As I understand from release notes of 4.5.2 support for oAuth2 and OpenId is dropped due to the DotNetOpenAuth dependency missing for .NET Core. But what about integrating the .NET Core Microsoft.AspNetCore.Authentication.OpenIdConnect, Microsoft.AspNetCore.Authentication.MicrosoftAccount and Microsoft.AspNetCore.Authentication.Google. Could these be used instead of previous ones?
They can't be used as-is. We'd need to integrate whatever solution we adopt to work with ServiceStack.Auth. You can create a feature request to track features like this.
Is it an option to move authentication over to IdentityServer like in this blog post?
You can use Identity Server as detailed in the blog post, it effectively shows how to crate a Custom AuthProvider using Identity Server's JWT implementation.
This is a different implementation to our own integrated simple Auth Story which includes our own JWT Auth Provider among its many other Auth Providers + Data Store / Session backends.
Thanks. I am trying to decide whether to go for .net core implementation or standard .net -- deployment on Linux is not a requirement for my new project, but I am not sure if it's a good idea to start a new project in standard .net (4.6) - not sure if there will be updates in this technology both for ServiceStack and other related libraries.
.NET Core is a cross-platform subset of .NET 4.6 Framework. i.e. .NET Core can run on .NET 4.6 but not the other way around.
ServiceStack shares a single code-base that targets both NET 4.5+ and .NET Core platforms, new features added to ServiceStack will be available to both platforms where possible. Given .NET Core contains a subset of the APIs available in .NET 4.6+, it's more likely that there will exist features in .NET 4.6 that are not in .NET Core more than the other way around. Features that are available in .NET Core but not in .NET 4.6 are going to be features that have dependencies on ASP.NET Core classes instead of ASP.NET's System.Web. When there's no dependency on ASP.NET Core, .NET Standard libraries should naturally support both platforms going forward.
Microsoft has published a guide on deciding which platform to choose:
My advice is that if you don't need to run on Linux or plan to Dockerize your Web App than go with .NET 4.6 as the platform and tooling is a lot more stable/mature. Unlike MS Fx's, as ServiceStack shares the same code-base / APIs if you ever need to, porting ServiceStack Apps from .NET 4.6 to .NET Core is fairly trivial.
This is an old topic and feature request is active, and I see you have a release on MyGet.
I'm also coming into this requirement. I'll checkout the MyGet option later.
Main reason for the reply is I wanted to make you aware of the
aspnet-contrib/AspNet.Security.OAuth.Providers project. Not sure how easily it'll be able to integrate into ServiceStack, but they already have a lot of providers integrated for .NET Core.
Including the ones provided by Microsoft (e.g. Google), they also have
Most of the important OAuth2 providers have been re-implemented without the DotNetOpenAuth dependency and are available for .NET Core in the ServiceStack/Auth folder. The recent additions include:
The primary missing one is Instagram due to Facebook locking access down and requiring manual approval of which I have a request pending to create a new account that I can use test against.
Adding a new OAuth provider generally involves creating a new App in their dev portal, finding all the URLs for their OAuth endpoints, testing it to find out what data they return and map it to an Authenticated UserSession. So they're straight forward to create when needed.
Another solution would be to use the new NetCoreIdentityAuthProvider which provides a bi-directional mapping that maps an Authenticated .NET Core User to an Authenticated UserSession and vice-versa.