feat: Add OIDC Identity Provider package#54
Open
PieterjanDeClippel wants to merge 11 commits intomasterfrom
Open
feat: Add OIDC Identity Provider package#54PieterjanDeClippel wants to merge 11 commits intomasterfrom
PieterjanDeClippel wants to merge 11 commits intomasterfrom
Conversation
Self-built OIDC server package with Authorization Code + PKCE flow, JWT signing, consent page, token cleanup, and discovery endpoints. Includes SparkId demo app, AddOidcLogin() for HR/Fleet, and ng-spark-auth external login button support. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
EntityMapper.ConvertToSerializableDictionary crashed on List<string> AsDetail properties (e.g. RedirectUris) because String's indexer property throws TargetParameterCountException on GetValue(). Now skips dictionary conversion for non-complex types. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add SparkUsers_ByLogin fanout index for FindByLoginAsync (RavenDB rejects multi-field Any() on auto indexes) - Add /connect/login as a fully MVC login page for the OIDC authorize flow (no Angular hybrid — matches the existing /connect/consent pattern) - Redirect authorize and consent endpoints to /connect/login instead of the Angular /login route - Fix EntityMapper crash on List<string> AsDetail properties (e.g. RedirectUris) — skip ConvertToSerializableDictionary for simple types - Gitignore oidc-signing-key.json (private key material) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…e-type array rendering - Harden OidcApplication model: multiple client secrets with expiration, AllowedGrantTypes, AllowedCorsOrigins, client claims, consent settings - Add scope-to-claim resolution from DB (OidcScope.ClaimTypes) instead of hardcoded logic in token generator and userinfo endpoint - Add client_credentials grant type support - Add RFC 7662 token introspection endpoint (/connect/introspect) - Add RFC 7009 token revocation endpoint (/connect/revoke) - Add dynamic CORS policy for OIDC endpoints based on AllowedCorsOrigins - Discovery endpoint now loads scopes dynamically from DB - Fix SparkId appsettings.json to nest RavenDb config under Spark section - Fix simple-type AsDetail array rendering (string[], List<string>) on po-detail and po-form components — render as list/input instead of empty table with zero columns - Update PRD with phases 7-11 roadmap Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…tables - Replace raw checkbox with bs-toggle-button on po-detail for boolean fields - Add [border]="true" to AsDetail tables on po-detail page - Update @mintplayer/ng-bootstrap to 21.12.8 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Change seed data ConsentType from "implicit" to "explicit" so users see the consent screen on first login and when new scopes are requested. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace full-page redirect with popup window for external login flow. The popup completes the OAuth flow and sends the result back to the parent window via postMessage, matching the MintPlayer pattern. Also adds PRD for two-factor authentication and popup login. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Backend: GET /spark/auth/logins and DELETE /spark/auth/logins/{provider}
- Angular: SparkProfileComponent showing user info, linked logins with
remove, and available providers with popup-based add flow
- Route: /profile added to sparkAuthRoutes (guarded by sparkAuthGuard)
- Auth bar: username now links to profile page
- Translation keys added for all four demo apps (en/fr/nl)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When a user with TwoFactorEnabled logs in via external OIDC provider, the callback now redirects to an inline HTML 2FA form instead of bypassing 2FA. Also adds MVC 2FA page to the Identity Provider's login flow (previously blocked with a TODO). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
MintPlayer.Spark.IdentityProviderNuGet package — self-built OIDC server with Authorization Code + PKCE flow, JWT signing (RSA 2048), consent page, token cleanup, and standard discovery/JWKS endpointsDemo/SparkIddemo app — identity provider managing OIDC Applications and Scopes via the Spark UI, with dev seed data for HR and Fleet clientsAddOidcLogin()extension onISparkBuilder— allows any Spark app to authenticate via an external OIDC provider (wired up in HR and Fleet pointing to SparkId)provideSparkOidcLogin()Angular provider + external login buttons on the ng-spark-auth login component.angular/added to.gitignoreKey design decisions
Microsoft.IdentityModel.JsonWebTokensRegistry.AddMiddleware()(same pattern as Messaging package)Test plan
/.well-known/openid-configurationand/.well-known/jwksendpoints🤖 Generated with Claude Code