### Project Setup and Run Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/docs/demos/spa-bffs/auth0/src/spa+bff/ClientApp/src/app/app.component.html Commands to install the OidcProxy.Net templates, create a new project, and run the application. ```APIDOC ## Install Templates ### Description Installs the necessary project templates for OidcProxy.Net. ### Command dotnet new install OidcProxy.Net.Templates ``` ```APIDOC ## Create New Project ### Description Creates a new OidcProxy.Net project with specified backend and identity provider configurations. ### Command dotnet new OidcProxy.Net --backend "https://api.myapp.com" --idp "https://idp.myapp.com" --clientId xyz --clientSecret abc ``` ```APIDOC ## Run Project ### Description Builds and runs the OidcProxy.Net application. ### Command dotnet run ``` -------------------------------- ### Install OidcProxy.Net Templates Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/docs/demos/spa-bffs/auth0/src/spa+bff/ClientApp/src/app/app.component.html Use this command to install the necessary project templates for OidcProxy.Net. ```bash dotnet new install OidcProxy.Net.Templates ``` -------------------------------- ### Running the Demo Applications Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/docs/demos/Authentication-Gateways/AzureAd/src/Spa/src/app/app.component.html This command sequence starts the SPA, the BFF, and the API. Ensure all projects are in their respective directories. ```bash ng serve && dotnet run ../Bff/Bff.csproj && dotnet run ../Api/Api.csproj ``` -------------------------------- ### Install OidcProxy.Net.Auth0 Package Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Quickstarts Installs the OidcProxy.Net package for Auth0 integration. Ensure you have the .NET SDK installed. ```powershell dotnet new web dotnet add package OidcProxy.Net.Auth0 ``` -------------------------------- ### OidcProxy Configuration Example Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/src/OidcProxy.Net.OpenIdConnect/Readme.md Example appsettings.json configuration for OidcProxy.Net. Customize OIDC client details, landing page, and reverse proxy routes/clusters. ```json { "Logging": { "LogLevel": { "Default": "Information", "Microsoft.AspNetCore": "Warning" } }, "AllowedHosts": "*", "OidcProxy": { "LandingPage": "/hello", "Oidc": { "ClientId": "{your_client_id}", "ClientSecret": "{your_secret}", "Authority": "https://{your_authority}/" }, "ReverseProxy": { "Routes": { "api": { "ClusterId": "api", "Match": { "Path": "/api/{*any}" } } }, "Clusters": { "api": { "Destinations": { "api/node1": { "Address": "https://{your_api}/" } } } } } } } ``` -------------------------------- ### Auth0 Domain Configuration Examples (JSON) Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Errors Illustrates missing, empty, misspelled, and incorrect Auth0 Domain configurations in appsettings.json, which can lead to startup errors. The correct format is shown in the solution. ```json "Auth0": { "ClientId": "{yourClientId}", "ClientSecret": "{yourClientSecret}", "Audience": "{yourAudience}", "Scopes": [ "openid", "profile", "offline_access" ] }, ``` ```json "Auth0": { ... "Domain": "", ... }, ``` ```json "Auth0": { ... "Donain": "{yourDomain}", ... }, ``` ```json "Auth0": { ... "Domain": "https://yourdomain.eu.auth0.com/", ... }, ``` ```json "Auth0": { ... "Domain": "example.eu.auth0.com", ... }, ``` -------------------------------- ### Auth0 Proxy Configuration Example Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/src/OidcProxy.Net.Auth0/Readme.md Example appsettings.json configuration for OidcProxy.Net.Auth0, including Auth0 specific settings and YARP reverse proxy configuration. ```json { "Logging": { "LogLevel": { "Default": "Information", "Microsoft.AspNetCore": "Warning" } }, "AllowedHosts": "*", "OidcProxy": { "LandingPage": "/hello", "Auth0": { "ClientId": "{yourClientId}", "ClientSecret": "{yourClientSecret}", "Domain": "{yourDomain}", "Audience": "{yourAudience}", "Scopes": [ "openid", "profile", "email" ] }, "ReverseProxy": { "Routes": { "api": { "ClusterId": "api", "Match": { "Path": "/api/{*any}" } } }, "Clusters": { "api": { "Destinations": { "api/node1": { "Address": "https://{your_api}/" } } } } } } } ``` -------------------------------- ### OidcProxy.Net Configuration Example Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Configuration This JSON snippet shows a comprehensive example of the OidcProxy.Net configuration in appsettings.json, including settings for authentication, reverse proxy, and optional parameters. ```json { "OidcProxy": { "AlwaysRedirectToHttps": true, "AllowAnonymousAccess": false, "Mode": "Proxy", "EndpointName": "oidcproxy-endpoints/foo", "LandingPage": "/welcome", "EnableUserPreferredLandingPages": true, "AllowedLandingPages": [ "/welcome" , "/hello" ], "ErrorPage": "/oops", "SessionIdleTimeout": "00:30:00", "CustomHostName": "https://www.yoursite.org", "CookieName": "foo.bar", "NameClaim": "name", "RoleClaim": "role", "Oidc": { "ClientId": "{clienid}", "ClientSecret": "{clientsecret}", "Authority": "https://{authority}/" }, "ReverseProxy": { "Routes": { "api": { "ClusterId": "api", "Match": { "Path": "/api/{*any}" } } }, "Clusters": { "api": { "Destinations": { "api/node1": { "Address": "http://localhost:8080/" } } } } } } } ``` -------------------------------- ### Install OidcProxy.Net Package Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/src/OidcProxy.Net/Readme.md Add the necessary OidcProxy.Net package to your .NET project using the dotnet CLI. This command installs the OpenID Connect module. ```bash dotnet add package OidcProxy.Net.OpenIdConnect ``` -------------------------------- ### OidcProxy.Net Invalid ClientSecret Examples Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Errors These JSON examples illustrate common misconfigurations for the 'ClientSecret' that will cause OidcProxy.Net to fail. Ensure the 'ClientSecret' is correctly provided and spelled. ```json "Oidc": { "CliendId": "{yourClientId}", "Authority": "https://{yourAuthority}", "Scopes": [ "openid", "profile", "offline_access" ] }, ``` ```json "Oidc": { "CliendId": "{yourClientId}", "ClientSecret": "", "Authority": "https://{yourAuthority}", "Scopes": [ "openid", "profile", "offline_access" ] }, ``` ```json "Oidc": { "CliendId": "{yourClientId}", "Client_Secret": "{yourClientSecret}", "Authority": "https://{yourAuthority}", "Scopes": [ "openid", "profile", "offline_access" ] }, ``` ```json "Oidc": { "CliendId": "{yourClientId}", "Clientsecret": "{yourClientSecret}", "Authority": "https://{yourAuthority}", "Scopes": [ "openid", "profile", "offline_access" ] }, ``` -------------------------------- ### Install OidcProxy.Net.EntraId Package Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Quickstarts Installs the OidcProxy.Net package for Microsoft Entra ID integration. This command is used in conjunction with the .NET SDK. ```powershell dotnet new web dotnet add package OidcProxy.Net.EntraId ``` -------------------------------- ### Scaffold OidcProxy.Net Project Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/README.md Use this command to scaffold a new OidcProxy.Net project. Ensure you have the template pack installed first. Replace placeholders with your specific IdP, client ID, and client secret. ```bash dotnet new install OidcProxy.Net.Templates dotnet new OidcProxy.Net --backend "https://api.myapp.com" --idp "https://idp.myapp.com" --clientId xyz --clientSecret abc dotnet run ``` -------------------------------- ### Auth0 Audience Configuration Examples (JSON) Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Errors Illustrates missing, empty, and misspelled Auth0 Audience configurations in appsettings.json, which can lead to errors when retrieving access tokens. The correct format is provided in the solution. ```json "Auth0": { "ClientId": "{yourClientId}", "ClientSecret": "{yourClientSecret}", "Domain": "{yourDomain}", "Scopes": [ "openid", "profile", "offline_access" ] }, ``` ```json "Auth0": { ... "Audience": "", ... }, ``` ```json "Auth0": { ... "Audienc": "{yourDomain}", ... }, ``` ```json "Auth0": { ... "Audience": "https://www.mydomain.com/api/test", ... }, ``` -------------------------------- ### Invoke a Back-end API Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/docs/demos/spa-bffs/auth0/src/spa+bff/ClientApp/src/app/app.component.html Examples of how to invoke protected back-end APIs through OidcProxy.Net. ```APIDOC ## GET /api/WeatherForecast/sahara ### Description Example endpoint to fetch weather forecast data for a specific region. ### Method GET ### Endpoint /api/WeatherForecast/sahara ``` ```APIDOC ## GET /api/WeatherForecast/usa ### Description Example endpoint to fetch weather forecast data for the USA. ### Method GET ### Endpoint /api/WeatherForecast/usa ``` -------------------------------- ### Scaffold Authentication Gateway with OidcProxy.Net Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Quickstarts Use this command to scaffold an ASP.NET Core Web Application with OidcProxy configured as an authentication gateway. Ensure the OidcProxy.Net.Templates pack is installed first. ```pwsh # Step 1: # Download and install the template-pack dotnet new install OidcProxy.Net.Templates # Step 2: # Scaffold the proxy dotnet new OidcProxy.Net--backend "https://api.myapp.com" --idp "https://idp.myapp.com" --clientId xyz --clientSecret abc ``` -------------------------------- ### Backend API Invocation Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/docs/demos/spa-bffs/keycloak/src/spa+bff/ClientApp/src/app/app.component.html Examples of how to invoke specific backend API endpoints through OidcProxy.Net. ```APIDOC ## /api/WeatherForecast/sahara ### Description Invokes the 'sahara' endpoint of the WeatherForecast API. ### Method GET ### Endpoint /api/WeatherForecast/sahara ``` ```APIDOC ## /api/WeatherForecast/usa ### Description Invokes the 'usa' endpoint of the WeatherForecast API. ### Method GET ### Endpoint /api/WeatherForecast/usa ``` -------------------------------- ### Scaffold Angular App + ASP.NET Core Identity-Aware