Created
September 21, 2022 07:58
-
-
Save sergiutesu/1f97b6c98b7ef219bc4cca83c91d65a7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using Microsoft.AspNetCore.Authentication.Cookies; | |
| using Microsoft.AspNetCore.Authentication.MicrosoftAccount; | |
| using Microsoft.AspNetCore.Authentication.OpenIdConnect; | |
| using Microsoft.Identity.Web; | |
| using Microsoft.IdentityModel.Protocols.OpenIdConnect; | |
| using System.Security.Claims; | |
| namespace AzureAD | |
| { | |
| public static class BackofficeAuthenticationExtensions | |
| { | |
| public static IUmbracoBuilder ConfigureAuthentication(this IUmbracoBuilder builder) | |
| { | |
| builder.Services.ConfigureOptions<AzureB2CBackofficeExternalLoginProviderOptions>(); | |
| builder.AddBackOfficeExternalLogins(logins => | |
| { | |
| //const string schema = MicrosoftAccountDefaults.AuthenticationScheme; | |
| logins.AddBackOfficeLogin( | |
| backOfficeAuthenticationBuilder => | |
| { | |
| backOfficeAuthenticationBuilder.AddOpenIdConnect( | |
| backOfficeAuthenticationBuilder.SchemeForBackOffice(AzureB2CBackofficeExternalLoginProviderOptions.SchemeName), | |
| options => | |
| { | |
| //options.ResponseMode = "query"; | |
| options.ResponseType = "id_token token"; | |
| options.Scope.Add("https://sergiuazureadb2c.onmicrosoft.com/api/demo.read"); | |
| options.Scope.Add("https://sergiuazureadb2c.onmicrosoft.com/api/demo.write"); | |
| options.Scope.Add("email"); | |
| options.Scope.Add("openid"); | |
| options.Scope.Add("offline_access"); | |
| options.RequireHttpsMetadata = true; | |
| //Obtained from the AZURE AD B2C WEB APP | |
| options.ClientId = "85f11fbf-6807-4285-8b3f-9ef5e35b4983"; | |
| //Obtained from the AZURE AD B2C WEB APP | |
| options.ClientSecret = "0bfe7f12-fef9-4b5b-8ce5-4f207c911660"; | |
| //Callbackpath - Important! The CallbackPath represents the URL to which the browser should be redirected to and the default value is /signin-oidc. | |
| options.CallbackPath = "/umbraco-b2c-signin"; | |
| //Obtained from user flows in your Azure B2C tenant | |
| options.MetadataAddress = "https://sergiuazureadb2c.b2clogin.com/sergiuazureadb2c.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_signin"; | |
| options.TokenValidationParameters.SaveSigninToken = true; | |
| options.SaveTokens = true; | |
| options.GetClaimsFromUserInfoEndpoint = true; | |
| // It’s important to have the correct claims set up in Azure. | |
| // Once you are authenticated to Azure AD B2C, it validates the request. If the token is validated it triggers this event. | |
| // The token coming back from Azure AD B2C, contains several properties and one of the properties is the claims, containing information about the email address and name, and these are used by Umbraco to create and link the user. | |
| options.Events.OnTokenValidated = async context => | |
| { | |
| ClaimsPrincipal? principal = context.Principal; | |
| if (principal is null) | |
| { | |
| throw new InvalidOperationException("No claims found.. :("); | |
| return; | |
| } | |
| var claims = principal.Claims.ToList(); | |
| Claim? email = claims.SingleOrDefault(x => x.Type == "emails"); | |
| if (email is not null) | |
| { | |
| claims.Add(new Claim(ClaimTypes.Email, email.Value)); | |
| } | |
| Claim? name = claims.SingleOrDefault(x => x.Type == "name"); | |
| if (name is not null) | |
| { | |
| claims.Add(new Claim(ClaimTypes.Name, name.Value)); | |
| } | |
| var authenticationType = principal.Identity?.AuthenticationType; | |
| context.Principal = new ClaimsPrincipal(new ClaimsIdentity(claims, authenticationType)); | |
| }; | |
| }); | |
| }); | |
| }); | |
| return builder; | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment