{"id":19034898,"url":"https://github.com/avantipoint/mobileauth-lib","last_synced_at":"2025-04-23T18:01:53.078Z","repository":{"id":38043795,"uuid":"502100867","full_name":"AvantiPoint/mobileauth-lib","owner":"AvantiPoint","description":"A helper library for quickly \u0026 easily adding Sign in with Apple, Google, \u0026 Microsoft Accounts using AspNetCore Minimal APIs","archived":false,"fork":false,"pushed_at":"2024-11-08T15:25:23.000Z","size":332,"stargazers_count":42,"open_issues_count":7,"forks_count":5,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-04-18T04:12:29.142Z","etag":null,"topics":["aspnetcore","minimal-api","mobile-authentication","sign-in-with-apple","sign-in-with-google","sign-in-with-microsoft"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/AvantiPoint.png","metadata":{"files":{"readme":"ReadMe.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":["dansiegel"],"custom":["https://www.paypal.me/dansiegel"]}},"created_at":"2022-06-10T15:54:50.000Z","updated_at":"2025-04-07T07:07:24.000Z","dependencies_parsed_at":"2025-04-17T14:58:07.810Z","dependency_job_id":"5dd04bc0-2493-4888-ab67-d760f6b509ed","html_url":"https://github.com/AvantiPoint/mobileauth-lib","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AvantiPoint%2Fmobileauth-lib","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AvantiPoint%2Fmobileauth-lib/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AvantiPoint%2Fmobileauth-lib/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AvantiPoint%2Fmobileauth-lib/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/AvantiPoint","download_url":"https://codeload.github.com/AvantiPoint/mobileauth-lib/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250487526,"owners_count":21438612,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aspnetcore","minimal-api","mobile-authentication","sign-in-with-apple","sign-in-with-google","sign-in-with-microsoft"],"created_at":"2024-11-08T21:47:56.023Z","updated_at":"2025-04-23T18:01:52.985Z","avatar_url":"https://github.com/AvantiPoint.png","language":"C#","funding_links":["https://github.com/sponsors/dansiegel","https://www.paypal.me/dansiegel"],"categories":[],"sub_categories":[],"readme":"# MobileAuth Library\n\nThe MobileAuth Library is a helper library to help produce an OAuth endpoint using AspNetCore Minimal APIs for your Mobile Application. This can be done in just a few lines of code. Out of the box using the library you can support Sign In with Apple, Google, and Microsoft Accounts. These require no manual configuration in code and only for the configuration values to be added to the host or `appsettings.json` file. Additional / Custom providers can easily be added as well.\n\n```cs\nvar builder = WebApplication.CreateBuilder(args);\n\nbuilder.AddMobileAuth();\n\nvar app = builder.Build();\n\napp.UseHttpsRedirection();\napp.UseAuthentication();\napp.UseAuthorization();\n\n// maps https://{host}/mobileauth/{Apple|Google|Microsoft}\napp.MapMobileAuthRoute();\n\napp.Run();\n```\n\n## Configuration\n\nThe only required part of the configuration is the CallbackScheme. This can be anything you want and will be used in the redirect url. Note the redirect url will be formatted as `{CallbackScheme}://auth?access_token={jwt}\u0026expires_in={expires timestamp in Unix Seconds}`. This is meant to be used with the Xamarin or Maui Essentials WebAuthenticator.\n\n```json\n{\n  \"OAuth\": {\n    \"CallbackScheme\": \"yourappscheme\",\n    \"JwtKey\": \"yoursecretkey\",\n    \"Apple\": {\n      \"ServiceId\": \"{Apple Service Id}\",\n      \"TeamId\": \"{Your Apple Team Id}\",\n      \"KeyId\": \"{Your Apple Key Id}\",\n    },\n    \"Google\": {\n      \"ClientId\": \"{Google Client Id}\",\n      \"ClientSecret\": \"{Your Google Client Secret}\",\n    },\n    \"Microsoft\": {\n      \"ClientId\": \"{Microsoft Client Id}\",\n      \"ClientSecret\": \"{Your Microsoft Client Secret}\",\n    }\n  }\n}\n```\n\n### Jwt\n\nIn order to better assist you in providing authentication with your API the library will automatically wrap any claims into a self signed JWT. By default if no key is provided it will use a development key. You should be sure to update this for production scenarios. After your user has been authenticated you can use the AccessToken to authenticate with your API. Within this JWT you may find an original access token from the OAuth provider. If you need to access any API from Google or Microsoft for example you can use the original access token to authenticate with the API.\n\n### Apple Configuration\n\nAs with any app you will need to set up a new App Id in the Apple Developer Portal. Before you get very far you can grab the Team Id out of the Developer Portal. Just beneath your name in the Developer Portal you should see the Company Name / Team Name along with the Team Id `My Company - VK8ZR2JK2E`. You'll use the `VK8ZR2JK2E` as the Team Id in your configuration.\n\nIf you have not already created an App Id, you should start there. For this example we'll say the App Id is `com.example.myapp`. Be sure to enable the `Sign In with Apple` capability. \n\nOnce you've done this you should create a Key. Select the Keys option and then create a new Key. You can give it a name like `MyAppSIWA`, be sure to select the `Sign in with Apple` option. You'll need to click the configure button and select the Primary App Id that you created in the previous step, and hit save.