BFF Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Quickstarts Use this command to scaffold an Angular application hosted in an ASP.NET Core Web Application that authenticates via OidcProxy. Ensure the OidcProxy.Net.Templates pack is installed first. ```pwsh dotnet new install OidcProxy.Net.Templates dotnet new OidcProxy.Net.Angular --backend "https://api.myapp.com" --idp "https://idp.myapp.com" --clientId xyz --clientSecret abc ``` -------------------------------- ### Run SPA+BFF Demo using CLI Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/docs/demos/spa-bffs/keycloak/src/readme.md Restore dependencies and run the SPA+BFF project from the command line. ```bash cd spa+bff/ dotnet restore dotnet run ``` -------------------------------- ### Run API Demo using CLI Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/docs/demos/spa-bffs/keycloak/src/readme.md Restore dependencies and run the API project from the command line. ```bash cd api/ dotnet restore dotnet run ``` -------------------------------- ### Create New Web Project and Add OidcProxy Package Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/README.md Initializes a new ASP.NET Core web project and adds the OidcProxy.Net OpenIdConnect package. This is the first step in setting up the proxy. ```bash dotnet new web dotnet add package OidcProxy.Net.OpenIdConnect ``` -------------------------------- ### Run Demo with Docker (Windows PowerShell) Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/docs/demos/Authentication-Gateways/Auth0/src/readme.md Execute the build and run script for the demo using Docker on Windows. ```powershell .uild-and-run-with-docker.ps1 ``` -------------------------------- ### Create OidcProxy.Net Project Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/docs/demos/spa-bffs/auth0/src/spa+bff/ClientApp/src/app/app.component.html Create a new OidcProxy.Net project with specified backend, identity provider, client ID, and client secret. ```bash dotnet new OidcProxy.Net --backend "https://api.myapp.com" \ --idp "https://idp.myapp.com" \ --clientId xyz \ --clientSecret abc ``` -------------------------------- ### Configure Auth0 Domain in C# Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Errors Bootstrap the BFF by loading Auth0 identity provider configuration from appsettings.json. Ensure the `Domain` is correctly configured to avoid startup errors. ```csharp //...\nvar builder = WebApplication.CreateBuilder(args); var config = builder.Configuration.GetSection("Auth0"); builder.Services.AddOidcProxy(o => { o.ConfigureAuth0(config); //... }); ``` -------------------------------- ### Run Demo with Docker (Mac Terminal) Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/docs/demos/Authentication-Gateways/Auth0/src/readme.md Execute the build and run script for the demo using Docker on Mac. ```bash brew install --cask powershell pwsh build-and-run-with-docker.ps1 ``` -------------------------------- ### Get Authenticated User Info Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/src/OidcProxy.Net/Readme.md Retrieves information about the currently logged-in user, including claims from the ID token. ```APIDOC ## GET /.auth/me ### Description To see the logged in user, navigate to the `/.auth/me` endpoint. This endpoint shows the claims that are in the `id_token`. ### Method GET ### Endpoint `/.auth/me` ``` -------------------------------- ### End Session Endpoint Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/src/OidcProxy.Net.EntraId/Readme.md Execute a GET request on /.auth/end-session to revoke obtained tokens. This action revokes tokens in the user session but does not log the user out from the Identity Provider session. ```http GET /.auth/end-session ``` -------------------------------- ### Scaffold a Vanilla OidcProxy Project Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/templates/OidcProxy.Net.Templates/README.md Use this command to scaffold a new vanilla OidcProxy project. Ensure you replace placeholder values with your actual backend, identity provider, client ID, and client secret. ```bash dotnet new OidcProxy.Net --backend "https://api.myapp.com" --idp "https://idp.myapp.com" --clientId xyz --clientSecret abc dotnet run ``` -------------------------------- ### Bootstrap OidcProxy with Configuration Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Errors Configure the OidcProxy by loading identity provider settings from appsettings.json using C#. ```csharp var builder = WebApplication.CreateBuilder(args); var config = builder.Configuration.GetSection("Oidc"); builder.Services.AddOidcProxy(o => { o.ConfigureOpenIdConnect(config); //... }); ``` -------------------------------- ### Registering Custom Identity Provider in Program.cs Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Customization-and-extendability Demonstrates how to register a custom identity provider configuration and potentially the provider itself within the application's startup code. ```csharp using OidcProxy.Net.OpenIdConnect; using OidcProxy.Net.ModuleInitializers; var builder = WebApplication.CreateBuilder(args); var config = var config = builder.Configuration .GetSection("OidcProxy") .Get(); ``` -------------------------------- ### Bootstrap OidcProxy with OpenIdConnect Configuration Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Errors This snippet shows how to bootstrap OidcProxy.Net by loading identity provider configuration from appsettings.json. Ensure the 'Oidc' section in your configuration file is correctly set up. ```csharp //... var builder = WebApplication.CreateBuilder(args); var config = builder.Configuration.GetSection("Oidc"); builder.Services.AddOidcProxy(o => { o.ConfigureOpenIdConnect(config); //... }); ``` -------------------------------- ### Run OidcProxy.Net Application Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/docs/demos/spa-bffs/auth0/src/spa+bff/ClientApp/src/app/app.component.html Execute this command to run your OidcProxy.Net application after project creation. ```bash dotnet run ``` -------------------------------- ### Configure Hostname for OidcProxy Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Errors Bootstrap the OidcProxy by loading identity provider configuration, including hostname, from appsettings.json using C#. ```csharp var builder = WebApplication.CreateBuilder(args); var config = builder.Configuration.GetSection("Oidc"); builder.Services.AddOidcProxy(config); ``` -------------------------------- ### Basic OidcProxy Configuration in appsettings.json Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/README.md Defines the core settings for OidcProxy, including the landing page, OIDC provider details (client ID, secret, authority), and reverse proxy routing rules. ```json { "Logging": { "LogLevel": { "Default": "Information", "Microsoft.AspNetCore": "Warning" } }, "AllowedHosts": "*", "OidcProxy": { "LandingPage": "/hello", "Oidc": { "ClientId": "clientid", "ClientSecret": "secret", "Authority": "https://login.yoursite.com/" }, "ReverseProxy": { "Routes": { "api": { "ClusterId": "api", "Match": { "Path": "/api/{*any}" } } }, "Clusters": { "api": { "Destinations": { "api/node1": { "Address": "http://localhost:8080/" } } } } } } } ``` -------------------------------- ### Bootstrap Custom Token Parser Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Customization-and-extendability Register your custom `ITokenParser` implementation with the OidcProxy.Net services during application startup. ```csharp builder.Services.AddAuth0Proxy(config, o => o.AddTokenParser()); ``` -------------------------------- ### Configure Azure AD Client Secret in C# Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Errors Bootstrap the OidcProxy.Net by loading Azure AD identity provider configuration from appsettings.json. Ensure the `client_secret` is correctly configured to avoid startup errors. ```csharp //...\nvar builder = WebApplication.CreateBuilder(args); var config = builder.Configuration.GetSection("Azure"); builder.Services.AddOidcProxy(o => { o.ConfigureAzureAd(config); //... }); ``` -------------------------------- ### Configure BFF appsettings.json Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/docs/demos/Authentication-Gateways/Auth0/src/readme.md Update BFF appsettings.json with your Auth0 credentials and domain. ```json { "Auth0__ClientSecret": "{yourClientSecret}", "Auth0__ClientId": "{yourClientId}", "Auth0__Domain": "{yourDomain}", "Auth0__Audience": "{yourAudience}" } ``` -------------------------------- ### Configure OpenId Connect (OIDC) Settings Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Configuration Configure OpenId Connect authentication. ClientId, ClientSecret, and Authority are required. DiscoveryEndpoint, Scopes, and PostLogoutRedirectEndpoint are optional. ```json { ... "Oidc": { "ClientId": "123abc", "ClientSecret": "$3cr3t", "Authority": "https://login.yoursite.com", "DiscoveryEndpoint": "/.well-known/openid-configuration", "Scopes": [ "openid", "profile", "email", ], "PostLogoutRedirectEndpoint": "/bye" }, ... } ``` -------------------------------- ### Correct Hostname Configuration Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Errors This is the correct configuration for the 'Hostname' setting. Ensure it is set to a valid URL and restart OidcProxy. ```json "Hostname": "https://foo.bar", "Oidc": { "ClientId": "test", "ClientSecret": "{yourClientSecret}", "Authority": "https://{yourAuthority}", "Scopes": [ "openid", "profile", "offline_access" ] } ``` -------------------------------- ### Correct ClientSecret Configuration Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Errors Configure the ClientSecret correctly to resolve the error. Ensure the value is accurate and properly formatted. ```json "Oidc": { "CliendId": "{yourClientId}", "ClientSecret": "{yourClientSecret}", "TenantId": "{yourTenantId}", "Authority": "https://{yourAuthority}", "Scopes": [ "openid", "profile", "offline_access" ] }, ``` -------------------------------- ### Configure OidcProxy with Valid ClientSecret Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Errors This JSON configuration