AspNet.Security.OAuth.WordPress

ASP.NET Core security middleware enabling WordPress authentication.


Keywords
aspnetcore, authentication, oauth, security, wordpress, oauth2, social-authentication
License
Apache-2.0
Install
Install-Package AspNet.Security.OAuth.WordPress -Version 8.0.0

Documentation

AspNet.Security.OAuth.Providers

AspNet.Security.OAuth.Providers is a collection of security middleware that you can use in your ASP.NET Core application to support social authentication providers like GitHub, Twitter/X or Dropbox. It is directly inspired by Jerrie Pelser's initiative, Owin.Security.Providers.

The latest official release can be found on NuGet and the nightly builds on MyGet.

Build status

Tip

While the aspnet-contrib providers are still fully supported, developers are encouraged to use the OpenIddict client for new applications.

For information, see the Migrating to OpenIddict section.

Getting started

Adding social authentication to your application is a breeze and just requires a few lines in your Startup class:

public void ConfigureServices(IServiceCollection services)
{
    services.AddAuthentication(options => { /* Authentication options */ })
            .AddGitHub(options =>
            {
                options.ClientId = "49e302895d8b09ea5656";
                options.ClientSecret = "98f1bf028608901e9df91d64ee61536fe562064b";
            });
}

public void Configure(IApplicationBuilder app)
{
    app.UseAuthentication();
    app.UseAuthorization();
}

See the /samples directory for a complete sample using ASP.NET Core MVC and supporting multiple social providers.

Contributing

AspNet.Security.OAuth.Providers is actively maintained by:

We would love it if you could help contributing to this repository.

Special thanks to our contributors:

Security policy

Please see SECURITY.md for information about reporting security issues and bugs.

Support

Need help or wanna share your thoughts? Don't hesitate to join us on Gitter or ask your question on StackOverflow:

License

This project is licensed under the Apache License. This means that you can use, modify and distribute it freely. See https://www.apache.org/licenses/LICENSE-2.0.html for more details.

Migrating to OpenIddict

The OpenIddict client and its 75+ web providers have significant advantages over the simpler OAuth 2.0-only authentication handler that is used by the aspnet-contrib providers:

  • OpenIddict fully supports OpenID Connect, which allows enforcing additional security checks for providers that implement it.
  • The OpenIddict client is stateful and provides built-in countermeasures against nonce/token replay attacks.
  • While the aspnet-contrib providers only support the OAuth 2.0 code flow, the OpenIddict providers support additional flows, including the OpenID Connect hybrid flow, the OAuth 2.0 client credentials grant, the resource owner password credentials grant or the refresh token grant.
  • The OpenIddict client supports OAuth 2.0 token introspection and OAuth 2.0 token revocation.
  • OpenIddict uses OAuth 2.0 and OpenID Connect server configuration discovery to avoid hardcoding the endpoint URIs of a provider when possible, making the OpenIddict web providers more robust and more future-proof.
  • While the aspnet-contrib providers require targeting the latest ASP.NET Core version, the OpenIddict web providers can be used in any supported version. They can also be used in ASP.NET 4.6.1+ websites and Windows/Linux desktop applications.
  • OpenIddict uses Microsoft.Extensions.Http.Polly (or Microsoft.Extensions.Http.Resilience on .NET 8+) to make backchannel HTTP communications less prone to transient network errors.

For more information on how to get started with the OpenIddict web providers, you can read:

To contribute a new OpenIddict provider, visit Contributing a new Web provider.

Providers

Links to the latest stable and nightly NuGet packages for each provider, as well as a link to their integration documentation are listed in the table below.

Documentation for the providers' settings can be found here.

If a provider you're looking for does not exist, consider making a PR to add one.

