2.1 KiB
2.1 KiB
OpenID Connect Integration
This project includes a reusable OpenID Connect client implementation that can be used with multiple providers.
Supported Providers
- Apple Sign In
- Google Sign In
How to Add a New Provider
- Create a new class that inherits from
OidcServicein theAuth/OpenIddirectory - Implement the abstract methods and properties
- Register the service in
Program.cs - Add the provider's configuration to
appsettings.json - Add the provider to the
GetOidcServicemethod in bothOidcControllerandAuthCallbackController
Configuration
Apple Sign In
"Apple": {
"ClientId": "YOUR_APPLE_CLIENT_ID", // Your Service ID from Apple Developer portal
"TeamId": "YOUR_APPLE_TEAM_ID", // Your Team ID from Apple Developer portal
"KeyId": "YOUR_APPLE_KEY_ID", // Key ID for the private key
"PrivateKeyPath": "./apple_auth_key.p8", // Path to your .p8 private key file
"RedirectUri": "https://your-app.com/auth/callback/apple" // Your callback URL
}
Google Sign In
"Google": {
"ClientId": "YOUR_GOOGLE_CLIENT_ID", // Your OAuth client ID
"ClientSecret": "YOUR_GOOGLE_CLIENT_SECRET", // Your OAuth client secret
"RedirectUri": "https://your-app.com/auth/callback/google" // Your callback URL
}
Usage
To initiate the OpenID Connect flow, redirect the user to:
/auth/login/{provider}?returnUrl=/your-return-path
Where {provider} is one of the supported providers (e.g., apple, google).
Authentication Flow
- User is redirected to the provider's authentication page
- After successful authentication, the provider redirects back to your callback endpoint
- The callback endpoint processes the response and creates or retrieves the user account
- A session is created for the user and a token is issued
- The user is redirected back to the specified return URL with the token set as a cookie
Customization
The base OidcService class provides common functionality for all providers. You can override any of its methods in your provider-specific implementations to customize the behavior.