demonstrates the correct way to set the 'ClientSecret' for OidcProxy.Net. Ensure this value is present, not empty, and correctly spelled with the right casing in your appsettings.json. ```json "Oidc": { "CliendId": "{yourClientId}", "ClientSecret": "{yourClientSecret}", "Authority": "https://{yourAuthority}", "Scopes": [ "openid", "profile", "offline_access" ] }, ``` -------------------------------- ### Custom LandingPage Configuration Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Configuration Set a custom landing page to redirect users to after a successful login. If not specified, users are redirected to the root path '/'. ```json { ... "LandingPage": "/welcome", ... ``` -------------------------------- ### Configure OidcProxy.Net.EntraId in appsettings.json Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/src/OidcProxy.Net.EntraId/Readme.md Set up Entra ID specific settings and reverse proxy configurations in appsettings.json. Update placeholders with your actual values. ```json { "Logging": { "LogLevel": { "Default": "Information", "Microsoft.AspNetCore": "Warning" } }, "EntraId": { "ClientId": "{yourClientId}", "ClientSecret": "{yourClientSecret}", "TenantId": "{yourTenantId}", "DiscoveryEndpoint": "{https://login.microsoftonline.com/{tenantId}/v2.0/.well-known/openid-configuration}", "Scopes": [ "openid", "profile", "offline_access", "https://yourDomain.onmicrosoft.com/test/api1" ] }, "AllowedHosts": "*", "OidcProxy": { "LandingPage": "/hello", "EntraId": { "ClientId": "{yourClientId}", "ClientSecret": "{yourClientSecret}", "Scopes": [ "openid", "profile", "offline_access", "https://foo.onmicrosoft.com/api/test/weatherforecast.read" ] }, "ReverseProxy": { "Routes": { "api": { "ClusterId": "api", "Match": { "Path": "/api/{*any}" } } }, "Clusters": { "api": { "Destinations": { "api/node1": { "Address": "https://{your_api}/" } } } } } } } ``` -------------------------------- ### Correctly Registering Multiple Identity Providers with Unique Configs Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Errors This code shows the correct way to register multiple identity providers by ensuring each has its own dedicated configuration class and instance. ```csharp public class FooIdentityProvider : IIdentityProvider { // ... } public FooConfig { // ... } public class BarIdentityProvider : IIdentityProvider { // ... } public BarConfig { // ... } var builder = WebApplication.CreateBuilder(args); var config1 = builder.Configuration .GetSection("Foo") .Get(); var config2 = builder.Configuration .GetSection("Bar") .Get(); builder.Services.AddOidcProxy(o => { o.RegisterIdentityProvider(config1, "foo"); o.RegisterIdentityProvider(config2, "bar"); }) ``` -------------------------------- ### Program.cs for Auth0 Integration Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Quickstarts Configures the ASP.NET Core application to use OidcProxy.Net with Auth0. It reads the configuration, registers the Auth0 proxy services, and applies the middleware. ```csharp using OidcProxy.Net.Auth0; using OidcProxy.Net.ModuleInitializers; var builder = WebApplication.CreateBuilder(args); var config = builder.Configuration .GetSection("OidcProxy") .Get(); builder.Services.AddAuth0Proxy(config); var app = builder.Build(); app.UseAuth0Proxy(); app.Run(); ``` -------------------------------- ### Empty ClientSecret Configuration Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Errors Reproduce the error by providing an empty string for the ClientSecret in the Oidc configuration. ```json "Oidc": { "CliendId": "{yourClientId}", "ClientSecret": "", "Authority": "https://{yourAuthority}", "Scopes": [ "openid", "profile", "offline_access" ] }, ``` -------------------------------- ### Scaffold an Angular App with OidcProxy.Net BFF Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/templates/OidcProxy.Net.Templates/README.md Use this command to scaffold a new Angular project with an integrated ASP.NET Core BFF using OidcProxy.Net. Replace placeholder values with your specific configuration details. ```bash dotnet new OidcProxy.Net.Angular --backend "https://api.myapp.com" --idp "https://idp.myapp.com" --clientId xyz --clientSecret abc dotnet run ``` -------------------------------- ### Configure Auth0 Authentication Gateway Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Quickstarts Sets up the OidcProxy.Net configuration for Auth0. Replace placeholders with your Auth0 credentials and API details. This configuration defines the landing page, Auth0 specific settings, and reverse proxy rules. ```json { "Logging": { "LogLevel": { "Default": "Information", "Microsoft.AspNetCore": "Warning" } }, "AllowedHosts": "*", "OidcProxy": { "LandingPage": "/account/me", "Auth0": { "ClientId": "{yourClientId}", "ClientSecret": "{yourClientSecret}", "Domain": "{yourDomain}", "Audience": "{yourAudience}", "Scopes": [ "openid", "profile", "email" ] }, "ReverseProxy": { "Routes": { "api": { "ClusterId": "api", "Match": { "Path": "/api/{*any}" } } }, "Clusters": { "api": { "Destinations": { "api/node1": { "Address": "https://yourapi/" } } } } } } } ``` -------------------------------- ### Bootstrap