While it seems interesting, the challenge I have is that my web server is behind two reverse proxies and does not have direct access to the Internet. Visitors first get on the main server, which will filter based on IP address to block hackers and malicious entities. Then the request gets passed to the second server which will mostly handle the frontend, but can make calls to the backend. Then this second server makes requests to my Web API, where I need authentication. But this server has no connection to the outside World.
So my challenge is to get things to work, and a simple username/password scheme is doable. Something like OpenID is also possible, but requires the website to accept incoming request from the OpenAI server and pass this on to my Web API.
It works okay, though. But that AddOpenIDConnect() part with the callback is a challenge. It means my website needs to understand some of the JWT while I want the Web API to handle it all.
I am not allowed to connect this Web API directly to the Internet, so some of this is very tricky…