| | | 1 | | <# |
| | | 2 | | .SYNOPSIS |
| | | 3 | | Adds OAuth 2.0 (Authorization Code) authentication to the Kestrun server. |
| | | 4 | | .DESCRIPTION |
| | | 5 | | Configures the Kestrun server to use a generic OAuth 2.0 authorization-code flow. |
| | | 6 | | You can pass a prebuilt OAuthOptions object, or specify individual items (authority, paths, client, etc.). |
| | | 7 | | .PARAMETER Server |
| | | 8 | | The Kestrun server instance to configure. If not specified, the current server instance is used. |
| | | 9 | | .PARAMETER AuthenticationScheme |
| | | 10 | | The name of the OAuth authentication scheme (e.g., 'MyOAuth'). |
| | | 11 | | .PARAMETER DisplayName |
| | | 12 | | The display name for the authentication scheme (e.g., 'GitHub Login'). |
| | | 13 | | .PARAMETER Description |
| | | 14 | | A description of the OAuth authentication scheme. |
| | | 15 | | .PARAMETER Deprecated |
| | | 16 | | If specified, marks the authentication scheme as deprecated in OpenAPI documentation. |
| | | 17 | | .PARAMETER ClientId |
| | | 18 | | The OAuth client ID. |
| | | 19 | | .PARAMETER ClientSecret |
| | | 20 | | The OAuth client secret. |
| | | 21 | | .PARAMETER AuthorizationEndpoint |
| | | 22 | | The OAuth authorization endpoint URL. |
| | | 23 | | .PARAMETER TokenEndpoint |
| | | 24 | | The OAuth token endpoint URL. |
| | | 25 | | .PARAMETER CallbackPath |
| | | 26 | | The callback path for OAuth responses. |
| | | 27 | | .PARAMETER SaveTokens |
| | | 28 | | If specified, saves the OAuth tokens in the authentication properties. |
| | | 29 | | .PARAMETER UsePkce |
| | | 30 | | If specified, enables Proof Key for Code Exchange (PKCE) for enhanced security. |
| | | 31 | | .PARAMETER ClaimPolicy |
| | | 32 | | An optional Kestrun.Claims.ClaimPolicyConfig to apply claim policies during authentication. |
| | | 33 | | .PARAMETER Options |
| | | 34 | | An instance of Kestrun.Authentication.OAuth2Options containing the OAuth configuration. |
| | | 35 | | .PARAMETER PassThru |
| | | 36 | | If specified, returns the modified Kestrun server object. |
| | | 37 | | .EXAMPLE |
| | | 38 | | Add-KrOAuth2Authentication -AuthenticationScheme 'MyOAuth' -Options $oauthOptions |
| | | 39 | | Adds an OAuth2 authentication scheme named 'MyOAuth' using the provided options. |
| | | 40 | | .NOTES |
| | | 41 | | This is a convenience wrapper around the C# extension AddOAuth2Authentication. |
| | | 42 | | #> |
| | | 43 | | function Add-KrOAuth2Authentication { |
| | | 44 | | [KestrunRuntimeApi('Definition')] |
| | | 45 | | [CmdletBinding()] |
| | | 46 | | [OutputType([Kestrun.Hosting.KestrunHost])] |
| | | 47 | | param( |
| | | 48 | | [Parameter(Mandatory = $false, ValueFromPipeline = $true)] |
| | | 49 | | [Kestrun.Hosting.KestrunHost]$Server, |
| | | 50 | | |
| | | 51 | | [Parameter(Mandatory = $false)] |
| | | 52 | | [string]$AuthenticationScheme = [Kestrun.Authentication.AuthenticationDefaults]::OAuth2SchemeName, |
| | | 53 | | |
| | | 54 | | [Parameter(Mandatory = $false)] |
