Add-KrOpenIdConnectAuthentication

SYNOPSIS

Adds OpenID Connect (Authorization Code) authentication to the Kestrun server.

SYNTAX

__AllParameterSets

Add-KrOpenIdConnectAuthentication [[-Server] <KestrunHost>] [[-AuthenticationScheme] <string>]
 [[-DisplayName] <string>] [[-Description] <string>] [[-Authority] <string>] [[-ClientId] <string>]
 [[-ClientSecret] <string>] [[-AuthorizationEndpoint] <string>] [[-TokenEndpoint] <string>]
 [[-CallbackPath] <string>] [[-SignedOutCallbackPath] <string>]
 [[-ResponseType] <OpenIdConnectResponseType>] [[-ClaimPolicy] <ClaimPolicyConfig>]
 [[-Options] <OidcOptions>] [-SaveTokens] [-UsePkce] [-GetClaimsFromUserInfoEndpoint] [-PassThru]
 [<CommonParameters>]

ALIASES

This cmdlet has the following aliases, {{Insert list of aliases}}

DESCRIPTION

Convenience wrapper around the C# extension AddOpenIdConnectAuthentication. Registers three schemes:

, .Cookies, .Policy Enables PKCE and token persistence by default; supports custom scopes and callback path. ## EXAMPLES ### EXAMPLE 1 Add-KrOpenIdConnectAuthentication -Authority 'https://example.com' -ClientId $id -ClientSecret $secret ### EXAMPLE 2 Add-KrOpenIdConnectAuthentication -AuthenticationScheme 'AzureAD' -Authority $authority -ClientId $id -ClientSecret $secret -Scope 'email' -CallbackPath '/signin-oidc' ## PARAMETERS ### -AuthenticationScheme Base scheme name (default 'Oidc'). ```yaml Type: System.String DefaultValue: OpenIDConnect SupportsWildcards: false Aliases: [] ParameterSets: - Name: (All) Position: 1 IsRequired: false ValueFromPipeline: false ValueFromPipelineByPropertyName: false ValueFromRemainingArguments: false DontShow: false AcceptedValues: [] HelpMessage: '' ``` ### -Authority The OpenID Connect authority URL. ```yaml Type: System.String DefaultValue: '' SupportsWildcards: false Aliases: [] ParameterSets: - Name: (All) Position: 4 IsRequired: false ValueFromPipeline: false ValueFromPipelineByPropertyName: false ValueFromRemainingArguments: false DontShow: false AcceptedValues: [] HelpMessage: '' ``` ### -AuthorizationEndpoint The OpenID Connect authorization endpoint URL. ```yaml Type: System.String DefaultValue: '' SupportsWildcards: false Aliases: [] ParameterSets: - Name: (All) Position: 7 IsRequired: false ValueFromPipeline: false ValueFromPipelineByPropertyName: false ValueFromRemainingArguments: false DontShow: false AcceptedValues: [] HelpMessage: '' ``` ### -CallbackPath The callback path for OpenID Connect responses. ```yaml Type: System.String DefaultValue: '' SupportsWildcards: false Aliases: [] ParameterSets: - Name: (All) Position: 9 IsRequired: false ValueFromPipeline: false ValueFromPipelineByPropertyName: false ValueFromRemainingArguments: false DontShow: false AcceptedValues: [] HelpMessage: '' ``` ### -ClaimPolicy An optional Kestrun.Claims.ClaimPolicyConfig to apply claim policies during authentication. ```yaml Type: Kestrun.Claims.ClaimPolicyConfig DefaultValue: '' SupportsWildcards: false Aliases: [] ParameterSets: - Name: (All) Position: 12 IsRequired: false ValueFromPipeline: false ValueFromPipelineByPropertyName: false ValueFromRemainingArguments: false DontShow: false AcceptedValues: [] HelpMessage: '' ``` ### -ClientId The OpenID Connect client ID. ```yaml Type: System.String DefaultValue: '' SupportsWildcards: false Aliases: [] ParameterSets: - Name: (All) Position: 5 IsRequired: false ValueFromPipeline: false ValueFromPipelineByPropertyName: false ValueFromRemainingArguments: false DontShow: false AcceptedValues: [] HelpMessage: '' ``` ### -ClientSecret The OpenID Connect client secret. ```yaml Type: System.String DefaultValue: '' SupportsWildcards: false Aliases: [] ParameterSets: - Name: (All) Position: 6 IsRequired: false ValueFromPipeline: false ValueFromPipelineByPropertyName: false ValueFromRemainingArguments: false DontShow: false AcceptedValues: [] HelpMessage: '' ``` ### -Description A description of the OpenID Connect authentication scheme. ```yaml Type: System.String DefaultValue: '' SupportsWildcards: false Aliases: [] ParameterSets: - Name: (All) Position: 3 IsRequired: false ValueFromPipeline: false ValueFromPipelineByPropertyName: false ValueFromRemainingArguments: false DontShow: false AcceptedValues: [] HelpMessage: '' ``` ### -DisplayName The display name for the authentication scheme (default