diff --git a/src/Squidex/Config/Authentication/AuthenticationServices.cs b/src/Squidex/Config/Authentication/AuthenticationServices.cs index 476bd89ef..b36c70c7b 100644 --- a/src/Squidex/Config/Authentication/AuthenticationServices.cs +++ b/src/Squidex/Config/Authentication/AuthenticationServices.cs @@ -17,8 +17,9 @@ namespace Squidex.Config.Authentication var identityOptions = config.GetSection("identity").Get(); services.AddAuthentication() - .AddMyGoogleAuthentication(identityOptions) - .AddMyMicrosoftAuthentication(identityOptions) + .AddMyExternalGoogleAuthentication(identityOptions) + .AddMyExternalMicrosoftAuthentication(identityOptions) + .AddMyExternalOdic(identityOptions) .AddMyIdentityServerAuthentication(identityOptions, config) .AddCookie(); } diff --git a/src/Squidex/Config/Authentication/GoogleAuthenticationServices.cs b/src/Squidex/Config/Authentication/GoogleAuthenticationServices.cs index 6844572e6..50a3d77a1 100644 --- a/src/Squidex/Config/Authentication/GoogleAuthenticationServices.cs +++ b/src/Squidex/Config/Authentication/GoogleAuthenticationServices.cs @@ -12,7 +12,7 @@ namespace Squidex.Config.Authentication { public static class GoogleAuthenticationServices { - public static AuthenticationBuilder AddMyGoogleAuthentication(this AuthenticationBuilder authBuilder, MyIdentityOptions identityOptions) + public static AuthenticationBuilder AddMyExternalGoogleAuthentication(this AuthenticationBuilder authBuilder, MyIdentityOptions identityOptions) { if (identityOptions.IsGoogleAuthConfigured()) { diff --git a/src/Squidex/Config/Authentication/MicrosoftAuthenticationServices.cs b/src/Squidex/Config/Authentication/MicrosoftAuthenticationServices.cs index 1071a2238..ea2091810 100644 --- a/src/Squidex/Config/Authentication/MicrosoftAuthenticationServices.cs +++ b/src/Squidex/Config/Authentication/MicrosoftAuthenticationServices.cs @@ -12,7 +12,7 @@ namespace Squidex.Config.Authentication { public static class MicrosoftAuthenticationServices { - public static AuthenticationBuilder AddMyMicrosoftAuthentication(this AuthenticationBuilder authBuilder, MyIdentityOptions identityOptions) + public static AuthenticationBuilder AddMyExternalMicrosoftAuthentication(this AuthenticationBuilder authBuilder, MyIdentityOptions identityOptions) { if (identityOptions.IsMicrosoftAuthConfigured()) { diff --git a/src/Squidex/Config/Authentication/OidcServices.cs b/src/Squidex/Config/Authentication/OidcServices.cs new file mode 100644 index 000000000..c2cd360de --- /dev/null +++ b/src/Squidex/Config/Authentication/OidcServices.cs @@ -0,0 +1,34 @@ +// ========================================================================== +// Squidex Headless CMS +// ========================================================================== +// Copyright (c) Squidex UG (haftungsbeschränkt) +// All rights reserved. Licensed under the MIT license. +// ========================================================================== + +using Microsoft.AspNetCore.Authentication; +using Microsoft.AspNetCore.Authentication.OpenIdConnect; +using Microsoft.Extensions.DependencyInjection; + +namespace Squidex.Config.Authentication +{ + public static class OidcServices + { + public static AuthenticationBuilder AddMyExternalOdic(this AuthenticationBuilder authBuilder, MyIdentityOptions identityOptions) + { + if (identityOptions.IsOidcConfigured()) + { + var displayName = !string.IsNullOrWhiteSpace(identityOptions.OidcName) ? identityOptions.OidcName : OpenIdConnectDefaults.DisplayName; + + authBuilder.AddOpenIdConnect("ExternalOidc", displayName, options => + { + options.Authority = identityOptions.OidcAuthority; + options.ClientId = identityOptions.OidcClient; + options.ClientSecret = identityOptions.OidcSecret; + options.RequireHttpsMetadata = false; + }); + } + + return authBuilder; + } + } +} diff --git a/src/Squidex/Config/MyIdentityOptions.cs b/src/Squidex/Config/MyIdentityOptions.cs index 8ab795f53..e2ca6f3f9 100644 --- a/src/Squidex/Config/MyIdentityOptions.cs +++ b/src/Squidex/Config/MyIdentityOptions.cs @@ -21,6 +21,14 @@ namespace Squidex.Config public string MicrosoftSecret { get; set; } + public string OidcName { get; set; } + + public string OidcClient { get; set; } + + public string OidcSecret { get; set; } + + public string OidcAuthority { get; set; } + public string AuthorityUrl { get; set; } public string PrivacyUrl { get; set; } @@ -36,6 +44,11 @@ namespace Squidex.Config return !string.IsNullOrWhiteSpace(AdminEmail) && !string.IsNullOrWhiteSpace(AdminPassword); } + public bool IsOidcConfigured() + { + return !string.IsNullOrWhiteSpace(OidcAuthority) && !string.IsNullOrWhiteSpace(OidcClient) && !string.IsNullOrWhiteSpace(OidcSecret); + } + public bool IsGoogleAuthConfigured() { return !string.IsNullOrWhiteSpace(GoogleClient) && !string.IsNullOrWhiteSpace(GoogleSecret); diff --git a/src/Squidex/appsettings.json b/src/Squidex/appsettings.json index 0049e6bd7..d89b3fc6c 100644 --- a/src/Squidex/appsettings.json +++ b/src/Squidex/appsettings.json @@ -232,6 +232,13 @@ */ "microsoftClient": "b55da740-6648-4502-8746-b9003f29d5f1", "microsoftSecret": "idWbANxNYEF4cB368WXJhjN", + /* + * Settings for your custom oidc server. + */ + "oidcName": "OIDC", + "oidcAuthority": "", + "oidcClient": "", + "oidcSecret": "" /* * Lock new users automatically, the administrator must unlock them. */