OidcProxy.Net.OpenIdConnect 2.0.4

The ID prefix of this package has been reserved for one of the owners of this package by NuGet.org. Prefix Reserved
.NET 8.0 
dotnet add package OidcProxy.Net.OpenIdConnect --version 2.0.4
NuGet\Install-Package OidcProxy.Net.OpenIdConnect -Version 2.0.4
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="OidcProxy.Net.OpenIdConnect" Version="2.0.4" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
paket add OidcProxy.Net.OpenIdConnect --version 2.0.4
#r "nuget: OidcProxy.Net.OpenIdConnect, 2.0.4"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
// Install OidcProxy.Net.OpenIdConnect as a Cake Addin
#addin nuget:?package=OidcProxy.Net.OpenIdConnect&version=2.0.4

// Install OidcProxy.Net.OpenIdConnect as a Cake Tool
#tool nuget:?package=OidcProxy.Net.OpenIdConnect&version=2.0.4

OidcProxy.Net.OpenIdConnect

This package contains the software you need to implement the BFF Security Pattern. This software does three things:

  1. It manages the user session
  2. It allows the user to log into the site
  3. It forwards request to downstream services and adds the Authorization header with the user's access token to the requests

OidcProxy.Net is a stateful reverse proxy. To forward requests to downstream services OidcProxy.Net uses YARP.

Currently, OidcProxy.Net supports logging in with Azure, Auth0, IdentityServer4, and any other OpenID Connect compliant authorization server. Currently, only the Authorization Code flow with Proof-Key Client Exchange is supported.

Quickstart: Implementing the BFF Security Pattern

To build a BFF, execute the following commands:

dotnet new web
dotnet add package OidcProxy.Net.OpenIdConnect

Create the following Program.cs file:

using OidcProxy.Net.ModuleInitializers;
using OidcProxy.Net.OpenIdConnect;

var builder = WebApplication.CreateBuilder(args);

var config = builder.Configuration
    .GetSection("OidcProxy")
    .Get<OidcProxyConfig>();

builder.Services.AddOidcProxy(config);

var app = builder.Build();

app.UseOidcProxy();

app.Run();

Create the following appsettings.json file:

{
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning"
    }
  },
  "AllowedHosts": "*",
  "OidcProxy": {
    "LandingPage": "/hello",
    "Oidc": {
      "ClientId": "{your_client_id}",
      "ClientSecret": "{your_secret}",
      "Authority": "https://{your_authority}/"
    },
    "ReverseProxy": {
      "Routes": {
        "api": {
          "ClusterId": "api",
          "Match": {
            "Path": "/api/{*any}"
          }
        }
      },
      "Clusters": {
        "api": {
          "Destinations": {
            "api/node1": {
              "Address": "https://{your_api}/"
            }
          }
        }
      }
    }
  }
}

In this example we assume you are running a Single Page Application on localhost on port 4200 and you have an API running at localhost on port 8080. If that is not the case, then update the appsettings.json accordingly.

To run the BFF, type dotnet run or just hit the 'play'-button in Visual Studio.

Endpoints

The BFF relays all requests as configured in the ReverseProxy section in the appsettings.json file, except for four endpoints:

[GET] /.auth/login

To log a user in and to start a http session, navigate to /.auth/login. The software will redirect to the login page of the Identity Provider to log the user in. The resulting tokens will be stored in the user session and are not available in the browser.

[GET] /.auth/login/callback

This endpoint is used by the IdentityProvider.

[GET] /.auth/me

To see the logged in user, navigate to the /.auth/me endpoint. This endpoint shows the claims that are in the id_token.

[GET] /.auth/end-session

To revoke the tokens that have been obtained when the user logged in, execute a get request on the /.auth/end-session endpoint. This will revoke the tokens that have been stored in the user session and will not log the user out from the Identity Provider session. This must be implemented at client side.

Issues

Are you encountering issues? Please let us know at: https://github.com/thecloudnativewebapp/OidcProxy.Net/issues

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (2)

Showing the top 2 NuGet packages that depend on OidcProxy.Net.OpenIdConnect:

Package Downloads
OidcProxy.Net.Auth0 The ID prefix of this package has been reserved for one of the owners of this package by NuGet.org.

An extendible framework for .NET to implement the BFF Security Pattern (a.k.a. Token Handler Pattern) in Single Page Applications.
OidcProxy.Net.EntraId The ID prefix of this package has been reserved for one of the owners of this package by NuGet.org.

An extendible framework for .NET to implement the BFF Security Pattern (a.k.a. Token Handler Pattern) in Single Page Applications.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
2.0.4 194 3/28/2024
2.0.3 82 3/27/2024
2.0.2 113 3/13/2024
2.0.1 155 2/29/2024
2.0.0 181 2/26/2024
1.3.1 125 2/19/2024
1.3.0 141 2/14/2024
1.2.0 133 2/5/2024
1.1.2 86 2/3/2024
1.1.1 99 1/31/2024
1.0.0 484 1/22/2024

Upgrades:
           - build(deps): bump Microsoft.Identity.Client from 4.59.0 to 4.60.0