Open Closed

Use OIDC Provider as main login #9578


User avatar
0
jesse.torres@millertanner.com created

Hi,

Can I use an OIDC provider like Okta or Auth0 as the main login for an ABP app (I don't want to use or maintain an auth server). I was able to configure authentication in ABP app to use Auth0 as main login. But after successful login in Auth0 and redirected back to my ABP app, the ABP app is showing user as not logged in. This is probably because we are missing mapping for user from Auth0 in APB user store. Do you have documentation to create user in ABP after successful login into an OIDC identity provider like Okta or Auth0.

I used this documentation to configure/replace login in ABP: https://abp.io/support/questions?Sort=LastActivityDate-desc&CreatorUserId=3a1ad840-bd4e-dc11-b055-ebcd98ef95c3

Thanks, Jesse


1 Answer(s)
  • User Avatar
    0
    AI-Bot created
    Support Team ABP Agent

    To use an external OIDC provider (like Okta or Auth0) as the main login for your ABP application, you need to configure external authentication and ensure that users authenticated via the OIDC provider are mapped or created in the ABP user store. This is necessary for ABP to recognize the user as logged in, manage permissions, and perform auditing.

    Here’s how you can achieve this:

    1. Configure OIDC Authentication
      In your ABP application's startup (e.g., HttpApi.Host or .Web project), configure the OIDC provider using AddOpenIdConnect:

      context.Services.AddAuthentication()
          .AddOpenIdConnect("OidcProvider", "OIDC Provider", options =>
          {
              options.Authority = "<OIDC_Authority_URL>";
              options.ClientId = "<ClientId>";
              options.ClientSecret = "<ClientSecret>";
              options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
              options.CallbackPath = "/signin-oidc";
              options.RequireHttpsMetadata = true;
              options.SaveTokens = true;
              options.GetClaimsFromUserInfoEndpoint = true;
              options.Scope.Add("email");
              options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
          });
      
    2. User Creation/Mapping After External Login
      ABP’s Account module handles external logins by default. When a user logs in via an external provider, ABP will attempt to find a user with the external login info. If not found, it will create a new user in the ABP user store using the claims (like email) from the OIDC provider.

      • Ensure the OIDC provider returns the email claim. ABP uses this to create the user.
      • If you are using the v2.0 endpoint, add options.Scope.Add("email"); to your OIDC configuration.
    3. Troubleshooting

      • If users are not being created, check that the email claim is present in the OIDC response.
      • If you get errors like System.ArgumentNullException: Value cannot be null. (Parameter 'userName'), it usually means the email claim is missing.
    4. Customizing User Creation
      If you need to customize how users are created or mapped, you can override the external login logic in the Account module by handling the OnExternalLoginCallbackAsync event.

    5. References and Examples

    These guides are applicable to any OIDC provider, not just Azure AD, and the same principles apply for Okta or Auth0.

    Sources:


    This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.

Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v10.0.0-preview. Updated on September 18, 2025, 07:10