\n\n\u003e NOTE:\n\u003e When selecting the primary app id, it will show up like `My Awesome App (DKD783KDELD.com.example.myapp)`, where `DKD783KDELD` is the App Id. It will then show below a `Grouped App Id` like `DKD783KDELD.com.example.myapp.sid`.\n\nOnce you have the Key, it should have downloaded with a file name like `AuthKey_IUK783KD3R9.p8`, where `IUK783KD3R9` is the Key Id that you will need for your configuration.\n\nWhen you're done you'll want to go back to the Identifiers and toggle from `App IDs` to `Service IDs`. You will need to create a the Service Id for your App as `com.example.myapp.sid` which you saw in the Grouped App Id, you will naturally provide this as the Service Id in your configuration. Again enable the `Sign In with Apple` capability, and this time when you configure it, it will prompt you for a host name and callback. Apple will NOT allow you to use localhost as an authorized host. You must deploy this or update your hosts file have something like `myapp.com` mapped back to `127.0.0.1`. You can then use `myapp.com` as an authorized host where the callback is `https://myapp.com/signin-apple`.\n\n\u003e NOTE:\n\u003e Be sure the generated key is in the `App_Data` directory with the name `AuthKey_{Your KeyId}.p8`.\n\nTo provide additional flexibility you can provide values for the following optional configuration values:\n\n```json\n{\n  \"OAuth\": {\n    \"Apple\": {\n      \"PrivateKey\": \"{The text value for your private key}\", // Recommended for development only\n      \"UseAzureKeyVault\": true // Optional, defaults to false\n    }\n  }\n}\n```\n\nWhen using Azure Key Vault we will only update the Apple Registration to ensure that your p8 is loaded from the Azure Key Vault however you will still need to properly configure your application to [connect to the Azure Key Vault](https://docs.microsoft.com/en-us/aspnet/core/security/key-vault-configuration?view=aspnetcore-6.0\u0026WT.mc_id=DT-MVP-5002924).\n\n### Google / Microsoft Configuration\n\nMicrosoft actually has decent docs on this please see:\n\n- [Google](https://docs.microsoft.com/en-us/aspnet/core/security/authentication/social/google-logins?view=aspnetcore-6.0\u0026WT.mc_id=DT-MVP-5002924) - To get your client id and secret go to [Google API \u0026 Services](https://console.cloud.google.com/apis/credentials)\n- [Microsoft](https://docs.microsoft.com/en-us/aspnet/core/security/authentication/social/microsoft-logins?view=aspnetcore-6.0\u0026WT.mc_id=DT-MVP-5002924) - To get your client id \u0026 secret [create an Application in Azure](https://go.microsoft.com/fwlink/?linkid=2083908\u0026WT.mc_id=DT-MVP-5002924)\n\nAgain once you've got your Client Id \u0026 Client Secret you simply need to provide them in your configuration when using this library.\n\n### Additional Providers\n\nYou can opt out of using any built in providers by simply not providing the required configuration values. In order to add additional providers you can access the AuthenticationBuilder and register any other providers you may need when calling the `AddMobileAuth` method.\n\n```cs\nbuilder.AddMobileAuth(auth =\u003e {\n    auth.AddFacebook(o =\u003e {\n        o.ClientId = \"{Facebook Client Id}\";\n        o.ClientSecret = \"{Facebook Client Secret}\";\n    });\n    // etc...\n});\n```\n\n### Customize Returned Claims\n\nBy Default the library will attempt to return the following claims:\n\n- The User's Given Name, Surname, \u0026 Full Name\n- The User's Email Address\n- The Authentication Provider (Apple, Google, Microsoft)\n- The Authentication Provider's User/Object Id\n- The Access \u0026 Refresh Tokens\n- When the Token Expires as a UTC time in Unix Seconds\n\nWhether you need to inject some additional logic or if you just want to customize how the claims are returned, it is very easy to do. You simply need to implement `IMobileAuthClaimsHandler` and register it with the `MobileAuthenticationBuilder` like so:\n\n```cs\nbuilder.AddMobileAuth(auth =\u003e {\n    auth.AddMobileAuthClaimsHandler\u003cMyCustomMobileAuthClaimsHandler\u003e();\n});\n```\n\n## Run The Sample\n\nEach of the supported providers has a default callback `signin-{provider}`. For example, when configuring the domain \u0026 callback in the Google console for local testing with the demo app you would use `https://localhost:7172/signin-google`. Similarly you would use the localhost domain for Microsoft. However it is important to note that Apple does NOT support localhost. In the case of Apple, for local testing you will need to use a normal formatted (does not need to be real) domain. You can then update the hosts file on your local machine to map the domain to the localhost IP address.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Favantipoint%2Fmobileauth-lib","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Favantipoint%2Fmobileauth-lib","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Favantipoint%2Fmobileauth-lib/lists"}