Using Social Authentication and OpenId Connect

Social Authentication is very useful for sites where you want to allow and encourage user registration. By using trusted external services from providers where users already have an account, users can register and login to your site without having to create yet another password, and this can significantly reduce friction to registering on your site.

For example here on we want to encourage users to register because it gives us a measure of how interested people are in cloudscribe components. So we have multiple social authentication providers enabled, which can be seen on our registration and login pages, as shown in the screenshots below.

 screenshot of the registration page

 screenshot of the login page

Users who already have accounts at those services can login to the site using their existing account at one or more of those services. After a user registers, they can still optionally add a local password to their account if they want to from their account settings. Also users who have already registered with a local password can optionally add social logins to their account from their account settings. To get to account settings, users just need to click the welcome message or the avatar/gravatar icon shown in the top navigation area of the page after you login.

How to Setup Social Authentication in cloudscribe Core

To enable social authentication you need to establish API credentials at one or more of the supported service providers and enter the credentials in the administrative user interface found under Administration > Security Settings > Social Logins

Where to Get API Credentials

Note that the "documentation" links in the list above go to the Microsoft documentation for setting up social authentication in ASP.NET Core. I linked to those because they give good details about how to setup your credentials at the various providers. Those articles also show how to wire things up in the Startup.cs file of your application, but you don't need to do any of that with cloudscribe Core, that is already wired up for you, you only need to enter the api credentials in the UI and then the social login buttons will appear on the registration and login pages.

Using OpenId Connect

OpenId Connect is more open ended, and you can use any service that implements the OpenId Connect protocols (such as Azure AD). cloudscribe Core has optional integration with IdentityServer4 which implements the OpenId Connect protocols, so you can actually use one installation of cloudscribe that has the IdentityServer4 integration to enable authentication in other installations of cloudscribe Core by setting up the client credentials for IdentityServer4. In other words a cloudscribe Core installation with the IdentityServer4 integration, can be an Identity Provider for other installations of cloudscribe Core or any client applications that can use OpenId Connect authentication. This can be very useful if you have multiple installations of cloudscribe and you want to have the same set of users across installations.

In the configuration of the 3rd party service, set the reply URL to and set the front-channel signout callback URL to

If using Microsoft Azure Active Directory, the Authority URL will resemble this (with a different identifier of course). Be sure to tick the box for "ID tokens (used for implicit and hybrid flows)" within the "Redirect URIs" section.