is the OpenID Connect default display name). ```yaml Type: System.String DefaultValue: OpenID Connect Authentication SupportsWildcards: false Aliases: [] ParameterSets: - Name: (All) Position: 2 IsRequired: false ValueFromPipeline: false ValueFromPipelineByPropertyName: false ValueFromRemainingArguments: false DontShow: false AcceptedValues: [] HelpMessage: '' ``` ### -GetClaimsFromUserInfoEndpoint If specified, retrieves additional claims from the UserInfo endpoint. ```yaml Type: System.Management.Automation.SwitchParameter DefaultValue: False SupportsWildcards: false Aliases: [] ParameterSets: - Name: (All) Position: Named IsRequired: false ValueFromPipeline: false ValueFromPipelineByPropertyName: false ValueFromRemainingArguments: false DontShow: false AcceptedValues: [] HelpMessage: '' ``` ### -Options An instance of Kestrun.Authentication.OidcOptions containing the OIDC configuration. ```yaml Type: Kestrun.Authentication.OidcOptions DefaultValue: '' SupportsWildcards: false Aliases: [] ParameterSets: - Name: (All) Position: 13 IsRequired: false ValueFromPipeline: false ValueFromPipelineByPropertyName: false ValueFromRemainingArguments: false DontShow: false AcceptedValues: [] HelpMessage: '' ``` ### -PassThru Return the modified server object. ```yaml Type: System.Management.Automation.SwitchParameter DefaultValue: False SupportsWildcards: false Aliases: [] ParameterSets: - Name: (All) Position: Named IsRequired: false ValueFromPipeline: false ValueFromPipelineByPropertyName: false ValueFromRemainingArguments: false DontShow: false AcceptedValues: [] HelpMessage: '' ``` ### -ResponseType The OpenID Connect response type (default is 'Code'). ```yaml Type: Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectResponseType DefaultValue: '' SupportsWildcards: false Aliases: [] ParameterSets: - Name: (All) Position: 11 IsRequired: false ValueFromPipeline: false ValueFromPipelineByPropertyName: false ValueFromRemainingArguments: false DontShow: false AcceptedValues: [] HelpMessage: '' ``` ### -SaveTokens If specified, saves the OpenID Connect tokens in the authentication properties. ```yaml Type: System.Management.Automation.SwitchParameter DefaultValue: False SupportsWildcards: false Aliases: [] ParameterSets: - Name: (All) Position: Named IsRequired: false ValueFromPipeline: false ValueFromPipelineByPropertyName: false ValueFromRemainingArguments: false DontShow: false AcceptedValues: [] HelpMessage: '' ``` ### -Server The Kestrun server instance. If omitted, uses the current active server. ```yaml Type: Kestrun.Hosting.KestrunHost DefaultValue: '' SupportsWildcards: false Aliases: [] ParameterSets: - Name: (All) Position: 0 IsRequired: false ValueFromPipeline: true ValueFromPipelineByPropertyName: false ValueFromRemainingArguments: false DontShow: false AcceptedValues: [] HelpMessage: '' ``` ### -SignedOutCallbackPath The callback path for sign-out responses. ```yaml Type: System.String DefaultValue: '' SupportsWildcards: false Aliases: [] ParameterSets: - Name: (All) Position: 10 IsRequired: false ValueFromPipeline: false ValueFromPipelineByPropertyName: false ValueFromRemainingArguments: false DontShow: false AcceptedValues: [] HelpMessage: '' ``` ### -TokenEndpoint The OpenID Connect token endpoint URL. ```yaml Type: System.String DefaultValue: '' SupportsWildcards: false Aliases: [] ParameterSets: - Name: (All) Position: 8 IsRequired: false ValueFromPipeline: false ValueFromPipelineByPropertyName: false ValueFromRemainingArguments: false DontShow: false AcceptedValues: [] HelpMessage: '' ``` ### -UsePkce If specified, enables Proof Key for Code Exchange (PKCE) for enhanced security. ```yaml Type: System.Management.Automation.SwitchParameter DefaultValue: False SupportsWildcards: false Aliases: [] ParameterSets: - Name: (All) Position: Named IsRequired: false ValueFromPipeline: false ValueFromPipelineByPropertyName: false ValueFromRemainingArguments: false DontShow: false AcceptedValues: [] HelpMessage: '' ``` ### CommonParameters This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](https://go.microsoft.com/fwlink/?LinkID=113216). ## INPUTS ### Kestrun.Hosting.KestrunHost {{ Fill in the Description }} ## OUTPUTS ### Kestrun.Hosting.KestrunHost {{ Fill in the Description }} ## NOTES ## RELATED LINKS {{ Fill in the related links here }}