search

oidcproxydotnet / OidcProxy.Net

An extendible framework for .NET to implement the BFF Security Pattern (a.k.a. Token Handler Pattern) in Single Page Applications
GNU Lesser General Public License v3.0
89 stars 18 forks source link

Register identity provider that extends OpenIdConnectIdentityProvider #240

Open RafalOsieka opened 5 days ago

RafalOsieka commented 5 days ago

I have a custom IdentityProvider class implementation, that overrides one method in OpenIdConnectIdentityProvider.

Currently there is no easy way of registering such implementation using the AddOidcProxy method (https://github.com/oidcproxydotnet/OidcProxy.Net/blob/main/src/OidcProxy.Net.OpenIdConnect/ModuleInitializer.cs#L27).

It would be great to have a generic AddOidcProxy method that allows to register custom identity provider implementation instead of the default OpenIdConnectIdentityProvider.

appie2go commented 2 days ago

Hi Rafal,

Thanks for your comment. And I agree. It's too complicated.

Assume anything is possible. Do you have a preference what the interface for registering an identityprovider should look like?

Cheers!

RafalOsieka commented 2 days ago

Hi, assuming I have a custom identity provider class MyIdentityProvider : OpenIdConnectIdentityProvider { ... }, then in the Program.cs I would like to configure it in the following way builder.Services.AddOidcProxy<MyIdentityProvider>(oidcProxyConfig).

This is enough for my use case, but maybe it would be good to have the possibility to have custom config. Hypothetically, MyIdentityProvider uses class MyOidcProxyConfig : OidcProxyConfig { ... }, then I would like to configure it the same way, i.e. builder.Services.AddOidcProxy<MyIdentityProvider, MyOidcProxyConfig>(myOidcProxyConfig).

I think the following signature should be ok

public static IServiceCollection AddOidcProxy<TOpenIdConnectIdentityProvider, TOpenIdConnectConfig>(this IServiceCollection serviceCollection, TOpenIdConnectConfig config, Action<ProxyOptions>? configureOptions = null)
    where TOpenIdConnectIdentityProvider : OpenIdConnectIdentityProvider
    where TOpenIdConnectConfig : OpenIdConnectConfig
{
    // later the services.ConfigureOpenIdConnect... is called - it should have similar signature
}

It allows to configure custom idp/options, but forces to use the base implementations (OpenIdConnectIdentityProvider/OpenIdConnectConfig).

NOTE: my use case uses the OpenIdConnectIdentityProvider. Probably the same should be done for the rest providers as well (EntraId, Auth0)