- ABP Framework version: v7.0.0
- UI type: BlazorServer
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): Microservices
- Exception message and stack trace:
- Steps to reproduce the issue:"
Hi,
I have tried to get AuthServer working in K8S and keep getting the error.
Could not retrieve the OpenId Connect discovery document! ErrorType: Exception. Error: Error connecting to https://localhost:44322/.well-known/openid-configuration. Connection refused (localhost:44322).
This worked in v6 - no matter what I try it will not pick up the hostname in K8S for .well-known/openid-configuration. AuthServer / BlazorServer / PublicWeb are all affected. Runs ok locally. I have even tries a congfigmap in Helm for appsettings.json - it's like the url is hardcoded or something. Something has changed since v6.
[13:01:36 INF] Request starting HTTP/1.1 POST http://auth.dataadmiral.net/Account/Login application/x-www-form-urlencoded 300
[13:01:36 INF] CORS policy execution successful.
[13:01:36 INF] Executing endpoint '/Account/Login'
[13:01:36 INF] Route matched with {page = "/Account/Login", area = "", action = "", controller = ""}. Executing page /Account/Login
[13:01:36 INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy
[13:01:36 INF] Executing handler method Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.OnPostAsync - ModelState is Valid
[13:01:37 INF] Start processing HTTP request GET https://localhost:44322/.well-known/openid-configuration
[13:01:37 INF] Sending HTTP request GET https://localhost:44322/.well-known/openid-configuration
[13:01:37 INF] Executed page /Account/Login in 937.9643ms
[13:01:37 INF] Executed endpoint '/Account/Login'
[13:01:37 ERR] An unhandled exception has occurred while executing the request.
Volo.Abp.AbpException: Could not retrieve the OpenId Connect discovery document! ErrorType: Exception. Error: Error connecting to https://localhost:44322/.well-known/openid-configuration. Connection refused (localhost:44322).
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetDiscoveryResponse(IdentityClientConfiguration configuration)
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.CreateClientCredentialsTokenRequestAsync(IdentityClientConfiguration configuration)
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetTokenResponse(IdentityClientConfiguration configuration)
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetAccessTokenAsync(IdentityClientConfiguration configuration)
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.GetAccessTokenOrNullAsync(String identityClientName)
at Volo.Abp.IdentityModel.IdentityModelAuthenticationService.TryAuthenticateAsync(HttpClient client, String identityClientName)
at Volo.Abp.Http.Client.IdentityModel.IdentityModelRemoteServiceHttpClientAuthenticator.Authenticate(RemoteServiceHttpClientAuthenticateContext context)
at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.RequestAsync(ClientProxyRequestContext requestContext)
at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.RequestAsync[T](ClientProxyRequestContext requestContext)
at Volo.Abp.Http.Client.ClientProxying.ClientProxyBase`1.RequestAsync[T](String methodName, ClientProxyRequestTypeValue arguments)
at Nelson.NetworkSecurityService.NetworkAddressPermissions.NetworkAddressPermissionClientProxy.GetCountOfNetworkAddressRestrictionsAsync() in /src/services/networkSecurity/src/Nelson.NetworkSecurityService.HttpApi.Client/ClientProxies/NetworkAddressPermissionClientProxy.Generated.cs:line 77
at Nelson.AuthServer.CustomSignInManager.isIpAllowedAsync(IdentityUser user) in /src/apps/auth-server/src/Nelson.AuthServer/CustomSignInManager.cs:line 124
at Nelson.AuthServer.CustomSignInManager.CheckPasswordSignInAsync(IdentityUser user, String password, Boolean lockoutOnFailure) in /src/apps/auth-server/src/Nelson.AuthServer/CustomSignInManager.cs:line 97
at Microsoft.AspNetCore.Identity.SignInManager`1.PasswordSignInAsync(TUser user, String password, Boolean isPersistent, Boolean lockoutOnFailure)
at Nelson.AuthServer.CustomSignInManager.PasswordSignInAsync(String userName, String password, Boolean isPersistent, Boolean lockoutOnFailure) in /src/apps/auth-server/src/Nelson.AuthServer/CustomSignInManager.cs:line 63
at Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.OnPostAsync(String action)
at Volo.Abp.Account.Web.Pages.Account.OpenIddictSupportedLoginModel.OnPostAsync(String action)
at Nelson.AuthServer.Pages.Account.MyLoginModel.OnPostAsync(String action) in /src/apps/auth-server/src/Nelson.AuthServer/Pages/Account/MyLoginModel.cs:line 46
at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.ExecutorFactory.GenericTaskHandlerMethod.Convert[T](Object taskAsObject)
