Single Sign-on with OpenID Connect lets you use existing credentials configured in a UAA Server or TAS Single-Sign-on service for authentication and authorization in ASP.NET Core applications.
Steeltoe builds on top of Microsoft.AspNetCore.Authentication.OpenIdConnect. You may benefit from reading more about using OpenID Connect in ASP.NET Core.
Usage of Steeltoe's OpenID Connect provider is effectively identical to that of the OAuth2 provider, although the behind-the-scenes story is a little different. The OpenID Connect provider uses Microsoft's OpenId Connect implementation, and settings are based on Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions, with these additional properties:
| Name | Description | Default |
|---|---|---|
AdditionalScopes |
Scopes to request for tokens in addition to openid. |
string.Empty |
Timeout |
The timeout (in milliseconds) for calls to the auth server. | 100000 |
ValidateCertificates |
Validate Auth server certificate. | true |
Each setting above must be prefixed with
Security:Oauth2:Client.
Aside from the different base class for options, the only usage change is to call .AddCloudFoundryOpenId instead of .AddCloudFoundryOAuth.