public void Configure(IApplicationBuilder app) {
app.UseDeveloperExceptionPage();
// Create a new branch where the registered middleware will be executed only for API calls.
app.UseWhen(context => context.Request.Path.StartsWithSegments(new PathString("/api")), branch => {
branch.UseOAuthValidation(new OAuthValidationOptions {
AutomaticAuthenticate = true,
AutomaticChallenge = true
});
// Alternatively, you can also use the introspection middleware.
// Using it is recommended if your resource server is in a
// different application/separated from the authorization server.
//
// branch.UseOAuthIntrospection(new OAuthIntrospectionOptions {
// AutomaticAuthenticate = true,
// AutomaticChallenge = true,
// Authority = "http://localhost:54540/",
// Audiences = { "resource_server" },
// ClientId = "resource_server",
// ClientSecret = "875sqd4s5d748z78z7ds1ff8zz8814ff88ed8ea4z4zzd"
// });
});
// Create a new branch where the registered middleware will be executed only for non API calls.
app.UseWhen(context => !context.Request.Path.StartsWithSegments(new PathString("/api")), branch => {
// Insert a new cookies middleware in the pipeline to store
// the user identity returned by the external identity provider.
branch.UseCookieAuthentication(new CookieAuthenticationOptions {
AutomaticAuthenticate = true,
AutomaticChallenge = true,
AuthenticationScheme = "ServerCookie",
CookieName = CookieAuthenticationDefaults.CookiePrefix + "ServerCookie",
ExpireTimeSpan = TimeSpan.FromMinutes(5),
LoginPath = new PathString("/signin"),
LogoutPath = new PathString("/signout")
});
branch.UseGoogleAuthentication(new GoogleOptions {
ClientId = "560027070069-37ldt4kfuohhu3m495hk2j4pjp92d382.apps.googleusercontent.com",
ClientSecret = "n2Q-GEw9RQjzcRbU3qhfTj8f"
});
branch.UseTwitterAuthentication(new TwitterOptions {
ConsumerKey = "6XaCTaLbMqfj6ww3zvZ5g",
ConsumerSecret = "Il2eFzGIrYhz6BWjYhVXBPQSfZuS4xoHpSSyD9PI"
});
});
app.UseOpenIdConnectServer(options => {
options.Provider = new AuthorizationProvider();
// Enable the authorization and logout endpoints.
options.AuthorizationEndpointPath = "/connect/authorize";
options.LogoutEndpointPath = "/connect/logout";
// Register a new ephemeral key, that is discarded when the application
// shuts down. Tokens signed using this key are automatically invalidated.
// This method should only be used during development.
options.SigningCredentials.AddEphemeralKey();
// On production, using a X.509 certificate stored in the machine store is recommended.
// You can generate a self-signed certificate using Pluralsight's self-cert utility:
// https://s3.amazonaws.com/pluralsight-free/keith-brown/samples/SelfCert.zip
//
// options.SigningCredentials.AddCertificate("7D2A741FE34CC2C7369237A5F2078988E17A6A75");
//
// Alternatively, you can also store the certificate as an embedded .pfx resource
// directly in this assembly or in a file published alongside this project:
//
// options.SigningCredentials.AddCertificate(
// assembly: typeof(Startup).GetTypeInfo().Assembly,
// resource: "Backend.Certificate.pfx",
// password: "Owin.Security.OpenIdConnect.Server");
// Note: see AuthorizationController.cs for more
// information concerning ApplicationCanDisplayErrors.
options.ApplicationCanDisplayErrors = true;
options.AllowInsecureHttp = true;
// Note: to override the default access token format and use JWT, assign AccessTokenHandler:
// options.AccessTokenHandler = new JwtSecurityTokenHandler();
});
app.UseStaticFiles();
app.UseMvc();
app.UseWelcomePage();
using (var context = new ApplicationContext(
app.ApplicationServices.GetRequiredService<DbContextOptions<ApplicationContext>>())) {
// Note: when using the introspection middleware, your resource server
// MUST be registered as an OAuth2 client and have valid credentials.
//
// database.Applications.Add(new Application {
// ApplicationID = "resource_server",
// DisplayName = "Main resource server",
// Secret = "875sqd4s5d748z78z7ds1ff8zz8814ff88ed8ea4z4zzd"
// });
context.Applications.Add(new Application {
ApplicationID = "myClient",
DisplayName = "My client application",
RedirectUri = "http://localhost/callback",
LogoutRedirectUri = "http://localhost/callback",
Secret = "secret_secret_secret"
});
context.SaveChanges();
}
}
}