{"id":22268124,"url":"https://github.com/curityio/oauth-agent-dotnet","last_synced_at":"2025-07-28T12:31:03.051Z","repository":{"id":74437555,"uuid":"583605912","full_name":"curityio/oauth-agent-dotnet","owner":"curityio","description":"A .NET OAuth Agent, providing API driven OpenID Connect for SPAs","archived":false,"fork":false,"pushed_at":"2024-06-14T16:20:08.000Z","size":243,"stargazers_count":7,"open_issues_count":0,"forks_count":4,"subscribers_count":4,"default_branch":"main","last_synced_at":"2024-06-14T17:34:01.889Z","etag":null,"topics":["dotnet","oauth-agent","oauth2","openid-connect","spa","token-handler"],"latest_commit_sha":null,"homepage":"https://curity.io/resources/learn/dotnet-oauth-agent/","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/curityio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-12-30T09:49:28.000Z","updated_at":"2024-06-14T16:20:12.000Z","dependencies_parsed_at":"2024-06-14T17:28:16.166Z","dependency_job_id":"9a4fc3d0-1438-4f83-aab7-d0bf254b9553","html_url":"https://github.com/curityio/oauth-agent-dotnet","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Foauth-agent-dotnet","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Foauth-agent-dotnet/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Foauth-agent-dotnet/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/curityio%2Foauth-agent-dotnet/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/curityio","download_url":"https://codeload.github.com/curityio/oauth-agent-dotnet/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":227905532,"owners_count":17837906,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dotnet","oauth-agent","oauth2","openid-connect","spa","token-handler"],"created_at":"2024-12-03T11:11:38.071Z","updated_at":"2024-12-03T11:11:38.952Z","avatar_url":"https://github.com/curityio.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# A .NET OAuth Agent for SPAs\n\n[![Quality](https://img.shields.io/badge/quality-test-yellow)](https://curity.io/resources/code-examples/status/)\n[![Availability](https://img.shields.io/badge/availability-source-blue)](https://curity.io/resources/code-examples/status/)\n\n## Overview\n\nThe OAuth Agent acts as a modern `Back End for Front End (BFF)` for Single Page Applications.\\\nThis implementation demonstrates the standard pattern for SPAs:\n\n- Strongest browser security with only `SameSite=strict` cookies\n- The OpenID Connect flow uses Authorization Code Flow (PKCE) and a client secret\n\n![Logical Components](/doc/logical-components.png)\n\n## Architecture\n\nThe following endpoints are implemented by the OAuth agent.\\\nThe SPA calls these endpoints via one liners, to perform its OAuth work:\n\n| Endpoint | Description |\n| -------- | ----------- |\n| POST /oauth-agent/login/start | Start a login by providing the request URL to the SPA and setting temporary cookies |\n| POST /oauth-agent/login/end | Complete a login and issuing secure cookies for the SPA containing encrypted tokens |\n| GET /oauth-agent/userInfo | Return information from the User Info endpoint for the SPA to display |\n| GET /oauth-agent/claims | Return ID token claims such as `auth_time` and `acr` |\n| POST /oauth-agent/refresh | Refresh an access token and rewrite cookies |\n| POST /oauth-agent/logout | Clear cookies and return an end session request URL |\n\nFor further details see the [Architecture](/doc/Architecture.md) article.\n\n## Deployment\n\nBuild the OAuth agent into a Docker image:\n\n```bash\ndotnet publish oauth-agent.csproj -c Release -r linux-x64 --no-self-contained\ndocker build -t oauthagent:1.0.0 .\n```\n\nThen deploy the Docker image with environment variables similar to these:\n\n```yaml\noauth-agent:\n  image: oauthagent:1.0.0\n  hostname: oauthagent-host\n  environment:\n    PORT: 3001\n    TRUSTED_WEB_ORIGIN: 'https://www.example.com'\n    ISSUER: 'https://login.example.com/oauth/v2/oauth-anonymous'\n    AUTHORIZE_ENDPOINT: 'https://login.example.com/oauth/v2/oauth-authorize'\n    TOKEN_ENDPOINT: 'https://login-internal/oauth/v2/oauth-token'\n    USERINFO_ENDPOINT: 'https://login-internal/oauth/v2/oauth-userinfo'\n    LOGOUT_ENDPOINT: 'https://login.example.com/oauth/v2/oauth-session/logout'\n    CLIENT_ID: 'spa-client'\n    CLIENT_SECRET: 'Password1'\n    REDIRECT_URI: 'https://www.example.com/'\n    POST_LOGOUT_REDIRECT_URI: 'https:www.example.com/'\n    SCOPE: 'openid profile'\n    COOKIE_DOMAIN: 'api.example.com'\n    COOKIE_NAME_PREFIX: 'example'\n    COOKIE_ENCRYPTION_KEY: 'fda91643fce9af565bdc34cd965b48da75d1f5bd8846bf0910dd6d7b10f06dfe'\n    CORS_ENABLED: 'true'\n    SERVER_CERT_P12_PATH: '/certs/my.p12'\n    SERVER_CERT_P12_PASSWORD: 'Password1'\n```\n\nIf the OAuth Agent is deployed to the web domain, then set these properties:\n\n```yaml\nCOOKIE_DOMAIN: 'www.example.com'\nCORS_ENABLED: 'false'\n```\n\nIn development setups, HTTP URLs can be used and certificate values left blank.\n\n## OAuth Agent Development\n\nSee the [Setup](/doc/Setup.md) article for details on productive OAuth Agent development.\\\nThis enables a test driven approach to developing the OAuth Agent, without the need for a browser.\n\n## End-to-End SPA Flow\n\nRun the below code example to use the OAuth Agent in an end-to-end SPA flow:\n\n- [SPA Code Example](https://github.com/curityio/spa-using-token-handler)\n\n## Website Documentation\n\nSee the [Curity Token Handler Design Overview](https://curity.io/resources/learn/token-handler-overview/) for further token handler information.\n\n## More Information\n\nPlease visit [curity.io](https://curity.io/) for more information about the Curity Identity Server.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcurityio%2Foauth-agent-dotnet","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcurityio%2Foauth-agent-dotnet","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcurityio%2Foauth-agent-dotnet/lists"}