This example shows how OpenID Connect can be used for members in Umbraco. It's a complete Umbraco solution with a SQLite database. Everything is already configured correct so you can just download the project and run it.
It's based on the external login providers documentation:
https://docs.umbraco.com/umbraco-cms/reference/security/external-login-providers
There are two versions of this example. The v13 version can be found in Umbraco-OpenIdConnect-Example.Web, which references Umbraco-OpenIdConnect-Example.Core. The v14+ version has been completely rebuilt and can be found in Umbraco-OpenIdConnect-Example-v14+, offering full compatibility with Umbraco v14 and above.
Backoffice credentials:
| Username | [email protected] |
| Password | AKXT9fJGqBvKCVK5TqNZ |
External member credentials:
| Username | [email protected] |
| Password | juSp#&uf4a+omLkigIto |
Tip
I also created a fork of the Umbraco Delivery API - member auth demo. It adds support for external login providers. See this pull request for all the changes. You can also find more info in this blog.
You can watch a getting started video here: https://youtu.be/cklH7DtRDIQ
You can watch my online presentation here: https://youtu.be/I4ysh-czrYk
All important files that are used for this setup are in the Umbraco-OpenIdConnect-Example.Core project.
- OpenIdConnectMemberExternalLoginProviderOptions.cs
This file is used to setup the auto link options. - UmbracoBuilderExtensions.cs
Extensions used to setup OpenID Connect and the related events. - ExternalLogoutController.cs
A new controller used for logout on the external login provider.
This project now demonstrates integration with MojoAuth, an easy-to-use, passwordless-first authentication platform that also supports standard OpenID Connect (OIDC) flows for seamless member login within Umbraco.
MojoAuth provides:
- Hosted Login Page – Ready-made, customizable login experience
- OpenID Connect Support – Standards-based authentication and authorization
- Passwordless Options – Email magic links / OTP and other frictionless methods
- Secure Token Handling – Follows OIDC and OAuth 2.0 best practices
- Simple Configuration – Minimal setup to get running quickly
The OpenIdConnect section inside the appsettings.json files is prepared for MojoAuth. Replace the placeholder values with those from your MojoAuth OIDC application:
"OpenIdConnect": {
"MetadataAddress": "https://{project name}.auth.mojoauth.com/.well-known/openid-configuration",
"ClientId": "{mojoauth application client id}",
"ClientSecret": "{mojoauth application client secret}",
"LogoutUrl": "https://{project name}.auth.mojoauth.com/v2/logout",
"ReturnAfterLogout": "https://localhost:44342/"
}Where {project name} is the MojoAuth tenant / project slug created in your MojoAuth dashboard.
- Create / log into your account at: https://dashboard.mojoauth.com
- Navigate to Applications → Create OIDC Application.
- Note the Client ID and Client Secret.
- Set the Redirect / Callback URL to your Umbraco external sign-in endpoint (e.g.
https://localhost:44342/umbraco-signin-oidc). - (Optional) Configure Post Logout Redirect URL to match
ReturnAfterLogout. - Copy the Issuer (it follows
https://{project name}.auth.mojoauth.com). - Update both
appsettings.jsonfiles (for v13 and v14+) with your values.
- Restore & build the solution.
- Update configuration with your MojoAuth credentials.
- Start the site and browse to a page containing the login partial.
- Click the external login button – you will be redirected to the MojoAuth hosted page.
- Complete authentication and you will return as a linked Umbraco member.
- MojoAuth Hosted Login Page Docs – Customization & options
- MojoAuth OIDC Guide – Standard OIDC configuration steps
- OpenID Connect Specification – Protocol reference
- Keep your
ClientSecretout of source control for real projects. It is included here only for demonstration with placeholder values. - Ensure HTTPS is used in production for all redirect URLs.
- You can extend the auto-linking logic in
OpenIdConnectMemberExternalLoginProviderOptions.csif you need to map more profile fields returned by MojoAuth's userinfo endpoint.