OidcProxy with Azure AD Configuration Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Errors Configure the OidcProxy to use Azure AD by loading identity provider settings from appsettings.json. Ensure the Azure section is correctly referenced. ```csharp //... var builder = WebApplication.CreateBuilder(args); var config = builder.Configuration.GetSection("Azure"); builder.Services.AddOidcProxy(o => { o.ConfigureAzureAd(config); //... }); ``` -------------------------------- ### Add OidcProxy.Net to ASP.NET Core Application Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/src/OidcProxy.Net/Readme.md Configure services to use OidcProxy.Net by adding the OidcProxy configuration. This is typically done in the Program.cs file. ```csharp using OidcProxy.Net.ModuleInitializers; using OidcProxy.Net.OpenIdConnect; var builder = WebApplication.CreateBuilder(args); var config = builder.Configuration .GetSection("OidcProxy") .Get(); builder.Services.AddOidcProxy(config); var app = builder.Build(); app.UseOidcProxy(); app.Run(); ``` -------------------------------- ### Login Endpoint Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/src/OidcProxy.Net.Auth0/Readme.md Initiates the user login process by redirecting to the Identity Provider. User tokens are stored server-side. ```APIDOC ## GET /.auth/login ### Description To log a user in and to start a http session, navigate to `/.auth/login`. The software will redirect to the login page of the Identity Provider to log the user in. The resulting tokens will be stored in the user session and are not available in the browser. ### Method GET ### Endpoint /.auth/login ``` -------------------------------- ### Configure OidcProxy Services in Program.cs Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/README.md Registers OidcProxy services with the ASP.NET Core dependency injection container. It reads configuration from `appsettings.json` and can optionally use an encryption key for JWE. ```csharp using OidcProxy.Net.ModuleInitializers; using OidcProxy.Net.OpenIdConnect; var builder = WebApplication.CreateBuilder(args); var config = builder.Configuration .GetSection("OidcProxy") .Get(); builder.Services.AddOidcProxy(config); // Or, in case of an identity provider that uses Json Web Encryption: // var key = new SymmetricSecurityKey( // Convert.FromBase64String("DRjd/GnduI3Efzen9V9BvbNUfc/VKgXltV7Kbk9sMkY=") // ); // // builder.Services.AddOidcProxy(config, o => o.UseEncryptionKey(new SymmetricKey(key))); var app = builder.Build(); app.UseOidcProxy(); app.Run(); ``` -------------------------------- ### Reproduce Hostname Empty Error Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Errors An empty 'Hostname' value will also lead to an error. Always provide a valid hostname. ```json "Hostname": "", "Oidc": { "ClientId": "test", "ClientSecret": "{yourClientSecret}", "Authority": "https://{yourAuthority}", "Scopes": [ "openid", "profile", "offline_access" ] } ``` -------------------------------- ### Create Kubernetes Namespace Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/docs/demos/Authentication-Gateways/Auth0/src/kubernetes/readme.md Applies a YAML file to create a dedicated namespace for the OIDC Proxy service isolation. ```shell kubectl apply -f namespace.yaml ``` -------------------------------- ### Register Custom Identity Provider Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Errors Integrate custom identity providers by implementing `IIdentityProvider` and registering it using `RegisterIdentityProvider`. ```csharp var builder = WebApplication.CreateBuilder(args); var config = builder.Configuration .GetSection("Oidc") .Get(); builder.Services.AddOidcProxy(o => { o.RegisterIdentityProvider(config); } ``` -------------------------------- ### Port-forward OIDC Proxy BFF Service for Testing Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/docs/demos/Authentication-Gateways/Auth0/src/kubernetes/readme.md Establishes a port-forwarding connection to the OIDC Proxy BFF service on Kubernetes for local testing. ```shell kubectl port-forward -n oidcproxy svc/oidcproxy-bff-service 8443:8443 ``` -------------------------------- ### Reproduce Hostname Missing Error Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Errors This configuration will cause an error if the 'Hostname' field is missing. Ensure 'Hostname' is present and correctly configured. ```json { "Oidc": { "ClientId": "test", "ClientSecret": "{yourClientSecret}", "Authority": "https://{yourAuthority}", "Scopes": [ "openid", "profile", "offline_access" ] } } ``` -------------------------------- ### Configure API appsettings.json Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/docs/demos/Authentication-Gateways/Auth0/src/readme.md Update API appsettings.json with your Auth0 domain and audience. ```json { "Auth0__Domain": "{yourDomain}", "Auth0__Audience": "{yourAudience}" } ``` -------------------------------- ### Missing ClientSecret