at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.ExecutorFactory.GenericTaskHandlerMethod.Execute(Object receiver, Object[] arguments)
at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeHandlerMethodAsync()
at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeNextPageFilterAsync()
at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.Rethrow(PageHandlerExecutedContext context)
at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker.InvokeInnerFilterAsync()
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ExceptionContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextResourceFilter>g__Awaited|25_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeFilterPipelineAsync>g__Awaited|20_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeAsync>g__Logged|17_1(ResourceInvoker invoker)
at Microsoft.AspNetCore.Routing.EndpointMiddleware.<Invoke>g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
at Volo.Abp.AspNetCore.Auditing.AbpAuditingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Volo.Abp.AspNetCore.Auditing.AbpAuditingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Swashbuckle.AspNetCore.SwaggerUI.SwaggerUIMiddleware.Invoke(HttpContext httpContext)
at Swashbuckle.AspNetCore.Swagger.SwaggerMiddleware.Invoke(HttpContext httpContext, ISwaggerProvider swaggerProvider)
at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
at Volo.Abp.AspNetCore.Uow.AbpUnitOfWorkMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Volo.Abp.AspNetCore.ExceptionHandling.AbpExceptionHandlingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Volo.Abp.AspNetCore.ExceptionHandling.AbpExceptionHandlingMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Volo.Abp.AspNetCore.Serilog.AbpSerilogMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Volo.Abp.AspNetCore.MultiTenancy.MultiTenancyMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Builder.ApplicationBuilderAbpOpenIddictMiddlewareExtension.<>c__DisplayClass0_0.<<UseAbpOpenIddictValidation>b__0>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Prometheus.HttpMetrics.HttpRequestDurationMiddleware.Invoke(HttpContext context)
at Prometheus.HttpMetrics.HttpRequestCountMiddleware.Invoke(HttpContext context)
at Prometheus.HttpMetrics.HttpInProgressMiddleware.Invoke(HttpContext context)
at Volo.Abp.AspNetCore.Security.AbpSecurityHeadersMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Volo.Abp.AspNetCore.Tracing.AbpCorrelationIdMiddleware.InvokeAsync(HttpContext context, RequestDelegate next)
at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<<UseMiddlewareInterface>b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddlewareImpl.<Invoke>g__Awaited|8_0(ExceptionHandlerMiddlewareImpl middleware, HttpContext context, Task task)
[13:01:37 INF] CORS policy execution successful.
10 Answer(s)
-
0
This may be related to https://github.com/openiddict/openiddict-core/issues/1613
Please contact me via email at galip.erdem@volosoft.com so we can schedule a remote meeting that I can check.
-
0
The problem is about CustomSignInManager configuration is done before configuring the OpenIddictServer issuer.
Under PreConfigureServices:
PreConfigure<AbpOpenIddictAspNetCoreOptions>(options => { options.AddDevelopmentEncryptionAndSigningCertificate = false; }); PreConfigure<OpenIddictServerBuilder>(builder => { builder.AddSigningCertificate(GetSigningCertificate(hostingEnvironment, configuration)); builder.AddEncryptionCertificate(GetSigningCertificate(hostingEnvironment, configuration)); builder.SetIssuer(new Uri(configuration["AuthServer:Authority"])); }); PreConfigure<IdentityBuilder>(identityBuilder => { identityBuilder.AddSignInManager<CustomSignInManager>(); });
When the CustomSignInManager configured, Account/Login tries to redirect to initial appsettings configuration (localhost:44322) instead of overwritten issuer value.
-
0
Hi,
After fixing the routes and retesting the following code does not load the CustomSignInManager
public override void PreConfigureServices(ServiceConfigurationContext context) { Configure<IdentityBuilder>(identityBuilder => { identityBuilder.AddSignInManager<CustomSignInManager>(); }); }
-
0
hi
You need to use
PreConfigure
method.public override void PreConfigureServices(ServiceConfigurationContext context) { PreConfigure<IdentityBuilder>(identityBuilder => { identityBuilder.AddSignInManager<CustomSignInManager>(); }); }
Can you share the code of
CustomSignInManager
? -
0
Hi,
I had a call with Galip, the PreConfigure causes an issue with OpenIddict 4, where as when we tried the Configure it's does not work at all. Waiting on a fix for this.
