magohl · June 4, 2019 09:44
diff --git a/Add OIDC manually without metadata b/Add OIDC manually without metadata
 Here we are using demo.identotyserver.io.
 Its not enough to add JsonWebKeySet. You have to add SigningKeys also!!


 services.AddAuthentication(options =>
            {
                options.DefaultScheme = "Cookies";
                options.DefaultSignInScheme = "Cookies";
                options.DefaultSignOutScheme = "Cookies";
                options.DefaultChallengeScheme = "oidc";

            }).AddCookie()
            .AddOpenIdConnect("oidc", options =>
            {
                options.SignInScheme = "Cookies";
                options.RequireHttpsMetadata = false;
                options.Configuration = Helper.GetOpenIdConnectConfiguration("https://demo.identityserver.io").Result;
                options.ResponseType = "code";
                options.ClientId = "server.code";
                options.ClientSecret = "secret";
                options.GetClaimsFromUserInfoEndpoint = true;
                options.Scope.Add("openid");
                options.Scope.Add("email");
                options.Scope.Add("api");
                options.Scope.Add("profile");

                options.SaveTokens = true;
            });
            
            
            
 ---HELPER
            
            private async Task<OpenIdConnectConfiguration> GetOpenIdConnectConfiguration(string baseUrl)
        {
            var config = new OpenIdConnectConfiguration
            {
                //Get from configuration instead
                Issuer = baseUrl,
                JwksUri = $"{baseUrl}/.well-known/openid-configuration/jwks",
                AuthorizationEndpoint = $"{baseUrl}/connect/authorize",
                UserInfoEndpoint = $"{baseUrl}/connect/userinfo",
                TokenEndpoint = $"{baseUrl}/connect/token",
                EndSessionEndpoint = $"{baseUrl}/connect/endsession",
            };

            var client = new HttpClient();
            string keys = await client.GetStringAsync(config.JwksUri).ConfigureAwait(false);
            config.JsonWebKeySet = JsonConvert.DeserializeObject<JsonWebKeySet>(keys);
            foreach (SecurityKey key in config.JsonWebKeySet.GetSigningKeys())
            {
                config.SigningKeys.Add(key);
            }

            return config;
        }
	Here we are using demo.identotyserver.io.
	Its not enough to add JsonWebKeySet. You have to add SigningKeys also!!


	services.AddAuthentication(options =>
	{
	options.DefaultScheme = "Cookies";
	options.DefaultSignInScheme = "Cookies";
	options.DefaultSignOutScheme = "Cookies";
	options.DefaultChallengeScheme = "oidc";

	}).AddCookie()
	.AddOpenIdConnect("oidc", options =>
	{
	options.SignInScheme = "Cookies";
	options.RequireHttpsMetadata = false;
	options.Configuration = Helper.GetOpenIdConnectConfiguration("https://demo.identityserver.io").Result;
	options.ResponseType = "code";
	options.ClientId = "server.code";
	options.ClientSecret = "secret";
	options.GetClaimsFromUserInfoEndpoint = true;
	options.Scope.Add("openid");
	options.Scope.Add("email");
	options.Scope.Add("api");
	options.Scope.Add("profile");

	options.SaveTokens = true;
	});



	---HELPER

	private async Task<OpenIdConnectConfiguration> GetOpenIdConnectConfiguration(string baseUrl)
	{
	var config = new OpenIdConnectConfiguration
	{
	//Get from configuration instead
	Issuer = baseUrl,
	JwksUri = $"{baseUrl}/.well-known/openid-configuration/jwks",
	AuthorizationEndpoint = $"{baseUrl}/connect/authorize",
	UserInfoEndpoint = $"{baseUrl}/connect/userinfo",
	TokenEndpoint = $"{baseUrl}/connect/token",
	EndSessionEndpoint = $"{baseUrl}/connect/endsession",
	};

	var client = new HttpClient();
	string keys = await client.GetStringAsync(config.JwksUri).ConfigureAwait(false);
	config.JsonWebKeySet = JsonConvert.DeserializeObject<JsonWebKeySet>(keys);
	foreach (SecurityKey key in config.JsonWebKeySet.GetSigningKeys())
	{
	config.SigningKeys.Add(key);
	}

	return config;
	}