Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document the System.Net.Http integration #124

Merged
merged 1 commit into from
Aug 1, 2024
Merged

Document the System.Net.Http integration #124

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .vitepress/config.mts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,7 @@ export default defineConfig({
{ text: "Entity Framework Core", link: "/integrations/entity-framework-core" },
{ text: "MongoDB", link: "/integrations/mongodb" },
{ text: "Quartz.NET", link: "/integrations/quartz" },
{ text: "System.Net.Http", link: "/integrations/system-net-http" },
{ text: "Web providers", link: "/integrations/web-providers" },
{
text: "External resources",
Expand Down
10 changes: 8 additions & 2 deletions configuration/encryption-and-signing-credentials.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ To protect the tokens they generate, the OpenIddict client and server stacks use
> [!IMPORTANT]
> While you can technically reuse the same set of credentials for both the OpenIddict client and the OpenIddict server, it is recommended to use separate keys/certificates.

## Registering credentials in the client or server options
## Registering credentials in the client or server options <Badge type="warning" text="client" /><Badge type="danger" text="server" />

OpenIddict allows registering one or multiple keys (raw keys or embedded in X.509 certificates).

Expand Down Expand Up @@ -137,7 +137,7 @@ The best place to store your certificates will depend on your host:
- On Azure, certificates can be uploaded and exposed to Azure App Service applications using the special `WEBSITE_LOAD_CERTIFICATES` flag.
For more information, visit [Use a TLS/SSL certificate in your code in Azure App Service](https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate-in-code).

## Importing credentials in the API/resource validation options
## Importing credentials in the validation options of the API projects <Badge type="tip" text="validation" />

### Using the `options.UseLocalServer()` integration

Expand Down Expand Up @@ -166,6 +166,12 @@ services.AddOpenIddict()
});
```

> [!WARNING]
> Using OpenID Connect discovery requires enabling the `System.Net.Http` integration: make sure the
> `OpenIddict.Validation.SystemNetHttp` package is referenced and call `UseSystemNetHttp()` to enable it.
>
> For more information, read [`System.Net.Http` integration](/integrations/system-net-http.md).

### Registering a symmetric signing key in the token validation parameters

Unlike asymmetric signing keys, symmetric keys - used with HMAC-based algorithms like [HS256](https://datatracker.ietf.org/doc/html/rfc7518#section-3.2) - cannot
Expand Down
3 changes: 1 addition & 2 deletions configuration/token-formats.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ opting for ASP.NET Core Data Protection rather than JWT has actually a few advan
> To enable ASP.NET Core Data Protection support in the OpenIddict OWIN hosts, you need to manually reference the
> `OpenIddict.Client.DataProtection`, `OpenIddict.Server.DataProtection` and `OpenIddict.Validation.DataProtection` packages.

### Switching to Data Protection tokens
### Switching to Data Protection tokens <Badge type="warning" text="client" /><Badge type="danger" text="server" /><Badge type="tip" text="validation" />

ASP.NET Core Data Protection support is provided by the `OpenIddict.Client.DataProtection`, `OpenIddict.Server.DataProtection`
and `OpenIddict.Validation.DataProtection` packages. These packages are referenced by the `OpenIddict.AspNetCore` metapackage
Expand All @@ -74,7 +74,6 @@ services.AddOpenIddict()
{
options.UseDataProtection();
})

.AddValidation(options =>
{
options.UseDataProtection();
Expand Down
80 changes: 41 additions & 39 deletions integrations/aspnet-core.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,44 +32,46 @@ ASP.NET Core 2.1+ application, independently of whether they are using MVC contr
> - X.509 ECDSA signing certificates/keys: calling `AddSigningCertificate()` or `AddSigningKey()`
> with an ECDSA certificate/key will always result in a `PlatformNotSupportedException` being thrown at runtime.

## Basic configuration

Native ASP.NET Core integration is provided by 3 dedicated packages that can be used together or
independently (depending on whether you need the client, server and validation features in your project):

```xml
<PackageReference Include="OpenIddict.Client.AspNetCore" Version="5.7.0" />
<PackageReference Include="OpenIddict.Server.AspNetCore" Version="5.7.0" />
<PackageReference Include="OpenIddict.Validation.AspNetCore" Version="5.7.0" />
```

To enable the ASP.NET Core integration, simply call `UseAspNetCore()` for each OpenIddict feature (client, server and validation) you want to add:

```csharp
services.AddOpenIddict()
.AddCore(options =>
{
// ...
})
.AddClient(options =>
{
// ...

options.UseAspNetCore();
})
.AddServer(options =>
{
// ...

options.UseAspNetCore();
})
.AddValidation(options =>
{
// ...

options.UseAspNetCore();
});
```
## Basic configuration <Badge type="warning" text="client" /><Badge type="danger" text="server" /><Badge type="tip" text="validation" />

To configure the ASP.NET Core integration, you'll need to:
- **Reference the `OpenIddict.Client.UseSystemNetHttp` and/or `OpenIddict.Server.UseSystemNetHttp` and/or
`OpenIddict.Validation.UseSystemNetHttp` packages**
(depending on whether you need the client and/or server and/or validation features in your project):

```xml
<PackageReference Include="OpenIddict.Client.AspNetCore" Version="5.7.0" />
<PackageReference Include="OpenIddict.Server.AspNetCore" Version="5.7.0" />
<PackageReference Include="OpenIddict.Validation.AspNetCore" Version="5.7.0" />
```

- **Call `UseAspNetCore()` for each OpenIddict feature (client, server and validation) you want to add**:

```csharp
services.AddOpenIddict()
.AddCore(options =>
{
// ...
})
.AddClient(options =>
{
// ...

options.UseAspNetCore();
})
.AddServer(options =>
{
// ...

options.UseAspNetCore();
})
.AddValidation(options =>
{
// ...

options.UseAspNetCore();
});
```

> [!WARNING]
> OpenIddict integrates with ASP.NET Core using an `IAuthenticationRequestHandler` service.
Expand Down Expand Up @@ -251,7 +253,7 @@ services.AddOpenIddict()
>
> For more information, read [Distributed caching in ASP.NET Core](https://learn.microsoft.com/en-us/aspnet/core/performance/caching/distributed).

### Authentication scheme forwarding (client-only)
### Authentication scheme forwarding <Badge type="warning" text="client" />

To simplify triggering authentication operations for a specific client registration, the OpenIddict client offers a built-in authentication scheme
forwarding feature that allows using the provider name assigned to a client registration as an authentication scheme in ASP.NET Core:
Expand Down
Loading