From e13e2b4bb4c51978a31db9498a0b502c0ae5c4f3 Mon Sep 17 00:00:00 2001
From: pableess <8421069+pableess@users.noreply.github.com>
Date: Tue, 26 Sep 2023 07:38:36 -0500
Subject: [PATCH] Add Auth0 to the list of supported providers
---
...tClientWebIntegrationHandlers.Discovery.cs | 20 ++++++++++++++-
...penIddictClientWebIntegrationProviders.xml | 25 +++++++++++++++++--
2 files changed, 42 insertions(+), 3 deletions(-)
diff --git a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Discovery.cs b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Discovery.cs
index e873c82d..98086f16 100644
--- a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Discovery.cs
+++ b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Discovery.cs
@@ -5,6 +5,7 @@
*/
using System.Collections.Immutable;
+using OpenIddict.Extensions;
using static OpenIddict.Client.OpenIddictClientHandlers.Discovery;
using static OpenIddict.Client.WebIntegration.OpenIddictClientWebIntegrationConstants;
@@ -113,6 +114,14 @@ public static partial class OpenIddictClientWebIntegrationHandlers
context.Configuration.GrantTypesSupported.Add(GrantTypes.RefreshToken);
}
+ else if (context.Registration.ProviderType is ProviderTypes.Auth0)
+ {
+ context.Configuration.GrantTypesSupported.Add(GrantTypes.AuthorizationCode);
+ context.Configuration.GrantTypesSupported.Add(GrantTypes.ClientCredentials);
+ context.Configuration.GrantTypesSupported.Add(GrantTypes.DeviceCode);
+ context.Configuration.GrantTypesSupported.Add(GrantTypes.RefreshToken);
+ }
+
else if (context.Registration.ProviderType is
ProviderTypes.Cognito or ProviderTypes.EpicGames or
ProviderTypes.Microsoft or ProviderTypes.Salesforce)
@@ -330,11 +339,20 @@ public static partial class OpenIddictClientWebIntegrationHandlers
throw new ArgumentNullException(nameof(context));
}
+ // While Auth0 exposes an OpenID Connect-compliant logout endpoint, its address is not returned
+ // as part of the configuration document. To ensure RP-initiated logout is supported with Auth0,
+ // "end_session_endpoint" is manually computed using the issuer URI and added to the configuration.
+ if (context.Registration.ProviderType is ProviderTypes.Auth0)
+ {
+ context.Configuration.EndSessionEndpoint ??= OpenIddictHelpers.CreateAbsoluteUri(
+ context.Registration.Issuer, "oidc/logout");
+ }
+
// While PayPal supports OpenID Connect discovery, the configuration document returned
// by the sandbox environment always contains the production endpoints, which would
// prevent the OpenIddict integration from working properly when using the sandbox mode.
// To work around that, the endpoints are manually overriden when this environment is used.
- if (context.Registration.ProviderType is ProviderTypes.PayPal &&
+ else if (context.Registration.ProviderType is ProviderTypes.PayPal &&
context.Registration.GetPayPalSettings() is { Environment: string environment } &&
string.Equals(environment, PayPal.Environments.Sandbox, StringComparison.OrdinalIgnoreCase))
{
diff --git a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationProviders.xml b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationProviders.xml
index 977ee1f1..dd9366c3 100644
--- a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationProviders.xml
+++ b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationProviders.xml
@@ -102,6 +102,27 @@
+
+
+
+
+
+
+
+
+
+
+
-
+
@@ -1356,7 +1377,7 @@
varies dynamically depending on the location of the client making the discovery request.
Since the returned issuer is not stable, the hardcoded "https://www.webex.com/" is used instead.
- -->
+ -->