Provider Stable Nightly Documentation
AdobeIO NuGet MyGet Documentation
Airtable NuGet MyGet Documentation
Alipay NuGet MyGet Documentation
Amazon NuGet MyGet Documentation
amoCRM NuGet MyGet Documentation
Apple NuGet MyGet Documentation
ArcGIS NuGet MyGet Documentation
Asana NuGet MyGet Documentation
Autodesk NuGet MyGet Documentation
Baidu NuGet MyGet Documentation
Basecamp NuGet MyGet Documentation
BattleNet NuGet MyGet Documentation
Bitbucket NuGet MyGet Documentation
Buffer NuGet MyGet Documentation
Calendly NuGet MyGet Documentation
CiscoSpark (Webex Teams) NuGet MyGet Documentation
Coinbase NuGet MyGet Documentation
DeviantArt NuGet MyGet Documentation
Deezer NuGet MyGet Documentation
DigitalOcean NuGet MyGet Documentation
Discord NuGet MyGet Documentation
Docusign NuGet MyGet Documentation
Dropbox NuGet MyGet Documentation
eBay NuGet MyGet Documentation
EVEOnline NuGet MyGet Documentation
ExactOnline NuGet MyGet Documentation
Feishu NuGet MyGet Documentation
Fitbit NuGet MyGet Documentation
Foursquare NuGet MyGet Documentation
Gitee NuGet MyGet Documentation
GitHub NuGet MyGet Documentation
GitLab NuGet MyGet Documentation
Harvest NuGet MyGet Documentation
HealthGraph (Runkeeper) NuGet MyGet N/A
Huawei NuGet MyGet Documentation
HubSpot NuGet MyGet Documentation
Imgur NuGet MyGet Documentation
Instagram NuGet MyGet Documentation
JumpCloud NuGet MyGet Documentation
KakaoTalk NuGet MyGet Documentation
Keycloak NuGet MyGet Documentation
KOOK NuGet MyGet Documentation
Kroger NuGet MyGet Documentation
Lichess NuGet MyGet Documentation
Line NuGet MyGet Documentation
LinkedIn NuGet MyGet Documentation
MailChimp NuGet MyGet Documentation
MailRu NuGet MyGet Documentation
Mixcloud NuGet MyGet Documentation
Moodle NuGet MyGet Documentation
Myob NuGet MyGet Documentation
Naver NuGet MyGet Documentation
NetEase NuGet MyGet Documentation
Nextcloud NuGet MyGet Documentation User EndPoint Documentation
Notion NuGet MyGet Documentation
Odnoklassniki NuGet MyGet Documentation
Okta NuGet MyGet Documentation
Onshape NuGet MyGet N/A
Patreon NuGet MyGet Documentation
Paypal NuGet MyGet Documentation
PingOne NuGet MyGet Documentation
Pipedrive NuGet MyGet Documentation
QQ NuGet MyGet Documentation
QuickBooks NuGet MyGet Documentation
Reddit NuGet MyGet Documentation
Salesforce NuGet MyGet Documentation
ServiceChannel NuGet MyGet Documentation
Shopify NuGet MyGet Documentation
Slack NuGet MyGet Documentation
Smartsheet NuGet MyGet Documentation
Snapchat NuGet MyGet Documentation
SoundCloud NuGet MyGet Documentation
Spotify NuGet MyGet Documentation
Stack Exchange NuGet MyGet Documentation
Strava NuGet MyGet Documentation
Streamlabs NuGet MyGet Documentation
SuperOffice NuGet MyGet Documentation
Trakt NuGet MyGet Documentation
Trovo NuGet MyGet Documentation
Twitch NuGet MyGet Documentation
Twitter NuGet MyGet Documentation
Typeform NuGet MyGet Documentation
Untappd NuGet MyGet Documentation
Vimeo NuGet MyGet Documentation
Visual Studio (Azure DevOps) NuGet MyGet Documentation
VK ID NuGet MyGet Documentation
Vkontakte NuGet MyGet Documentation
Weibo NuGet MyGet Documentation
Weixin (WeChat) NuGet MyGet Documentation
WordPress NuGet MyGet Documentation
WorkWeixin (WeCom) NuGet MyGet Documentation
Xero NuGet MyGet Documentation
Xumm NuGet MyGet Documentation
Yahoo NuGet MyGet Documentation
Yammer NuGet MyGet Documentation
Yandex NuGet MyGet Documentation
Zalo NuGet MyGet Documentation
Zendesk NuGet MyGet Documentation
Zoho NuGet MyGet Documentation
Zoom NuGet MyGet Documentation