Configuration Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Errors Reproduce the error by omitting the ClientSecret in the Oidc configuration. ```json "Oidc": { "CliendId": "{yourClientId}", "Authority": "https://{yourAuthority}", "TenantId": "{yourTenantId}", "Scopes": [ "openid", "profile", "offline_access" ] }, ``` -------------------------------- ### Configure Multiple Identity Providers on Different Endpoints Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Errors This code demonstrates how to configure multiple identity providers, each associated with a unique endpoint name, to avoid conflicts. ```csharp var builder = WebApplication.CreateBuilder(args); builder.Services.AddOidcProxy(o => { o.ConfigureAuth0(builder.Configuration.GetSection("Auth0"), "my-account"); o.ConfigureAzureAd(builder.Configuration.GetSection("AzureAd"), "back-office"); }) ``` -------------------------------- ### Bootstrap Claims Transformation Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Customization-and-extendability Register your custom `IClaimsTransformation` implementation with OidcProxy.Net in your `program.cs` file. ```csharp builder.Services.AddOidcProxy(config, o => { o.AddClaimsTransformation(); }); ``` -------------------------------- ### Add OidcProxy.Net.EntraId to ASP.NET Core Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/src/OidcProxy.Net.EntraId/Readme.md Configure services in Program.cs to use OidcProxy.Net.EntraId. Ensure your configuration is loaded correctly. ```csharp using OidcProxy.Net.EntraId; using OidcProxy.Net.ModuleInitializers; var builder = WebApplication.CreateBuilder(args); var entraIdConfig = builder.Configuration .GetSection("OidcProxy") .Get(); builder.Services.AddEntraIdProxy(entraIdConfig); var app = builder.Build(); app.UseEntraIdProxy(); app.Run(); ``` -------------------------------- ### Configure Auth0 Authentication Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Configuration Configure Auth0 as the identity provider. ClientId, ClientSecret, Domain, and Audience are required. Scopes, FederatedLogout, and UseOidcLogoutEndpoint are optional. ```json { ... "Auth0": { "ClientId": "123abc", "ClientSecret": "$3cr3t", "Domain": "test.eu.auth0.com", "Audience": "https://www.yoursite.com/api", "UseOidcLogoutEndpoint": false, "Scopes": [ "openid", "profile", "email", ], "FederatedLogout": true } ... } ``` -------------------------------- ### Configure OpenID Connect Identity Provider Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Errors Use the shorthand `ConfigureOpenIdConnect` to register an OpenID Connect identity provider with configuration from `appsettings.json`. ```csharp var builder = WebApplication.CreateBuilder(args); builder.Services.AddOidcProxy(o => { o.ConfigureOpenIdConnect(builder.Configuration.GetSection("Oidc")); } ``` -------------------------------- ### Empty ClientId Configuration Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Errors Reproduce the error by setting the 'ClientId' key to an empty string in the Oidc configuration. ```json "Oidc": { "ClientId": "", "ClientSecret": "{yourClientSecret}", "Authority": "https://{yourAuthority}", "Scopes": [ "openid", "profile", "offline_access" ] }, ``` -------------------------------- ### User Login Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/src/OidcProxy.Net/Readme.md Initiates the user login process by redirecting to the Identity Provider's login page. User tokens are stored in the session. ```APIDOC ## GET /.auth/login ### Description To log a user in and to start a http session, navigate to `/.auth/login`. The software will redirect to the login page of the Identity Provider to log the user in. The resulting tokens will be stored in the user session and are not available in the browser. ### Method GET ### Endpoint `/.auth/login` ``` -------------------------------- ### Deploy OIDC Proxy BFF Service Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/docs/demos/Authentication-Gateways/Auth0/src/kubernetes/readme.md Applies the Kubernetes configuration files for the OIDC Proxy BFF service. ```shell kubectl apply -f oidcproxy-bff.yaml kubectl apply -f oidcproxy-bff-service.yaml ``` -------------------------------- ### OidcProxy.Net Multiple Identity Providers of Same Type Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Errors Reproduce the error 'Registering multiple identity providers of the same type is not supported' by calling `ConfigureOpenIdConnect` more than once with different configuration sections. ```csharp var builder = WebApplication.CreateBuilder(args); builder.Services.AddOidcProxy(o => { o.ConfigureOpenIdConnect(builder.Configuration.GetSection("Idp1")); o.ConfigureOpenIdConnect(builder.Configuration.GetSection("Idp2")); // this line raises the error } ``` -------------------------------- ### Bootstrap Custom Authentication Callback Handler Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Customization-and-extendability Register your custom `IAuthenticationCallbackHandler` implementation in your `Program.cs` file to enable custom post-authentication