Enable GitHub OAuth

Author: codybartfast

HelloGithubOAuth.csproj

@@ -1,9 +1,15 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
     <TargetFramework>net7.0</TargetFramework>
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
+    <UserSecretsId>63c704c5-1b97-410e-8252-657094113e9a</UserSecretsId>
   </PropertyGroup>
 
+  <ItemGroup>
+      <PackageReference Include="AspNet.Security.OAuth.GitHub" Version="7.0.0" />
+      <PackageReference Include="Octokit" Version="5.0.0" />
+  </ItemGroup>
+
 </Project>

Pages/Index.cshtml

@@ -6,5 +6,5 @@
 
 <div class="text-center">
     <h1 class="display-4">Welcome</h1>
-    <p>Learn about <a href="https://docs.microsoft.com/aspnet/core">building Web apps with ASP.NET Core</a>.</p>
+    <p>Learn <a asp-area="" asp-page="/Secret">my secret</a>.</p>
 </div>

Pages/Secret.cshtml

@@ -1,4 +1,10 @@
 @page
 @model HelloGithubOAuth.Pages.SecretModel
 @{
+    ViewData["Title"] = "Top Secret";
 }
+
+<div class="text-center">
+    <h1 class="display-4">🧁 I ate <em>two</em> cakes! 🧁</h1>
+    [<a href="/Signout">sign out</a>]
+</div>

Pages/Secret.cshtml.cs

@@ -1,8 +1,10 @@
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.RazorPages;
 
 namespace HelloGithubOAuth.Pages
 {
+    [Authorize]
     public class SecretModel : PageModel
     {
         public void OnGet()

Pages/Signin.cshtml

@@ -1,4 +1,29 @@
 @page
+
+@*
+    // Based on code by Khalid Abuhakmeh:
+    // https://khalidabuhakmeh.com/github-openid-auth-aspnet-core-apps
+*@
+
 @model HelloGithubOAuth.Pages.SigninModel
 @{
+    ViewData["Title"] = "Signin Page";
 }
+
+<div class="jumbotron">
+    <h1>Authentication</h1>
+    <p class="lead text-left">Sign in using one of these external providers:</p>
+
+    @foreach (var scheme in Model.Schemes!.OrderBy(p => p.DisplayName));
+    @foreach (var scheme in Model.Schemes!)
+    {
+        <form asp-page="SignIn" method="post">
+            <input type="hidden" name="Provider" value="@scheme.Name" />
+            <input type="hidden" name="ReturnUrl" value="@Model.ReturnUrl" />
+
+            <button class="btn btn-lg btn-success m-1" type="submit">
+                Sign in using @scheme.DisplayName
+            </button>
+        </form>
+    }
+</div>

Pages/Signin.cshtml.cs

@@ -1,12 +1,49 @@
+// Based on code by Khalid Abuhakmeh:
+// https://khalidabuhakmeh.com/github-openid-auth-aspnet-core-apps
+
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.RazorPages;
 
 namespace HelloGithubOAuth.Pages
 {
     public class SigninModel : PageModel
     {
+        public IEnumerable<AuthenticationScheme>? Schemes { get; set; }
+
+        [BindProperty(SupportsGet = true)]
+        public string? ReturnUrl { get; set; }
         public void OnGet()
         {
+            Schemes = GetExternalProvidersAsync(HttpContext);
+        }
+
+        public IActionResult OnPost([FromForm] string provider)
+        {
+            if (string.IsNullOrWhiteSpace(provider))
+            {
+                return BadRequest();
+            }
+
+            return IsProviderSupportedAsync(HttpContext, provider) is false
+                ? BadRequest()
+                : Challenge(new AuthenticationProperties
+                {
+                    RedirectUri = Url.IsLocalUrl(ReturnUrl) ? ReturnUrl : "/"
+                }, provider);
         }
+
+        private static AuthenticationScheme[] GetExternalProvidersAsync(HttpContext context)
+        {
+            var schemes = context.RequestServices.GetRequiredService<IAuthenticationSchemeProvider>();
+            return (schemes.GetAllSchemesAsync())
+                .Result
+                .Where(scheme => !string.IsNullOrEmpty(scheme.DisplayName))
+                .ToArray();
+        }
+
+        private static bool IsProviderSupportedAsync(HttpContext context, string provider) =>
+            GetExternalProvidersAsync(context)
+            .Any(scheme => string.Equals(scheme.Name, provider, StringComparison.OrdinalIgnoreCase));
     }
 }

Program.cs

@@ -1,10 +1,55 @@
+// Authentication based on code by Khalid Abuhakmeh:
+// https://khalidabuhakmeh.com/github-openid-auth-aspnet-core-apps
+
+using System.Security.Claims;
+using Microsoft.AspNetCore.Authentication.Cookies;
+using Microsoft.AspNetCore.Authentication;
+
 var builder = WebApplication.CreateBuilder(args);
 
 // Add services to the container.
 builder.Services.AddRazorPages();
 
+builder.Services.AddAuthentication(o =>
+        {
+            o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+        })
+        .AddCookie(o =>
+        {
+            o.LoginPath = "/signin";
+            o.LogoutPath = "/signout";
+        })
+        .AddGitHub(opts =>
+        {
+            opts.ClientId = builder.Configuration["github:clientId"]!;
+            opts.ClientSecret = builder.Configuration["github:clientSecret"]!;
+            opts.CallbackPath = "/signin-github";
+
+            opts.Events.OnCreatingTicket += context =>
+            {
+                if (context.AccessToken is { })
+                {
+                    context.Identity?.AddClaim(
+                        new Claim("access_token", context.AccessToken));
+                }
+                return Task.CompletedTask;
+            };
+        });
+
 var app = builder.Build();
 
+app.UseAuthentication();
+app.MapGet("/signout", async ctx =>
+    {
+        await ctx.SignOutAsync(
+            CookieAuthenticationDefaults.AuthenticationScheme,
+            new AuthenticationProperties
+            {
+                RedirectUri = "/"
+            });
+    });
+
+
 // Configure the HTTP request pipeline.
 if (!app.Environment.IsDevelopment())
 {