Implementing OAuth 2.0 + openID token with ASP.NET5

I have the following code which seems to not do anything when I run the project.
I expect a browser redirect to happen to http://localhost:5000 requesting the "code" authorization flow.
Instead I just see "Hello World".

This is my startup.cs file:

using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace OAuthService
    public class Startup
        // This method gets called by the runtime. Use this method to add services to the container.
        // For more information on how to configure your application, visit
        public void ConfigureServices(IServiceCollection services)
            services.AddAuthentication(options =>
                options.DefaultAuthenticateScheme = "cookie";
                options.DefaultSignInScheme = "cookie";
                options.DefaultChallengeScheme = "oidc";
            .AddOpenIdConnect("oidc", options =>
                options.Authority = "http://localhost:5000";
                options.RequireHttpsMetadata = false; // dev only

                options.ClientId = "pkce_client";
                options.ClientSecret = "acf2ec6fb01a4b698ba240c2b10a0243";
                options.ResponseType = OpenIdConnectResponseType.Code;
                options.ResponseMode = "form_post";
                options.CallbackPath = "/OAuthService/GetResponse";
                options.UsePkce = true;

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
            if (env.IsDevelopment())



            app.UseEndpoints(endpoints =>
                endpoints.MapGet("/", async context =>
                    await context.Response.WriteAsync("Hello World!");

>Solution :

Someone needs to tell the authentication module that the user has to login. You either trigge that using

            app.UseEndpoints(endpoints =>
                endpoints.MapGet("/login", async context =>
                    var claims = new Claim[]
                                        //Standard claims
                                        new Claim(ClaimTypes.Name, "Joe Svensson"),
                                        new Claim(ClaimTypes.Country, "Sweden"),
                                        new Claim(ClaimTypes.Email, ""),

                                        //Custom claims
                                        new Claim("JobTitle", "Developer"),
                                        new Claim("JobLevel", "Senior"),

                    ClaimsIdentity identity = new ClaimsIdentity(claims: claims,
                                                      authenticationType: CookieAuthenticationDefaults.AuthenticationScheme);

                    ClaimsPrincipal user = new ClaimsPrincipal(identity: identity);

                    var authProperties = new AuthenticationProperties
                        IsPersistent = true

                    //Sign-in the user
                    await context.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, user, authProperties);

                    await context.Response.WriteAsync("<!DOCTYPE html><body>");
                    await context.Response.WriteAsync("<h1>Logged in!</h1>");

Or you add the Authorization handler middleware using


and configure it properly using:

.AddAuthorization(options =>

Leave a Reply