Add Auth0 to the list of supported providers

3 years ago · e13e2b4bb4
2 changed files with 42 additions and 3 deletions
--- a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Discovery.cs
+++ b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Discovery.cs
@ -5,6 +5,7 @@
 */

 using System.Collections.Immutable;
+using OpenIddict.Extensions;
 using static OpenIddict.Client.OpenIddictClientHandlers.Discovery;
 using static OpenIddict.Client.WebIntegration.OpenIddictClientWebIntegrationConstants;

@ -113,6 +114,14 @@ public static partial class OpenIddictClientWebIntegrationHandlers
                    context.Configuration.GrantTypesSupported.Add(GrantTypes.RefreshToken);
                }

+                else if (context.Registration.ProviderType is ProviderTypes.Auth0)
+                {
+                    context.Configuration.GrantTypesSupported.Add(GrantTypes.AuthorizationCode);
+                    context.Configuration.GrantTypesSupported.Add(GrantTypes.ClientCredentials);
+                    context.Configuration.GrantTypesSupported.Add(GrantTypes.DeviceCode);
+                    context.Configuration.GrantTypesSupported.Add(GrantTypes.RefreshToken);
+                }
+
                else if (context.Registration.ProviderType is
                    ProviderTypes.Cognito   or ProviderTypes.EpicGames or
                    ProviderTypes.Microsoft or ProviderTypes.Salesforce)
@ -330,11 +339,20 @@ public static partial class OpenIddictClientWebIntegrationHandlers
                    throw new ArgumentNullException(nameof(context));
                }

+                // While Auth0 exposes an OpenID Connect-compliant logout endpoint, its address is not returned
+                // as part of the configuration document. To ensure RP-initiated logout is supported with Auth0,
+                // "end_session_endpoint" is manually computed using the issuer URI and added to the configuration.
+                if (context.Registration.ProviderType is ProviderTypes.Auth0)
+                {
+                    context.Configuration.EndSessionEndpoint ??= OpenIddictHelpers.CreateAbsoluteUri(
+                        context.Registration.Issuer, "oidc/logout");
+                }
+
                // While PayPal supports OpenID Connect discovery, the configuration document returned
                // by the sandbox environment always contains the production endpoints, which would
                // prevent the OpenIddict integration from working properly when using the sandbox mode.
                // To work around that, the endpoints are manually overriden when this environment is used.
-                if (context.Registration.ProviderType is ProviderTypes.PayPal &&
+                else if (context.Registration.ProviderType is ProviderTypes.PayPal &&
                    context.Registration.GetPayPalSettings() is { Environment: string environment } &&
                    string.Equals(environment, PayPal.Environments.Sandbox, StringComparison.OrdinalIgnoreCase))
                {
--- a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationProviders.xml
+++ b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationProviders.xml
@ -102,6 +102,27 @@
    <Environment Issuer="https://app.asana.com/api/1.0" />
  </Provider>

+  <!--
+                                                  ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
+                                                  █ ▄▄▀██ ██ █▄▄ ▄▄██ ██ █ ▄▄ ██
+                                                  █ ▀▀ ██ ██ ███ ████ ▄▄ █ ▀▄ ██
+                                                  █ ██ ██▄▀▀▄███ ████ ██ █ ▀▀ ██
+                                                  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+  -->
+
+  <Provider Name="Auth0" Id="7409ff87-3c9d-4959-b187-2fc0077d544f" Documentation="https://auth0.com/docs">
+    <!--
+      Note: Auth0 is a multitenant identity provider that doesn't have a generic
+      issuer URI. As such, the complete URI must always be set in the options.
+    -->
+
+    <Environment Issuer="{settings.Issuer}" />
+
+    <Setting PropertyName="Issuer" ParameterName="issuer" Type="Uri" Required="true"
+             Description="The URI used to access the Auth0 tenant (e.g 'https://contoso.us.auth0.com')" />
+  </Provider>
+
+
  <!--
                                        ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
                                        █ ▄▄▀██ ██ █▄▄ ▄▄██ ▄▄▄ ██ ▄▄▀██ ▄▄▄██ ▄▄▄ ██ █▀▄██
@ -1319,7 +1340,7 @@
                                           ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
  -->

-  <Provider Name="Verimi" Id="de781ebe-164c-4948-96d8-5e5adbbf19f0" Documentation="https://docs.verimi.de/#/oidc/oidc_overview">    
+  <Provider Name="Verimi" Id="de781ebe-164c-4948-96d8-5e5adbbf19f0" Documentation="https://docs.verimi.de/#/oidc/oidc_overview">
    <Environment Name="Production" Issuer="https://web.verimi.de/" />
    <Environment Name="Staging"    Issuer="https://web.uat.verimi.cloud/" />
  </Provider>
@ -1356,7 +1377,7 @@
      varies dynamically depending on the location of the client making the discovery request.

      Since the returned issuer is not stable, the hardcoded "https://www.webex.com/" is used instead.
-    -->    
+    -->

    <Environment Issuer="https://www.webex.com/" ConfigurationEndpoint="https://webexapis.com/v1/.well-known/openid-configuration" />
  </Provider>