OAuth 2.0 & OpenID Connect

OAuth 2.0 Overview

OAuth 2.0 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service.

Common OAuth 2.0 Flows

1. Authorization Code Flow (Most Secure)

User → App → Auth Server (login) → Auth Server (code) → App (exchange code for token) → Access Token

2. Client Credentials Flow (Machine-to-Machine)

App → Auth Server (client_id + client_secret) → Access Token

3. Resource Owner Password Flow (Legacy)

App → Auth Server (username + password) → Access Token

OpenID Connect (OIDC)

OpenID Connect is an identity layer on top of OAuth 2.0. It allows clients to verify the identity of users.

OAuth 2.0: Authorization (what can you access?) OpenID Connect: Authentication (who are you?)

Integration with External Providers

Google Authentication

dotnet add package Microsoft.AspNetCore.Authentication.Google

builder.Services.AddAuthentication()
    .AddGoogle(options =>
    {
        options.ClientId = builder.Configuration["Authentication:Google:ClientId"];
        options.ClientSecret = builder.Configuration["Authentication:Google:ClientSecret"];
    });

Microsoft Account

dotnet add package Microsoft.AspNetCore.Authentication.MicrosoftAccount

builder.Services.AddAuthentication()
    .AddMicrosoftAccount(options =>
    {
        options.ClientId = builder.Configuration["Authentication:Microsoft:ClientId"];
        options.ClientSecret = builder.Configuration["Authentication:Microsoft:ClientSecret"];
    });

Configuration

{
  "Authentication": {
    "Google": {
      "ClientId": "your-client-id.apps.googleusercontent.com",
      "ClientSecret": "your-client-secret"
    },
    "Microsoft": {
      "ClientId": "your-client-id",
      "ClientSecret": "your-client-secret"
    }
  }
}

Using Azure AD / Entra ID

dotnet add package Microsoft.Identity.Web

builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddMicrosoftIdentityWebApi(builder.Configuration.GetSection("AzureAd"));

{
  "AzureAd": {
    "Instance": "https://login.microsoftonline.com/",
    "Domain": "yourtenant.onmicrosoft.com",
    "TenantId": "your-tenant-id",
    "ClientId": "your-client-id"
  }
}

OAuth 2.0 Overview​

Common OAuth 2.0 Flows​

1. Authorization Code Flow (Most Secure)​

2. Client Credentials Flow (Machine-to-Machine)​

3. Resource Owner Password Flow (Legacy)​

OpenID Connect (OIDC)​

Integration with External Providers​

Google Authentication​

Microsoft Account​

Configuration​

Using Azure AD / Entra ID​

Resources​