Getting an oauth token from AAD .net core app? - asp.net-core

I will need to pass in an oauth token to a library in order to POST some information in a remote system.
For debugging purposes, I have created a basic app as per the Azure AD and OpenID Connect tutorial
At this point I am stumped. The documentation is somewhat opaque to a newbie and I have been unable to find relevant examples here and elsewhere.

Have a look at one of the samples here. You need to look for a Core app that calls another API (even Graph - it is also an API), e.g.: this one.

Related

OpenIddict configuration

I'm in need of a detailed explanation on how I should configure OpenIddict in ASP.NET Core 7.
I have been looking at the available examples and documentation for a week now.
But I do not understand why some examples have ~400 lines of code and others have ~40, in their controller or endpoint implementations.
To make my use case and problem more specific:
Server side:
ASP.NET Core 7
Using minimal APIs
EF Core 7
PostgreSQL
Clients:
Blazor WASM or Angular
Decision not yet made
A skeleton Blazor WASM app created
Mobile apps (native iOS and Android)
I also need to refresh the token, and the user to access and modify the profile data.
I will also need to use other authentication providers (e.g.: Apple, Google).
I read the official docs and tried to undertand the examples.
Edit: I tried the Balosar and Zirku examples.
It left me more confused.
So my goal would be to understand why I need to add and how to configure certain services to achive the functionality described above.
Also, how to implement the needed endpoints, can I do it in minimal APIs, or do I have to stick with the controllers, or add views?

Is it required to migrate to GIS when you're using google-oauth2?

This link https://developers.googleblog.com/2022/03/gis-jsweb-authz-migration.html says
Your full suite of apps and platforms may be using different methods of authentication and authorization from Google. The following are NOT affected by this deprecation announcement:
Android or iOS native app SDKs,
Backend platforms directly calling Google’s OAuth 2.0 or OpenID services.
I'm currently trying to understand our huge legacy code which might be affected by the GIS migration. Currently, we just redirect to https://accounts.google.com/o/oauth2/v2/auth to start the oauth2 process, once the user clicks the "Sign in with google" button. I've seen this link in the example of the old way from the migration document here: https://developers.google.com/identity/oauth2/web/guides/migration-to-gis#oauth-2.0-endpoints however I'm not sure if it is required to migrate to GIS or not.
From what I understand, only the frontend related libraries should be worried, but I'm dumb so maybe I'm misunderstanding. Can anyone help enlighten me?
Thanks.
You do not need to migrate if you are directly making calls to the Google's OAuth 2.0 endpoints.
The guide you reference recommends using the library with the note use the Google Identity Services library to support a less intrusive popup UX mode and to avoid having to manage complex OAuth 2.0 requests and responses. The intent there is to simplify your implementation not to force a migration.

How can we implement Single sign on using C# WEB API (Without MVC)?

The idea is to implement Single-sign on using the given technical stack (ASP.NET CORE WEB API, IdentityServer4, ReactJS - Front end)
ASP.NET Core Identity together with IdentityServer4 offers an extensions for Single-Sign-On (Google, Microsoft ect.) for MVC framework. However, a proper guidance is not given for a WEB API scenario.
Please provide me an example or a tutorial, which I can follow in this regard?
Thanks in advance.
*** Update ***
Would be great if an example is given for the flow of events on this scenario, as to how should the communication happen between the Front end application and the backend.

asp.net core social authentication - Is this code designed for backend also, or only for client side?

I have been reading today about the auth implemented in asp.net core for google and facebook, and prototype-ed a lot. Something that's not clear to me at all, even after going through the MSDN docs. and several blogs: Is any support for backend API validation added in .net core or do I still need to call into the google auth library to validate the auth tokens received from the client.
Note: I am using asp.net core as Web API and I don't use the MVC/Razor part.
thanks for any detail added on this!

Microsoft.Owin.Security.ActiveDirectory library purpose

I am getting myself familiar with all the stuff related to authentication using active directory (both Azure AD and Windows Server AD).
Currently I am inspecting MS Katana project which is based on OWIN specification.
There are three libraries and one of them is kind of confusing for me:
Microsoft.Owin.Security.ActiveDirectory
Microsoft.Owin.Security.OpenIdConnect
Microsoft.Owin.Security.WsFederation
As for OpenId and WsFederation I understand what they are for, there are plenty of examples and articles about that.
What confuses me is the purpose of the ActiveDirectory library. I mean is this another way how to authenticate against active directory besides OpenId and WsFederation?
I am unable to find any relevant clear articles and examples about this one. Even on this site is the libraty only listed, but missing example:
Azure Active Directory Authentication Libraries
So my question is what is this library for and what are the use cases for using it over OpenIdConnect and WsFederation ways.
Thanks
That library contains middleware used for securing Web API with Azure AD. Any sample featuring a web API project in https://github.com/AzureADSamples/ uses it.