1. Suppose you have a service **IAuthSettingsProvider** that fetches the settings from your database.
2. Register your provider in **ConfigureServices** in Startup:
3. Implement Your Provider
``` public interface IAuthSettingsProvider { Task<AuthSettings> GetSettingsAsync(string tenantId); }
public class AuthSettings { public string ClientId { get; set; } public string ClientSecret { get; set; } }
public class AuthSettingsProvider : IAuthSettingsProvider { public async Task<AuthSettings> GetSettingsAsync(string tenantId) { // Query your database for the tenant's settings // Example: // return await dbContext.TenantAuthSettings // .Where(t => t.TenantId == tenantId) // .Select(t => new AuthSettings { ClientId = t.ClientId, ClientSecret = t.ClientSecret }) // .FirstOrDefaultAsync();
// Placeholder: return new AuthSettings { ClientId = "tenant-specific-clientid", ClientSecret = "tenant-specific-clientsecret" }; } } ```
4. Use **OpenIdConnectEvents.OnRedirectToIdentityProvider** :
This event is triggered before redirecting to the identity provider. You can set ClientId and ClientSecret here, based on the current tenant/subdomain.
``` builder.Services.AddOpenIdConnect(options => { // Set static options as fallback/default options.Authority = configuration["Authentication:OpenId:Authority"]; options.ResponseType = OpenIdConnectResponseType.Code; options.SaveTokens = true; options.Scope.Add("openid"); options.Scope.Add("profile"); options.Scope.Add("email");
options.Events = new OpenIdConnectEvents { OnRedirectToIdentityProvider = async context => { // Get tenant/subdomain info from request var httpContext = context.HttpContext; var tenantId = httpContext.Request.Host.Host; // Or use a custom resolver
// Resolve your service from DI var tenantAuthProvider = httpContext.RequestServices.GetRequiredService<ITenantAuthSettingsProvider>(); var authSettings = await tenantAuthProvider.GetSettingsAsync(tenantId);
// Set ClientId and ClientSecret dynamically context.Options.ClientId = authSettings.ClientId; context.Options.ClientSecret = authSettings.ClientSecret; } }; }); ```

1. Suppose you have a service **IAuthSettingsProvider** that fetches the settings from your database.
2. Register your provider in **ConfigureServices** in Startup:
3. Implement Your Provider
``` public interface IAuthSettingsProvider { Task<AuthSettings> GetSettingsAsync(string tenantId); }
public class AuthSettings { public string ClientId { get; set; } public string ClientSecret { get; set; } }
public class AuthSettingsProvider : IAuthSettingsProvider { public async Task<AuthSettings> GetSettingsAsync(string tenantId) { // Query your database for the tenant's settings // Example: // return await dbContext.TenantAuthSettings // .Where(t => t.TenantId == tenantId) // .Select(t => new AuthSettings { ClientId = t.ClientId, ClientSecret = t.ClientSecret }) // .FirstOrDefaultAsync();
// Placeholder: return new AuthSettings { ClientId = "tenant-specific-clientid", ClientSecret = "tenant-specific-clientsecret" }; } } ```
4. Use **OpenIdConnectEvents.OnRedirectToIdentityProvider** :
This event is triggered before redirecting to the identity provider. You can set ClientId and ClientSecret here, based on the current tenant/subdomain.
``` builder.Services.AddOpenIdConnect(options => { // Set static options as fallback/default options.Authority = configuration["Authentication:OpenId:Authority"]; options.ResponseType = OpenIdConnectResponseType.Code; options.SaveTokens = true; options.Scope.Add("openid"); options.Scope.Add("profile"); options.Scope.Add("email");
options.Events = new OpenIdConnectEvents { OnRedirectToIdentityProvider = async context => { // Get tenant/subdomain info from request var httpContext = context.HttpContext; var tenantId = httpContext.Request.Host.Host; // Or use a custom resolver
// Resolve your service from DI var tenantAuthProvider = httpContext.RequestServices.GetRequiredService<ITenantAuthSettingsProvider>(); var authSettings = await tenantAuthProvider.GetSettingsAsync(tenantId);
// Set ClientId and ClientSecret dynamically context.Options.ClientId = authSettings.ClientId; context.Options.ClientSecret = authSettings.ClientSecret; } }; }); ```