| | | 55 | | [string]$DisplayName = [Kestrun.Authentication.AuthenticationDefaults]::OAuth2DisplayName, |
| | | 56 | | |
| | | 57 | | [Parameter(Mandatory = $false)] |
| | | 58 | | [string]$Description, |
| | | 59 | | |
| | | 60 | | [Parameter(Mandatory = $false)] |
| | | 61 | | [switch]$Deprecated, |
| | | 62 | | |
| | | 63 | | [Parameter(Mandatory = $false)] |
| | | 64 | | [string]$ClientId, |
| | | 65 | | |
| | | 66 | | [Parameter(Mandatory = $false)] |
| | | 67 | | [string]$ClientSecret, |
| | | 68 | | |
| | | 69 | | [Parameter(Mandatory = $false)] |
| | | 70 | | [string]$AuthorizationEndpoint, |
| | | 71 | | |
| | | 72 | | [Parameter(Mandatory = $false)] |
| | | 73 | | [string]$TokenEndpoint, |
| | | 74 | | |
| | | 75 | | [Parameter(Mandatory = $false)] |
| | | 76 | | [string]$CallbackPath, |
| | | 77 | | |
| | | 78 | | [Parameter(Mandatory = $false)] |
| | | 79 | | [switch]$SaveTokens, |
| | | 80 | | |
| | | 81 | | [Parameter(Mandatory = $false)] |
| | | 82 | | [switch]$UsePkce, |
| | | 83 | | |
| | | 84 | | [Parameter(Mandatory = $false)] |
| | | 85 | | [Kestrun.Claims.ClaimPolicyConfig]$ClaimPolicy, |
| | | 86 | | |
| | | 87 | | [Parameter(Mandatory = $false)] |
| | | 88 | | [Kestrun.Authentication.OAuth2Options]$Options, |
| | | 89 | | |
| | | 90 | | [Parameter(Mandatory = $false)] |
| | | 91 | | [switch]$PassThru |
| | | 92 | | ) |
| | | 93 | | begin { |
| | | 94 | | # Ensure the server instance is resolved |
| | 0 | 95 | | $Server = Resolve-KestrunServer -Server $Server |
| | | 96 | | } |
| | | 97 | | process { |
| | 0 | 98 | | if ($null -eq $Options) { |
| | | 99 | | # Build options from individual parameters if not provided |
| | 0 | 100 | | $Options = [Kestrun.Authentication.OAuth2Options]::new() |
| | | 101 | | } |
| | | 102 | | |
| | 0 | 103 | | if ($ClientId) { $Options.ClientId = $ClientId } |
| | 0 | 104 | | if ($ClientSecret) { $Options.ClientSecret = $ClientSecret } |
| | 0 | 105 | | if ($AuthorizationEndpoint) { $Options.AuthorizationEndpoint = $AuthorizationEndpoint } |
| | 0 | 106 | | if ($TokenEndpoint) { $Options.TokenEndpoint = $TokenEndpoint } |
| | 0 | 107 | | if ($CallbackPath) { $Options.CallbackPath = $CallbackPath } |
| | 0 | 108 | | if ($ClaimPolicy) { $Options.ClaimPolicy = $ClaimPolicy } |
| | 0 | 109 | | if ($Description) { $Options.Description = $Description } |
| | | 110 | | |
| | | 111 | | # Set the Deprecated option |
| | 0 | 112 | | $Options.Deprecated = $Deprecated.IsPresent |
| | | 113 | | |
| | | 114 | | # Set other switches |
| | 0 | 115 | | $Options.SaveTokens = $SaveTokens.IsPresent |
| | 0 | 116 | | $Options.UsePkce = $UsePkce.IsPresent |
| | | 117 | | |
| | | 118 | | # Bridge to your C# extension (parallel to AddCookieAuthentication) |
| | 0 | 119 | | [Kestrun.Hosting.KestrunHostAuthnExtensions]::AddOAuth2Authentication( |
| | 0 | 120 | | $Server, $AuthenticationScheme, $DisplayName, $Options) | Out-Null |
| | 0 | 121 | | if ($PassThru.IsPresent) { |
| | 0 | 122 | | return $Server |
| | | 123 | | } |
| | | 124 | | } |
| | | 125 | | } |