-
0
Hi,
@gterdem - Is there any know fix for this yet?
Thanks
-
0
We’re still investigating.
-
0
I got a bit further by using the helm configmap to override the appsettings so that it uses the correct url. However i now get the following error.
Everything is running non http on k8s.
Volo.Abp.AbpException: Could not retrieve the OpenId Connect discovery document! ErrorType: PolicyViolation. Error: Endpoint does not use HTTPS: http://auth.mycompany.net/connect/authorize
-
0
@thedatacrew
Can you share authserver module PreConfigureServices method please?
-
0
Here you go, it still doesn't work with the custom sign in manager that causes the issue. CustomSignInManager talks remotely to the NetworkSecurityService via HTTP API to fetch IP Address Permissions for the Tenant. Could it be this that causes the AuthServer to raise the error?
It all works locally though.
using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Security.Cryptography.X509Certificates; using Microsoft.AspNetCore.Authentication.Google; using Microsoft.AspNetCore.Authentication.MicrosoftAccount; using Microsoft.AspNetCore.Authentication.Twitter; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Cors; using Microsoft.AspNetCore.DataProtection; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Identity; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection.Extensions; using Microsoft.Extensions.Hosting; using MyCompany.AdministrationService.EntityFrameworkCore; using MyCompany.IdentityService.EntityFrameworkCore; using MyCompany.NetworkSecurityService; using MyCompany.SaasService.EntityFrameworkCore; using MyCompany.Shared.Hosting.AspNetCore; using OpenIddict.Server.AspNetCore; using Prometheus; using Serilog; using StackExchange.Redis; using Volo.Abp; using Volo.Abp.Account; using Volo.Abp.Account.Public.Web; using Volo.Abp.Account.Public.Web.ExternalProviders; using Volo.Abp.Account.Public.Web.Impersonation; using Volo.Abp.Account.Web; using Volo.Abp.AspNetCore.Mvc.UI.Bundling; using Volo.Abp.AspNetCore.Mvc.UI.Theme.LeptonX; using Volo.Abp.AspNetCore.Mvc.UI.Theme.LeptonX.Bundling; using Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared; using Volo.Abp.Auditing; using Volo.Abp.BackgroundJobs.RabbitMQ; using Volo.Abp.Caching; using Volo.Abp.Caching.StackExchangeRedis; using Volo.Abp.Emailing; using Volo.Abp.EventBus.RabbitMq; using Volo.Abp.Http.Client.IdentityModel; using Volo.Abp.Identity; using Volo.Abp.LeptonX.Shared; using Volo.Abp.Modularity; using Volo.Abp.MultiTenancy; using Volo.Abp.OpenIddict; using Volo.Abp.UI.Navigation.Urls; using Volo.Abp.VirtualFileSystem; using Volo.Saas.Host; namespace MyCompany.AuthServer; [DependsOn( typeof(AbpCachingStackExchangeRedisModule), typeof(AbpEventBusRabbitMqModule), typeof(AbpBackgroundJobsRabbitMqModule), typeof(AbpAspNetCoreMvcUiLeptonXThemeModule), typeof(AbpAccountPublicWebOpenIddictModule), typeof(AbpAccountPublicApplicationModule), typeof(AbpAccountPublicHttpApiModule), typeof(AbpAccountPublicWebImpersonationModule), typeof(AbpHttpClientIdentityModelModule), typeof(AdministrationServiceEntityFrameworkCoreModule), typeof(IdentityServiceEntityFrameworkCoreModule), typeof(SaasServiceEntityFrameworkCoreModule), typeof(SaasHostApplicationContractsModule), typeof(MyCompanySharedHostingAspNetCoreModule), typeof(MyCompanySharedLocalizationModule), typeof(NetworkSecurityServiceHttpApiClientModule) )] public class MyCompanyAuthServerModule : AbpModule { public override void PreConfigureServices(ServiceConfigurationContext context) { var hostingEnvironment = context.Services.GetHostingEnvironment(); var configuration = context.Services.GetConfiguration(); PreConfigure<OpenIddictBuilder>(builder => { builder.AddValidation(options => { options.AddAudiences("AccountService"); options.UseLocalServer(); options.UseAspNetCore(); }); builder.AddServer(builder => { if (!Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"])) { builder.UseAspNetCore().DisableTransportSecurityRequirement(); } builder.Configure(options => { var validIssuers = (configuration.GetSection("AuthServer:ValidIssuers").Get<string[]>() ?? Array.Empty<string>()); var validIssuerList = validIssuers.Select(validIssuer => validIssuer.EnsureEndsWith('/')).ToList(); options.TokenValidationParameters.ValidIssuers = validIssuerList; Log.Information("OpenIddictBuilder TokenValidationParameters.ValidIssuers are {@ValidIssuers}", validIssuers); }); }); }); if (!hostingEnvironment.IsDevelopment()) { PreConfigure<AbpOpenIddictAspNetCoreOptions>(options => { options.AddDevelopmentEncryptionAndSigningCertificate = false; }); PreConfigure<OpenIddictServerBuilder>(builder => { builder.AddSigningCertificate(GetSigningCertificate(hostingEnvironment, configuration)); builder.AddEncryptionCertificate(GetSigningCertificate(hostingEnvironment, configuration)); builder.SetIssuer(new Uri(configuration["AuthServer:Authority"])); }); } // TODO : Removing for now as it breaks auth server. // // PreConfigure<IdentityBuilder>(builder => // { // builder.AddSignInManager<CustomSignInManager>(); // }); } public override void ConfigureServices(ServiceConfigurationContext context) { var hostingEnvironment = context.Services.GetHostingEnvironment(); var configuration = context.Services.GetConfiguration(); if (!Convert.ToBoolean(configuration["App:DisablePII"])) { Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true; } if (!Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"])) { Configure<OpenIddictServerAspNetCoreOptions>(options => { options.DisableTransportSecurityRequirement = true; }); } ConfigureBundles(); ConfigureSwagger(context, configuration); ConfigureSameSiteCookiePolicy(context); ConfigureExternalProviders(context); context.Services.Configure<AbpTenantResolveOptions>(options => { options.TenantResolvers.Clear(); options.TenantResolvers.Add(new CurrentUserTenantResolveContributor()); }); Configure<AbpMultiTenancyOptions>(options => { options.IsEnabled = true; }); Configure<AbpAccountOptions>(options => { // For impersonation in Saas module options.TenantAdminUserName = "admin"; options.ImpersonationTenantPermission = SaasHostPermissions.Tenants.Impersonation; // For impersonation in Identity module options.ImpersonationUserPermission = IdentityPermissions.Users.Impersonation; }); Configure<AbpAuditingOptions>(options => { options.ApplicationName = "AuthServer"; }); Configure<AppUrlOptions>(options => { options.Applications["MVC"].RootUrl = configuration["App:SelfUrl"]; options.RedirectAllowedUrls.AddRange(configuration["App:RedirectAllowedUrls"].Split(',')); }); Configure<AbpDistributedCacheOptions>(options => { options.KeyPrefix = "MyCompany:"; }); var dataProtectionBuilder = context.Services.AddDataProtection().SetApplicationName("MyCompany"); var redis = ConnectionMultiplexer.Connect(configuration["Redis:Configuration"]); dataProtectionBuilder.PersistKeysToStackExchangeRedis(redis, "MyCompany-Protection-Keys"); context.Services.AddCors(options => { options.AddDefaultPolicy(builder => { builder .WithOrigins( configuration["App:CorsOrigins"] .Split(",", StringSplitOptions.RemoveEmptyEntries) .Select(o => o.Trim().RemovePostFix("/")) .ToArray() ) .WithAbpExposedHeaders() .SetIsOriginAllowedToAllowWildcardSubdomains() .AllowAnyHeader() .AllowAnyMethod() .AllowCredentials(); }); }); #if DEBUG context.Services.Replace(ServiceDescriptor.Singleton<IEmailSender, NullEmailSender>()); #endif if (hostingEnvironment.IsDevelopment()) { Configure<AbpVirtualFileSystemOptions>(options => { options.FileSets.ReplaceEmbeddedByPhysical<MyCompanySharedLocalizationModule>(Path.Combine( hostingEnvironment.ContentRootPath, $"..