT fixed by #33908 and @halter73 owns the review EDIT related issue #33877 I would like to create a new doc in the Security and Identity, Authentication area.

Menu: Configure OIDC web authentication

Page Title: Configure OpenID Connect Web (UI) authentication in ASP.NET Core

Sub sections • Overview • What is an OpenID Connect confidential interactive client • Create an OpenID Connect client in ASP.NET Core • Examples with code snippets • Using third party provider clients • Backend for frontend (BFF) security architecture • Advanced features, standards, extending the OIDC client

@RickAndMSFT @blowdart @JeremyLikness @kevinchalet

What do you think?


Associated WorkItem - 330548

damienbod commented 12 months ago

ping?

kevinchalet commented 12 months ago

@damienbod woops, looks like I missed the first ping, sorry 😅

That would definitely be a nice-to-have doc' and AFAICT by looking at the TOC, most of the interesting aspects already seem to be listed 👍🏻

For the Using third party provider clients part, may I suggest mentioning the OpenIddict client? With its ~60 web providers, it's now a better option than the aspnet-contrib providers (specially for services that implement OpenID Connect, as the aspnet-contrib providers don't implement the full OIDC validation logic, unlike the OpenIddict client).

/cc @bradygaster: you may be interested as it seems related to https://github.com/dotnet/aspnetcore/issues/42192.

Rick-Anderson commented 12 months ago

@RickAndMSFT @blowdart @JeremyLikness @kevinchalet

What do you think?

Oops, I don't monitor @RickAndMSFT, just @Rick-Anderson We'd love to have some help. @JeremyLikness should respond soon

JeremyLikness commented 12 months ago

@damienbod this would be a great topic. I love the proposed outline. I'd like to loop in @halter73 as our identity-focused engineer in case he has any thoughts and wants to be involved in review/development.

Rhywden commented 11 months ago

Yeah, I ran into this in #31082 where the previously working (in .NET7 Blazor) RedirectUri https://foo/ was just fine but got flagged by the antiforgery middleware if it wasn't set to include the magic string https://foo/signin-oidc After Github Copilot rode to my rescue with regards to the signin-oidc everything seems to work. Didn't look yet at whether the requested scopes / role-assignments get passed, though.