behavior. ```csharp builder.Services.AddOidcProxy(config, o => { o.AddAuthenticationCallbackHandler(); }); ``` -------------------------------- ### Custom LegacyIdentityProvider Implementation Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Customization-and-extendability Provides a concrete implementation of the IIdentityProvider interface for a legacy OAuth2 authorization server. It handles constructing the authorization URI and exchanging the authorization code for tokens. ```csharp using System.Text; using OidcProxy.Net.IdentityProviders; using Newtonsoft.Json.Linq; namespace YourApp; public class LegacyServerConfig { public string Authority { get; set; } public string ClientId { get; set; } } public class LegacyIdentityProvider : IIdentityProvider { private readonly LegacyServerConfig _config; private readonly HttpClient _httpClient; public LegacyIdentityProvider(LegacyServerConfig config, HttpClient httpClient) { _config = config; _httpClient = httpClient; } // Create the authorize URI here as defined in the OAuth2 RFC (https://www.rfc-editor.org/rfc/rfc6749#section-4.1.1) public Task GetAuthorizeUrlAsync(string redirectUri) { const string uriFormat = "{0}/authorize?response_type=code&client_id={1}&state={2}&redirect_uri={3}&scope=openid+profile"; var uri = string.Format(uriFormat, _config.Authority, _config.ClientId, "xyz", redirectUri); string? codeVerifier = null; // not applicable for legacy auth code flow var result = new AuthorizeRequest(new Uri(uri), codeVerifier); return Task.FromResult(result); } public async Task GetTokenAsync(string redirectUri, string code, string? codeVerifier) { _httpClient.DefaultRequestHeaders.Add("content-type", "application/x-www-form-urlencoded"); const string requestBodyFormat = "grant_type=authorization_code&code={0}&client_id={1}&redirect_uri={2}"; var requestBody = string.Format(requestBodyFormat, code, _config.ClientId, redirectUri); var requestContent = new StringContent(requestBody, Encoding.UTF8, "application/x-www-form-urlencoded"); var requestUrl = $"{_config.Authority}/token"; var response = await _httpClient.PostAsync(requestUrl, requestContent); var responseBody = await response.Content.ReadAsStringAsync(); var responseJson = JObject.Parse(responseBody); return new TokenResponse(responseJson["access_token"].Value(), responseJson["id_token"].Value(), responseJson["refresh_token"].Value(), DateTime.Now.AddSeconds(responseJson["expires_in"].Value())); } public Task RefreshTokenAsync(string refreshToken) { // And so forth throw new NotImplementedException(); } public Task RevokeAsync(string token) { // And so forth throw new NotImplementedException(); } public Task GetEndSessionEndpointAsync(string? idToken, string baseAddress) { // And so forth throw new NotImplementedException(); } } ``` -------------------------------- ### Deploy OIDC Proxy API Service Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/docs/demos/Authentication-Gateways/Auth0/src/kubernetes/readme.md Applies the Kubernetes configuration files for the OIDC Proxy API service. ```shell kubectl apply -f oidcproxy-api.yaml kubectl apply -f oidcproxy-api-service.yaml ``` -------------------------------- ### Login Endpoint Source: https://github.com/oidcproxydotnet/oidcproxy.net/blob/main/src/OidcProxy.Net.Auth0/Readme.md Initiates the user login process by redirecting to the Identity Provider's login page. Tokens are stored in the user session. ```http GET /.auth/login ``` -------------------------------- ### Registering Multiple Identity Providers with Same Config Type (Error) Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Errors This code demonstrates how registering multiple identity providers with the same configuration object type causes an error. Each identity provider should have a unique configuration type. ```csharp var builder = WebApplication.CreateBuilder(args); var config1 = builder.Configuration .GetSection("Foo") .Get(); var config2 = builder.Configuration .GetSection("Bar") .Get(); builder.Services.AddOidcProxy(o => { o.RegisterIdentityProvider(config1, "foo"); o.RegisterIdentityProvider(config2, "bar"); // This causes the error. You cannot use a config of the same type for // two different types of identity providers. }) ``` -------------------------------- ### Missing ClientId Configuration Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Errors Reproduce the error by omitting the 'ClientId' key in the Oidc configuration. ```json "Oidc": { "ClientSecret": "{yourClientSecret}", "Authority": "https://{yourAuthority}", "Scopes": [ "openid", "profile", "offline_access" ] }, ``` -------------------------------- ### Define Custom Identity Providers in C# Source: https://github.com/oidcproxydotnet/oidcproxy.net/wiki/Errors Define custom identity provider classes that implement the IIdentityProvider interface. Ensure configuration classes are distinct for each provider. ```csharp public class FooIdentityProvider : IIdentityProvider { // ... } public class BarIdentityProvider : IIdentityProvider { // ... } public FooConfig { // ... } ```