Social logins / OAuth
Configuration
Providers configuration is located in Aufy:Providers section of your appsettings file.
Aufy provides pre-configured authentication schemes for GitHub and Discord.
{ "Aufy": { "Providers": { "GitHub": { "ClientId": "MY_CLIENT_ID", "ClientSecret": "MY_CLIENT_SECRET", "Scopes": [ "user:email", "read:user" ] }, "Discord": { "ClientId": "MY_CLIENT_ID", "ClientSecret": "MY_CLIENT_SECRET", "Scopes": [ "email" ] } } }}Configuring OAuth providers
To configure OAuth provider using Aufy helpers, add a new section to Aufy:Providers section of your appsettings file.
{ "Aufy": { "Providers": { "Google": { "ClientId": "MY_CLIENT_ID", "ClientSecret": "MY_CLIENT_SECRET", "Scopes": [ "email" ] } } }}Next register OAuth Scheme using Aufy helpers.
builder.Services .AddAufy<AufyUser>(builder.Configuration) .AddEntityFrameworkStore<ApplicationDbContext>() .AddProvider(DiscordAuthenticationDefaults.AuthenticationScheme, (auth, options) => { auth.AddDiscord(o => o.Configure(DiscordAuthenticationDefaults.AuthenticationScheme, options)); });AddProvidermethod will execute only if section with specified name exists inAufy:Providerssection of your appsettings file.Configuremethod will apply specified options fromAufy:Providerssection of your appsettings file and some defaults required by Aufy:ClientIdandClientSecretoptions are required.ScopesCallbackPathin{ApiBasePath}/external/callback/{Provider}format. For example:/auth/external/callback/google. You have to configure this callback path in your OAuth provider dashboard.- Cookie
SingInSchemeused later for final sign in/sign up. The value isAufy.ExternalSignInDefaultScheme. - OAuth.Events.OnCreatingTicket set to internal Aufy handler that checks if user exists. If user exist it creates special sign in cookies. Otherwise, it creates a special sign up cookie and adds query parameter
signup=trueto the callback URL.
Sign In / Sign Up flow
- Redirect user to
[Auth prefix]/external/challenge/[Provider name]endpoint.- Example:
/auth/external/challenge/discord - Pass
callbackUrlquery parameter with URL to redirect after challenge.
- Example:
- User will be redirected to OAuth provider login page.
- Regardless of the authentication result, user will be redirected to the
callbackUrl, optionally with additional query parameters:- If login was successful no additional query parameters will be added and external auth cookie will be set.
- If login was unsuccessful
failed=truequery parameter will be added to the callback URL. - If custom sign up flow is enabled and user doesn’t have an account
signup=truequery parameter will be added to the callback URL.
- If external login was successful call:
- When no query parameters are present
[Auth prefix]/signin/external - When
signup=truequery parameter is present[Auth prefix]/signup/external
- When no query parameters are present
- Either sign in or sign up endpoint will return access token in the response body and refresh token as HTTP only cookie.
Link login flow
Aufy by default tries to link external provider account with the existing user account if the email address is the same.
The other way to link existing user account with external login is to use [Auth prefix]/link/external endpoint.
- User must be authenticated and have valid access token.
- Redirect user to
[Auth prefix]/external/challenge/[Provider name]endpoint.- Example:
/auth/external/challenge/discord - Pass
callbackUrlquery parameter with URL to redirect after challenge.
- Example:
- User will be redirected to OAuth provider login page.
- Regardless of the authentication result, user will be redirected to the
callbackUrl, optionally with additional query parameters:- If login was successful no additional query parameters will be added and external auth cookie will be set.
- If login was unsuccessful
failed=truequery parameter will be added to the callback URL.
- If external login was successful call
[Account prefix]/link/externalendpoint. - Link endpoint return account information in the response body, including updated list of external logins assigned to the user.