.Net Core Web API with JWT authentication and multiple providers

Question

I'm creating a .Net Core Web API app that implements JWT based authentication, and planning to offer to users different providers. They should be able to sign up using whatever Facebook, Google or Twitter account they have.

For MVC applications, there are libraries such AspNet.Security.OAuth.Providers, that implements cookie based authentication, but I can't find anything similar for Web APIs. Although I have been searching all sort of online resources, I don't believe I'm the first trying to achieve this goal.

I don't mind doing it from scratch (actually I'm learning a lot), but I have a feeling I'm missing something.

Is there any library/nuget package that offers out-of-box JWT based authentication with multiple providers?

Answer 1

The Microsoft.AspNetCore.Authentication lib contains all extensions you need. You can enable them by chaining them on the AddAuthentication() method on the IServiceCollection.

using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.JwtBearer;
...
public void ConfigureServices(IServiceCollection services)
{
    services.AddAuthentication()
        .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options => { ...})
        .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options => {...})
        .AddMicrosoftAccount(microsoftOptions => { ... })
        .AddGoogle(googleOptions => { ... })
        .AddTwitter(twitterOptions => { ... })
        .AddFacebook(facebookOptions => { ... });

}

Read the section below this code for a nice explaination.