C
C#5mo ago
Tim

Authenticate with AspNet.Security.OAuth.Spotify

I have the following code with the AspNet.Security.OAuth.Spotify-Package but I have no idea where the user should authenticate in the end - what is the endpoint for that?
c#
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddRazorPages();
builder.Services.AddAuthentication().AddSpotify(options =>
{
options.ClientId = "";
options.ClientSecret = "";
options.SaveTokens = true;
options.CallbackPath = "/auth/callback";

var scopes = new List<string>
{
"user-library-read",
"playlist-read-private",
"playlist-read-collaborative",
"playlist-modify-private",
"playlist-modify-public"
};
options.Scope.Add(String.Join(",", scopes));
});

var app = builder.Build();
app.MapRazorPages();
app.UseAuthentication();
app.UseAuthorization();

app.Run();
c#
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddRazorPages();
builder.Services.AddAuthentication().AddSpotify(options =>
{
options.ClientId = "";
options.ClientSecret = "";
options.SaveTokens = true;
options.CallbackPath = "/auth/callback";

var scopes = new List<string>
{
"user-library-read",
"playlist-read-private",
"playlist-read-collaborative",
"playlist-modify-private",
"playlist-modify-public"
};
options.Scope.Add(String.Join(",", scopes));
});

var app = builder.Build();
app.MapRazorPages();
app.UseAuthentication();
app.UseAuthorization();

app.Run();
17 Replies
Unknown User
Unknown User5mo ago
Message Not Public
Sign In & Join Server To View
Tim
TimOP4mo ago
I did a second attempt today, but now with another OAuth Provider. I have the following code:
c#
using dotenv.net;
using Microsoft.AspNetCore.Authentication.Cookies;

var envVars = DotEnv.Read();
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddRazorPages(options =>
{
options.Conventions.AuthorizePage("/");
});
builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "Authentik";
}).AddCookie(options =>
{
options.LoginPath = "/auth/login";
options.LogoutPath = "/auth/logout";
}).AddOAuth("Authentik", options =>
{
options.AuthorizationEndpoint = envVars["AUTHORIZATION_ENDPOINT"];
options.TokenEndpoint = envVars["TOKEN_ENDPOINT"];
options.UserInformationEndpoint = envVars["USER_INFORMATION_ENDPOINT"];
options.ClientId = envVars["CLIENT_ID"];
options.ClientSecret = envVars["CLIENT_SECRET"];
options.ClaimsIssuer = envVars["CLAIMS_ISSUER"];
options.CallbackPath = "/auth/callback";
});

var app = builder.Build();
app.UseAuthentication();
app.MapRazorPages();

app.Run();
c#
using dotenv.net;
using Microsoft.AspNetCore.Authentication.Cookies;

var envVars = DotEnv.Read();
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddRazorPages(options =>
{
options.Conventions.AuthorizePage("/");
});
builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "Authentik";
}).AddCookie(options =>
{
options.LoginPath = "/auth/login";
options.LogoutPath = "/auth/logout";
}).AddOAuth("Authentik", options =>
{
options.AuthorizationEndpoint = envVars["AUTHORIZATION_ENDPOINT"];
options.TokenEndpoint = envVars["TOKEN_ENDPOINT"];
options.UserInformationEndpoint = envVars["USER_INFORMATION_ENDPOINT"];
options.ClientId = envVars["CLIENT_ID"];
options.ClientSecret = envVars["CLIENT_SECRET"];
options.ClaimsIssuer = envVars["CLAIMS_ISSUER"];
options.CallbackPath = "/auth/callback";
});

var app = builder.Build();
app.UseAuthentication();
app.MapRazorPages();

app.Run();
But it still does not work when I try to access the root page
Unknown User
Unknown User4mo ago
Message Not Public
Sign In & Join Server To View
Tim
TimOP4mo ago
What should I do more?
Unknown User
Unknown User4mo ago
Message Not Public
Sign In & Join Server To View
Tim
TimOP4mo ago
You answer with yes to a what-question?? Authentication is a way for me to send the user to a auth provider which tells me if the user hast access to my app when the login is successful
Unknown User
Unknown User4mo ago
Message Not Public
Sign In & Join Server To View
Tim
TimOP4mo ago
1. My identity provider only redirects if the user has access to the application so I know, that the user has access to my app when the user gets to the fallback 2. So you mean I need Autorization too? How do I do that?
Unknown User
Unknown User4mo ago
Message Not Public
Sign In & Join Server To View
Tim
TimOP4mo ago
I got most from https://developer.okta.com/blog/2019/07/12/secure-your-aspnet-core-app-with-oauth but I also used various other ressources
Unknown User
Unknown User4mo ago
Message Not Public
Sign In & Join Server To View
Tim
TimOP4mo ago
Because I found nothing good in the official docs I followed the official docs in my first attempt
Unknown User
Unknown User4mo ago
Message Not Public
Sign In & Join Server To View
Tim
TimOP4mo ago
From that I still think that I don't need autorization as the user has access to my whole app when the user has an account which is checked with authentication already I don't know what I should check with autorization anymore I think it works now Somehow it does not work when protecting the page / but it works when protecting the folder / But now I'm in an endless login loop
Unknown User
Unknown User4mo ago
Message Not Public
Sign In & Join Server To View
Tim
TimOP4mo ago
Yeah but how do I do that? I already have
c#
builder.Services.AddRazorPages(options =>
{
options.Conventions.AuthorizeFolder("/");
});
c#
builder.Services.AddRazorPages(options =>
{
options.Conventions.AuthorizeFolder("/");
});
And it works too but I'm now in a autentication loop
Unknown User
Unknown User4mo ago
Message Not Public
Sign In & Join Server To View
Want results from more Discord servers?
Add your server