feature: Added External Athentication base

2025-10-06 19:54:25 -06:00
parent f08007eec7
commit 43b91ef560
21 changed files with 3629 additions and 4 deletions
--- a/src/ASPBaseOIDC.Web.Core/Controllers/TokenAuthController.cs
+++ b/src/ASPBaseOIDC.Web.Core/Controllers/TokenAuthController.cs
@@ -2,8 +2,10 @@
 using Abp.Authorization.Users;
 using Abp.MultiTenancy;
 using Abp.Runtime.Security;
+using ASPBaseOIDC.Application.Authorization.ExternalAuth.Dto;
 using ASPBaseOIDC.Authentication.JwtBearer;
 using ASPBaseOIDC.Authorization;
+using ASPBaseOIDC.Authorization.ExternalAuth;
 using ASPBaseOIDC.Authorization.Users;
 using ASPBaseOIDC.Models.TokenAuth;
 using ASPBaseOIDC.MultiTenancy;
@@ -24,17 +26,20 @@ namespace ASPBaseOIDC.Controllers
        private readonly ITenantCache _tenantCache;
        private readonly AbpLoginResultTypeHelper _abpLoginResultTypeHelper;
        private readonly TokenAuthConfiguration _configuration;
+        private readonly ExternalAuthenticationManager _externalAuthManager;

        public TokenAuthController(
            LogInManager logInManager,
            ITenantCache tenantCache,
            AbpLoginResultTypeHelper abpLoginResultTypeHelper,
-            TokenAuthConfiguration configuration)
+            TokenAuthConfiguration configuration,
+            ExternalAuthenticationManager externalAuthManager)
        {
            _logInManager = logInManager;
            _tenantCache = tenantCache;
            _abpLoginResultTypeHelper = abpLoginResultTypeHelper;
            _configuration = configuration;
+            _externalAuthManager = externalAuthManager;
        }

        [HttpPost]
@@ -57,6 +62,31 @@ namespace ASPBaseOIDC.Controllers
            };
        }

+        /// <summary>
+        /// Authenticate with external OIDC/OAuth2 provider (Authentik, Keycloak, etc.)
+        /// Passthrough approach: validates external token and returns it as-is
+        /// </summary>
+        [HttpPost]
+        [AbpAllowAnonymous]
+        public async Task<AuthenticateResultModel> AuthenticateExternal([FromBody] ExternalAuthModel model)
+        {
+            // Authenticate with external provider (validates token, provisions user if needed)
+            var result = await _externalAuthManager.AuthenticateWithExternalTokenAsync(
+                model.ProviderName,
+                model.IdToken,
+                AbpSession.TenantId
+            );
+
+            // Return original external token (passthrough approach)
+            return new AuthenticateResultModel
+            {
+                AccessToken = result.AccessToken, // Passthrough external token
+                EncryptedAccessToken = GetEncryptedAccessToken(result.AccessToken),
+                ExpireInSeconds = result.ExpiresIn,
+                UserId = result.User.Id
+            };
+        }
+
        private string GetTenancyNameOrNull()
        {
            if (!AbpSession.TenantId.HasValue)