### Configure One Login Authentication Source: https://github.com/dfe-digital/govuk-onelogin-aspnetcore/blob/main/README.md Set up One Login authentication in an ASP.NET Core application. Ensure callback paths match One Login configuration and load the private key from configuration. ```csharp using GovUk.OneLogin.AspNetCore; var builder = WebApplication.CreateBuilder(args); builder.Services.AddAuthentication(defaultScheme: OneLoginDefaults.AuthenticationScheme) .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme) .AddOneLogin(options => { // Configure the authentication scheme to persist user information with; // typically this will be 'Cookies'. options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; // Configure the One Login environment. options.Environment = OneLoginEnvironments.Integration; // Configure your client information. // CallbackPath and SignedOutCallbackPath must align with the redirect_uris and post_logout_redirect_uris configured in One Login. options.ClientId = "YOUR_CLIENT_ID"; options.CallbackPath = "/onelogin-callback"; options.SignedOutCallbackPath = "/onelogin-logout-callback"; // Configure the private key used for authentication. // See the RSA class' documentation for the various ways to do this. // Here we're loading a PEM-encoded private key from configuration. using (var rsa = RSA.Create()) { rsa.ImportFromPem(builder.Configuration["OneLogin:PrivateKeyPem"]); options.ClientAuthenticationCredentials = new SigningCredentials( new RsaSecurityKey(rsa.ExportParameters(includePrivateParameters: true)), SecurityAlgorithms.RsaSha256); } // Configure vectors of trust. // See the One Login docs for the various options to use here. options.VectorsOfTrust = ["Cl"]; // Override the cookie name prefixes (optional) options.CorrelationCookie.Name = "my-app-onelogin-correlation."; options.NonceCookie.Name = "my-app-onelogin-nonce."; }); ``` -------------------------------- ### Configure for Identity Verification Source: https://github.com/dfe-digital/govuk-onelogin-aspnetcore/blob/main/README.md Add specific vectors of trust and core identity claims for identity verification scenarios. ```csharp .AddOneLogin(options => { options.VectorsOfTrust = ["Cl.Cm.P2"]; // Add the additional claims to authorization requests. options.Claims.Add(OneLoginClaimTypes.CoreIdentity); }) ``` -------------------------------- ### Configure JWKS with KeyId Source: https://github.com/dfe-digital/govuk-onelogin-aspnetcore/blob/main/README.md When using a JWKS endpoint, specify the KeyId of your signing certificate for client authentication credentials. ```csharp rsa.ImportFromPem(builder.Configuration["OneLogin:PrivateKeyPem"]); options.ClientAuthenticationCredentials = new SigningCredentials( new RsaSecurityKey(rsa.ExportParameters(true)) { KeyId = builder.Configuration["OneLogin:CertificateKeyId"] }, SecurityAlgorithms.RsaSha256 ); ``` -------------------------------- ### Implement IClaimsTransformation for Database Integration Source: https://github.com/dfe-digital/govuk-onelogin-aspnetcore/blob/main/README.md This class transforms claims by retrieving user information from a database using Entity Framework Core. It adds a 'Name' claim if it doesn't already exist, looking up the user by their OneLogin ID. ```csharp public class AddNameFromDbClaimsTransformation : IClaimsTransformation { private readonly MyDbContext _dbContext; public AddNameFromDbClaimsTransformation(MyDbContext dbContext) { _dbContext = dbContext; } public async Task TransformAsync(ClaimsPrincipal principal) { if (principal.HasClaim(claim => claim.Type == "Name")) { // Already have a Name claim assigned. return principal; } // Lookup user in DB using One Login user ID var oneLoginId = principal.FindFirstValue("sub"); var user = await _dbContext.Users.SingleAsync(user => user.OneLoginId == oneLoginId); // Create a new ClaimsIdentity, add claims and append to the existing principal var additionalIdentity = new ClaimsIdentity(); additionalIdentity.AddClaim(new Claim("Name", user.Name)); principal.AddIdentity(additionalIdentity); return principal; } } // In your Program.cs builder.Services.AddTransient(); ``` -------------------------------- ### Override VectorsOfTrust for Two-Stage Authentication Source: https://github.com/dfe-digital/govuk-onelogin-aspnetcore/blob/main/README.md Override the default VectorsOfTrust on a per-request basis to perform separate authentication and identity verification requests. ```csharp public IActionResult SignIn() { var properties = new AuthenticationProperties(); properties.SetVectorsOfTrust(["Cl.Cm"]); // authentication only //properties.SetVectorsOfTrust(["Cl.Cm.P2"]); // identity verification return Challenge(properties, authenticationSchemes: OneLoginDefaults.AuthenticationScheme); } ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.