I'm currently working on the migration of an existing Net Framework 4.7.2 Api app to .Net8.
The app appears to setup and use UseOAuthAuthorizationServer() as follows:
app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/connect/token"),
AuthorizeEndpointPath = new PathString("/connect/authorize"),
Provider = container.Resolve<OAuthAuthorizationServerProvider>(),
AllowInsecureHttp = true,
AccessTokenProvider =
container.ResolveNamed<IAuthenticationTokenProvider>("AuthenticationTokenProvider"),
RefreshTokenProvider = container.ResolveNamed<IAuthenticationTokenProvider>("RefreshTokenProvider")
})
I undersatnd that authorization has changed a lot between .netframework and .net8 and from reading various on line posts, I'm getting the impression that UseOAuthAuthorizationServer was not ported across after .Net5?
Currently the OAuth provider is used by a SPA (angular v12) and appears to use the Implict grant flow, where the SPA will send the request to /connect/authorize?response_type=token. Which in turn gets picked up and handled by the associated OAuthAuthorizationServerProvider, resulting in response redirect with access tokens etc. I'm aware that this might not be the best modern approach, however I'd like to make the least amount of changes whilst trying to mirgrate the current code base.
In order to move forward with the migration to .Net8 I'm trying to figure out what my options are and what is/if the equivalent in net8?
Would I have to implement a custom OAuth by using AddOAuth() e.g.
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddOAuth(
"custom", o =>
{
o.AuthorizationEndpoint = "";
o.TokenEndpoint = "";
o.UsePkce = false;
})
Thanks