OAuth Overview
OAuth (Open Authorization) allows users to sign in to your application using their existing accounts from providers like Google, Facebook, and Microsoft.
How It Works
- User clicks "Sign in with [Provider]" on your login page
- User is redirected to the provider's login page
- User enters their credentials and grants permission
- Provider redirects back to your application with an authorization code
- Your application exchanges the code for user information
- User is logged in to your application
Benefits of OAuth
- User Convenience - No new password to remember
- Security - Passwords are never shared with your app
- Trust - Users trust established providers
- Less Friction - Faster registration and login
Supported Providers
| Provider | Configuration Setting | Setup Guide |
|---|---|---|
EnableGoogleAuth |
Google OAuth Setup | |
EnableFacebookAuth |
Facebook OAuth Setup | |
| Microsoft | EnableMicrosoftAuth |
Microsoft OAuth Setup |
Configuration Structure
OAuth settings are stored in appsettings.json:
{
"Authentication": {
"EnableGoogleAuth": false,
"Google": {
"ClientId": "",
"ClientSecret": ""
},
"EnableFacebookAuth": false,
"Facebook": {
"AppId": "",
"AppSecret": ""
},
"EnableMicrosoftAuth": false,
"Microsoft": {
"ClientId": "",
"ClientSecret": ""
}
}
}
Security Note:
Never commit client secrets to source control. Use User Secrets during development and environment variables or Azure Key Vault in production.
Never commit client secrets to source control. Use User Secrets during development and environment variables or Azure Key Vault in production.