{Path.DirectorySeparatorChar}..{Path.DirectorySeparatorChar}..{Path.DirectorySeparatorChar}..{Path.DirectorySeparatorChar}shared{Path.DirectorySeparatorChar}MyCompany.Shared.Localization")); }); } Configure<LeptonXThemeOptions>(options => { options.DefaultStyle = LeptonXStyleNames.System; }); } public override void OnApplicationInitialization(ApplicationInitializationContext context) { var app = context.GetApplicationBuilder(); var env = context.GetEnvironment(); var configuration = context.ServiceProvider.GetRequiredService<IConfiguration>(); if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseAbpRequestLocalization(); if (!env.IsDevelopment()) { app.UseErrorPage(); } app.UseCorrelationId(); app.UseAbpSecurityHeaders(); app.UseStaticFiles(); app.UseRouting(); app.UseCors(); app.UseCookiePolicy(); app.UseHttpMetrics(); app.UseAuthentication(); app.UseAbpOpenIddictValidation(); app.UseMultiTenancy(); app.UseAbpSerilogEnrichers(); app.UseUnitOfWork(); app.UseAuthorization(); app.UseSwagger(); app.UseAbpSwaggerUI(options => { options.SwaggerEndpoint("/swagger/v1/swagger.json", "Account Service API"); options.OAuthClientId(configuration["AuthServer:SwaggerClientId"]); }); app.UseAuditing(); app.UseConfiguredEndpoints(endpoints => { endpoints.MapMetrics(); }); } private void ConfigureBundles() { Configure<AbpBundlingOptions>(options => { options.StyleBundles.Configure( LeptonXThemeBundles.Styles.Global, bundle => { bundle.AddFiles("/global-styles.css"); } ); }); } private void ConfigureExternalProviders(ServiceConfigurationContext context) { context.Services.AddAuthentication() .AddGoogle(GoogleDefaults.AuthenticationScheme, _ => { }) .WithDynamicOptions<GoogleOptions, GoogleHandler>( GoogleDefaults.AuthenticationScheme, options => { options.WithProperty(x => x.ClientId); options.WithProperty(x => x.ClientSecret, isSecret: true); } ) .AddMicrosoftAccount(MicrosoftAccountDefaults.AuthenticationScheme, options => { //Personal Microsoft accounts as an example. options.AuthorizationEndpoint = "https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize"; options.TokenEndpoint = "https://login.microsoftonline.com/consumers/oauth2/v2.0/token"; }) .WithDynamicOptions<MicrosoftAccountOptions, MicrosoftAccountHandler>( MicrosoftAccountDefaults.AuthenticationScheme, options => { options.WithProperty(x => x.ClientId); options.WithProperty(x => x.ClientSecret, isSecret: true); } ) .AddTwitter(TwitterDefaults.AuthenticationScheme, options => options.RetrieveUserDetails = true) .WithDynamicOptions<TwitterOptions, TwitterHandler>( TwitterDefaults.AuthenticationScheme, options => { options.WithProperty(x => x.ConsumerKey); options.WithProperty(x => x.ConsumerSecret, isSecret: true); } ); } private X509Certificate2 GetSigningCertificate(IWebHostEnvironment hostingEnv, IConfiguration configuration) { var fileName = "authserver.pfx"; var passPhrase = "XXXXXXXXXXXXX-XXXXX-XXXX-XXXX-XXXXXXXXXXX"; var file = Path.Combine(hostingEnv.ContentRootPath, fileName); if (!File.Exists(file)) { throw new FileNotFoundException($"Signing Certificate couldn't found: {file}"); } return new X509Certificate2(file, passPhrase); } private void ConfigureSwagger(ServiceConfigurationContext context, IConfiguration configuration) { SwaggerConfigurationHelper.ConfigureWithAuth( context: context, authority: configuration["AuthServer:Authority"], scopes: new Dictionary<string, string> { /* Requested scopes for authorization code request and descriptions for swagger UI only */ { "AccountService", "Account Service API" } }, apiTitle: "Account Service API" ); } private void ConfigureSameSiteCookiePolicy(ServiceConfigurationContext context) { context.Services.AddSameSiteCookiePolicy(); } }