Implementing OAuth 2.0 + openID token with ASP.NET5

Question

I have the following code which seems to not do anything when I run the project. I expect a browser redirect to happen to http://localhost:5000 requesting the "code" authorization flow. Instead I just see "Hello World".

This is my startup.cs file:

using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace OAuthService
{
    public class Startup
    {
        // This method gets called by the runtime. Use this method to add services to the container.
        // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = "cookie";
                options.DefaultSignInScheme = "cookie";
                options.DefaultChallengeScheme = "oidc";
            })
            .AddOpenIdConnect("oidc", options =>
            {
                options.Authority = "http://localhost:5000";
                options.RequireHttpsMetadata = false; // dev only

                options.ClientId = "pkce_client";
                options.ClientSecret = "acf2ec6fb01a4b698ba240c2b10a0243";
                options.ResponseType = OpenIdConnectResponseType.Code;
                options.ResponseMode = "form_post";
                options.CallbackPath = "/OAuthService/GetResponse";
                options.UsePkce = true;
            });
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            app.UseRouting();

            app.UseAuthentication();            

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapGet("/", async context =>
                {
                    await context.Response.WriteAsync("Hello World!");
                });
            });
        }
    }
}

Answer 1

Someone needs to tell the authentication module that the user has to login. You either trigger that using

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapGet("/login", async context =>
                {
                    var claims = new Claim[]
                    {
                                        //Standard claims
                                        new Claim(ClaimTypes.Name, "Joe Svensson"),
                                        new Claim(ClaimTypes.Country, "Sweden"),
                                        new Claim(ClaimTypes.Email, "[email protected]"),

                                        //Custom claims
                                        new Claim("JobTitle", "Developer"),
                                        new Claim("JobLevel", "Senior"),
                    };

                    ClaimsIdentity identity = new ClaimsIdentity(claims: claims,
                                                      authenticationType: CookieAuthenticationDefaults.AuthenticationScheme);

                    ClaimsPrincipal user = new ClaimsPrincipal(identity: identity);

                    var authProperties = new AuthenticationProperties
                    {
                        IsPersistent = true
                    };

                    //Sign-in the user
                    await context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, user, authProperties);

                    await context.Response.WriteAsync("<!DOCTYPE html><body>");
                    await context.Response.WriteAsync("<h1>Logged in!</h1>");
                });
....

Or you add the Authorization handler middleware using

    app.UseAuthorization();

and configure it properly using:

.AddAuthorization(options =>
{
    ...
})