How can I use oAuth0 in an asp net core minimal api backend that needs to do authenticate via oAuth2 to an external (not mine) api? All samples I did see so far, are doing Oidc and none of them just oAuth which is even the name of that whole product
the api is no oidc and the contrib repo to oauth on github does not have this api listed, the ms docs are missing the oauth section completly, only starting at oidc or the azure identity provider, which does not help on the task to get the initial token from that external api.
Can I use the oAuth products for this somehow?
the api of mine should get contacted from my client app via cookies, handle the identity resolving in the end, and do the oauth flow to external apis
Hi @DevTKSS,
Welcome to the Auth0 Community!
The reason that you were unable to see any documentation or sample codes for your use case is because all the current Auth0 SDKs are OIDC conformant, which is built on top of the OAuth 2.0 framework, including the client credentials flow needed here.
Our Client Credentials Flow with OIDC documentation also specifies that:
The OIDC-conformant pipeline enables the use of the Client Credentials Flow, which allows applications to authenticate as themselves (rather than on behalf of a user) to programmatically and securely obtain access to an API.
This exchange does not exist in the legacy pipeline; instead, the Resource Owner Password Flow is used to simulate it by creating a service user. We strongly discourage this approach in favor of using the Client Credentials Flow
This means you can still find a workaround by navigating through the ROP flow or by implementing the ASP.NET Core functionalities from our quickstarts ( with many resources and samples that can be found under this page, but the tokens received will still be OIDC complaint, meaning the transition to basic oath claims would require a custom implementation, so unfortunately there is no out of box solution for this, particularly because it implies major security concerns.
Best regards,
Remus
@remus.ivan well… that is indeed a problem for me, because even while I will implement also a Identity handling in my application, I will defintly need some oAuth2 to that external api which does require this.
I mean, its great, that there are so many packages (yours including) that allow me to do that oidc of the user in my own app, but I am lost on getting the oAuth2 flow established to the Authentication and token endpoint of that external api to get the token to interact with that api. I do have a shared secret and keystring aka api key from them, but I am searching for any package, that will allow me to do that flow with just providing those values in the hostbuilder, like with the:
global using Microsoft.AspNetCore.Authentication.OAuth;
and the
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddCookie()
.AddOAuth("ExternalApiName", options =>
{
but as this extension does neither has any sample documentation and only the api without sample code (where and how to call that challenge?) it seems to me as not usable 