IdentityServer.External.TokenExchange 1.0.0

A solution for exchanging external (Facebook,Google,Twitter etc) tokens with IdentityServer access token.

Install-Package IdentityServer.External.TokenExchange -Version 1.0.0
dotnet add package IdentityServer.External.TokenExchange --version 1.0.0
<PackageReference Include="IdentityServer.External.TokenExchange" Version="1.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add IdentityServer.External.TokenExchange --version 1.0.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Exchanging external Tokens (Google, Twitter, Facebook,LinkedIn) with IdentityServer access tokens using an extension grant

Setup

By default the package contains implementations for Google , Facebook , Twitter & LinkedIn and can be configured using the AddDefaultExternalTokenProviders method.

 services.AddIdentityServer()

                /** identity server configs **/

                .AddDeveloperSigningCredential()
                .AddInMemoryClients(IdentityServerConfig.GetClients())
                .AddInMemoryIdentityResources(IdentityServerConfig.GetIdentityResources())
                .AddInMemoryApiResources(IdentityServerConfig.GetApiResources())
                .AddTestUsers(IdentityServerConfig.GetUsers())

               /** token exchange configs **/
               
                .AddTokenExchangeForExternalProviders()  //registers an extension grant
                .AddDefaultTokenExchangeProviderStore()  //registers default in-memory store for providers info
                .AddDefaultExternalTokenProviders()      //registers providers auth implementations
                .AddDefaultTokenExchangeProfileService() //registers default profile service
                .AddDefaultExternalUserStore();          //registers default in-memory user's store

Usage

  • Request authentication using the provider's native library.
  • Exchange external token with IdentityServer token by making following request to IdentityServer.
POST connect/token
     
     client_id = [your_client_id]
     client_secret = [your_client_secret]
     scopes = [your_scopes]
     grant_type = external
     provider = facebook 
     external_token  = [facebook_access_token]
  • If user is already registered then IdentityServer will return the access token, otherwise it will send the user's data and prompt for an email parameter to be added, in this case make another request with an extra email parameter.
POST connect/token
    
    client_id = [your_client_id]
    client_secret = [your_client_secret]
    scopes = [your_scopes]
    grant_type = external
    provider = facebook 
    email = myemail@abc.com
    external_token  = [facebook_access_token]

You can change provider to Facebook , Google , Twitter and LinkedIn and provide respective token in the external_token parameter.

Customization

Adding Custom Provider
Step: 1 Provide external authentication provider

Provide an implementation of IExternalTokenProvider.
This class will be responsible for talking to your external provider for retrieving user's info.

The name of the class must follow the naming convention (Add "AuthProvider" at the end of your your class name) otherwise the DI would be unable to resolve it.

Step: 2 Provide a custom provider store

Add a custom provider store by implementing ITokenExchangeProviderStore. This class will be
responsible for managing all information abour all the providers i.e. facebook , google and custom providers.

Step: 3

Register your service in Startup.cs

 .AddCustomExternalTokenProvider<MyCustomAuthProvider>();
Step: 4

register your custom providers store.

  .AddCustomTokenExchangeProviderStore<MyCustomProviderStore>();

Exchanging external Tokens (Google, Twitter, Facebook,LinkedIn) with IdentityServer access tokens using an extension grant

Setup

By default the package contains implementations for Google , Facebook , Twitter & LinkedIn and can be configured using the AddDefaultExternalTokenProviders method.

 services.AddIdentityServer()

                /** identity server configs **/

                .AddDeveloperSigningCredential()
                .AddInMemoryClients(IdentityServerConfig.GetClients())
                .AddInMemoryIdentityResources(IdentityServerConfig.GetIdentityResources())
                .AddInMemoryApiResources(IdentityServerConfig.GetApiResources())
                .AddTestUsers(IdentityServerConfig.GetUsers())

               /** token exchange configs **/
               
                .AddTokenExchangeForExternalProviders()  //registers an extension grant
                .AddDefaultTokenExchangeProviderStore()  //registers default in-memory store for providers info
                .AddDefaultExternalTokenProviders()      //registers providers auth implementations
                .AddDefaultTokenExchangeProfileService() //registers default profile service
                .AddDefaultExternalUserStore();          //registers default in-memory user's store

Usage

  • Request authentication using the provider's native library.
  • Exchange external token with IdentityServer token by making following request to IdentityServer.
POST connect/token
     
     client_id = [your_client_id]
     client_secret = [your_client_secret]
     scopes = [your_scopes]
     grant_type = external
     provider = facebook 
     external_token  = [facebook_access_token]
  • If user is already registered then IdentityServer will return the access token, otherwise it will send the user's data and prompt for an email parameter to be added, in this case make another request with an extra email parameter.
POST connect/token
    
    client_id = [your_client_id]
    client_secret = [your_client_secret]
    scopes = [your_scopes]
    grant_type = external
    provider = facebook 
    email = myemail@abc.com
    external_token  = [facebook_access_token]

You can change provider to Facebook , Google , Twitter and LinkedIn and provide respective token in the external_token parameter.

Customization

Adding Custom Provider
Step: 1 Provide external authentication provider

Provide an implementation of IExternalTokenProvider.
This class will be responsible for talking to your external provider for retrieving user's info.

The name of the class must follow the naming convention (Add "AuthProvider" at the end of your your class name) otherwise the DI would be unable to resolve it.

Step: 2 Provide a custom provider store

Add a custom provider store by implementing ITokenExchangeProviderStore. This class will be
responsible for managing all information abour all the providers i.e. facebook , google and custom providers.

Step: 3

Register your service in Startup.cs

 .AddCustomExternalTokenProvider<MyCustomAuthProvider>();
Step: 4

register your custom providers store.

  .AddCustomTokenExchangeProviderStore<MyCustomProviderStore>();

Release Notes

Exchange identityserver tokens with facebook, linkedin , twitter and google tokens.

This package is not used by any popular GitHub repositories.

Version History

Version Downloads Last updated
1.0.0 608 5/21/2018