IdentityOAuthSpaExtensions 0.1.2

.NET Core 2.2
There is a newer version of this package available.
See the version list below for details.
Install-Package IdentityOAuthSpaExtensions -Version 0.1.2
dotnet add package IdentityOAuthSpaExtensions --version 0.1.2
<PackageReference Include="IdentityOAuthSpaExtensions" Version="0.1.2" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add IdentityOAuthSpaExtensions --version 0.1.2
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: IdentityOAuthSpaExtensions, 0.1.2"
#r directive can be used in F# Interactive, C# scripting and .NET Interactive. Copy this into the interactive tool or source code of the script to reference the package.
// Install IdentityOAuthSpaExtensions as a Cake Addin
#addin nuget:?package=IdentityOAuthSpaExtensions&version=0.1.2

// Install IdentityOAuthSpaExtensions as a Cake Tool
#tool nuget:?package=IdentityOAuthSpaExtensions&version=0.1.2
The NuGet Team does not provide support for this client. Please contact its maintainers for support.


.Net Core library that allows easy integration of external OAuth providers into your SPA. It has even more perks if you use IdentityServer.

What you can do with this library?

  • On SPA side you could receive AuthCode from OAuth provider (Authorization Code Flow)
  • On backend you could verify AuthCode (passed from your SPA) and get user information from oAuth provider
  • If you're using IdentityServer, you could plug-in an extension grant that will allow you to issue your own JWT tokens in exchange for AuthCode (and optionally create new users).


The project goal is to allow easy integration of external OAuth providers (e.g. Google, Facebook, etc.) into your SPA applications (React, Angular, plain-old-js, whatever), with the minimum amount of needed code. This is a backend library, that integrates with Asp.Net Core 2.2+. The library is kept minimal, as we reuse all official and non-official authentication providers (i.e. library doesn't need to be updated when those external providers change).

How to

Just install nuget to add the library to your project.

You could also take a look at IdentityOAuthSpaExtensions.Example for example usage (keep in mind, that there are hardcoded ClientId/ClientSecret for FB and Google within Example app. They are for demo purposes and everyone can use them, so beware).


From ConfigureServices call services.ConfigureExternalAuth(Configuration).

That's it.

After that you will be able to request AuthCode from SPA (instructions below), and manually verify AuthCode on backend: this.HttpContext.RequestServices.GetService<ExternalAuthService>().GetExternalUserId(providerName, authCode) or this.HttpContext.RequestServices.GetService<ExternalAuthService>().GetExternalUserInfo(providerName, authCode)


To get AuthCode:

  • Create oAuthCode handlers, e.g.
      function externalAuthSuccess(provider, code) {
          alert(`Provider: ${provider}, code: ${code}`);
      function externalAuthError(provider, error, errorDescription) {
          alert(`Provider: ${provider}, error: ${error}, ${errorDescription}`);
  • Subscribe to messages on a window: window.addEventListener("message", this.oAuthCodeReceived, false); and provide oAuthCodeReceived implementation like:
        if ( {
            let data = JSON.parse(;
            if (data.type === 'oauth-result') {
                if (data.code) {
                    externalAuthSuccess(data.provider, data.code);
                } else {
                    externalAuthError(data.provider, data.error, data.errorDescription);
  • Open authentication dialog in new window pointing to http://YOUR_BACKEND_HOST/external-auth/challenge?provider=${provider}. E.g.: ```${window.location.protocol}//${window.location.hostname}:${window.location.port}/external-auth/challenge?provider=${provider}`, undefined, 'width=800,height=600');```
  • When authentication succeeds/errors, your callback functions (externalAuthSuccess/externalAuthError) will be called.

To authenticate (get access_token) using IdentityServer

  • Get AuthCode (see above)
  • Call /connect/token?provider=${provider}&code=${code}&grant=external.

External user storage

We use standard Asp.Net Identity mechanism to store external logins (namely, AspNetUserLogins table). To find a user by external OAuth id you need to use _userManager.FindByLoginAsync(providerName, externalUserId)

Product Versions
.NET net5.0 net5.0-windows net6.0 net6.0-android net6.0-ios net6.0-maccatalyst net6.0-macos net6.0-tvos net6.0-windows
.NET Core netcoreapp2.2 netcoreapp3.0 netcoreapp3.1
Compatible target framework(s)
Additional computed target framework(s)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
1.0.7 227 11/13/2021
1.0.6 279 4/10/2021
1.0.5 1,865 3/14/2021
1.0.4 243 3/14/2021
1.0.3 250 3/14/2021
1.0.2 250 3/14/2021
1.0.1 215 3/13/2021
0.3.6 169 2/11/2021
0.3.5 188 1/25/2021
0.3.4 173 1/25/2021
0.3.3 218 11/23/2020
0.3.2 196 11/12/2020
0.2.3 289 7/16/2020
0.2.2 295 7/16/2020
0.2.1 294 7/11/2020
0.1.9 487 3/4/2019
0.1.8 495 2/24/2019
0.1.7 487 2/22/2019
0.1.6 469 2/21/2019
0.1.5 516 2/19/2019
0.1.3 503 2/17/2019
0.1.2 516 2/16/2019