Search code examples
asp.net-coreopeniddict.net-7.0

OpenIddict 4 WebProviders does not configure external authentication schemes

I am just wondering if anyone has some experience with this. I am trying out OpenIddict 4.0.0 to put together a real-life solution with the new Identity UI and razor pages approach. However when I register an external auth provider using the suggested unified OpenIddict.Client.WebIntegration package, I cannot see the providers on the default login page external section.

I also tried to use the openiddict-core sandbox aspnet.core server app but that as well does not show the configured GitHub external login option.

I could explicitly create links for the providers, however I do not see that as a convenient solution. The default code segment that calls SignInManager.GetExternalAuthenticationSchemesAsync() does not seem to collect the external providers registered using

options.UseWebProviders().UseGitHub() ...

What am I missing here? Thanks

Solution

  • Edit: to improve interoperability, a native authentication scheme forwarding mechanism was added to the OpenIddict client in 4.7.0: OpenIddict providers are now automatically returned by SignInManager.GetExternalAuthenticationSchemesAsync() and listed by the default UI.

    See https://github.com/openiddict/openiddict-core/releases/tag/4.7.0 for more information.

    It's a deliberate design choice, explained in [this post comparing the aspnet-contrib providers with the OpenIddict providers](https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers/issues/694#issue-1280661329):

    The aspnet-contrib providers use an authentication scheme per provider, which means you can do [Authorize(AuthenticationSchemes = "Facebook")] to trigger an authentication dance. In contrast, the OpenIddict client uses a single authentication scheme and requires setting the issuer as an AuthenticationProperties item if multiple providers are registered.

    For the same reason, the providers registered via the OpenIddict client are not listed by Identity's SignInManager.GetExternalAuthenticationSchemesAsync() and so don't appear in the "external providers" list returned by the default Identity UI. In practice, many users will prefer customizing this part to be more user-friendly, for instance by using localized provider names or logos, which is not something you can natively do with SignInManager.GetExternalAuthenticationSchemesAsync() anyway.