ASP.NET Core 2.0 - ArgumentException: Options.ClientId must be provided

Question

I have a .NET Core 1.1 application that I wish upgrade to .NET Core 2.0. Upon updating the target framework and all dependencies, I found that my authentication setup would not compile. I have updated to account for removed properties and deprecated/moved method calls. Ellipses used to represent code omitted for brevity.

I now receive the following error whenever I start my application

1.1 Code - Inside public void Configure() method of Startup.cs

app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationScheme = "Cookies",
    ExpireTimeSpan = TimeSpan.FromHours(12),
    SlidingExpiration = false,
    CookiePath = CookiePath,
    CookieName = "MyCookie"
});

var openIdConnectionOptions = new OpenIdConnectOptions
{
    ClientId = Configuration["OpenIdSettings:ClientId"],
    ClientSecret = Configuration["OpenIdSettings:ClientSecret"],
    Authority = Configuration["OpenIdSettings:Authority"],
    MetadataAddress = $"{Configuration["OpenIdSettings:Authority"]}/.well-known/openid-configuration",
    GetClaimsFromUserInfoEndpoint = true,
    AuthenticationScheme = "oidc",
    SignInScheme = "Cookies",
    ResponseType = OpenIdConnectResponseType.IdToken,
    TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
    {
        // This sets the value of User.Identity.Name to users AD username
        NameClaimType = IdentityClaimTypes.WindowsAccountName,
        RoleClaimType = IdentityClaimTypes.Role,
        AuthenticationType = "Cookies",
        ValidateIssuer = false
    }
};

// Scopes needed by application
openIdConnectionOptions.Scope.Add("openid");
openIdConnectionOptions.Scope.Add("profile");
openIdConnectionOptions.Scope.Add("roles");

app.UseOpenIdConnectAuthentication(openIdConnectionOptions);

Everything I'm reading shows this process has moved to the ConfigureServices method. Here is my new code for Core 2.0

public void ConfigureServices(IServiceCollection services)
{
    ...

    services.AddAuthentication(options =>
    {
        options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
    }).AddCookie(options => new CookieAuthenticationOptions
    {
        //AuthenticationScheme = "Cookies", // Removed in 2.0
        ExpireTimeSpan = TimeSpan.FromHours(12),
        SlidingExpiration = false,
        Cookie = new CookieBuilder
        {
            Path = CookiePath,
            Name = "MyCookie"
        }
    }).AddOpenIdConnect(options => GetOpenIdConnectOptions());

    ...
}

public void Configure(IApplicationBuilder app)
{
    ...
    app.UseAuthentication();
    ...
}
private OpenIdConnectOptions GetOpenIdConnectOptions()
{
        var openIdConnectionOptions = new OpenIdConnectOptions
        {
            ClientId = Configuration["OpenIdSettings:ClientId"],
            ClientSecret = Configuration["OpenIdSettings:ClientSecret"],
            Authority = Configuration["OpenIdSettings:Authority"],
            MetadataAddress = $"{Configuration["OpenIdSettings:Authority"]}/.well-known/openid-configuration",
            GetClaimsFromUserInfoEndpoint = true,
            SignInScheme = "Cookies",
            ResponseType = OpenIdConnectResponseType.IdToken,

            TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
            {
                // This sets the value of User.Identity.Name to users AD username
                NameClaimType = IdentityClaimTypes.WindowsAccountName,
                RoleClaimType = IdentityClaimTypes.Role,
                AuthenticationType = "Cookies",
                ValidateIssuer = false
            }
        };

        // Scopes needed by application
        openIdConnectionOptions.Scope.Add("openid");
        openIdConnectionOptions.Scope.Add("profile");
        openIdConnectionOptions.Scope.Add("roles");

        return openIdConnectionOptions;
    }

I am setting the ClientId (or so I thought) in my GetOpenIdConnectOptions so I am unclear on what ClientId the error is referring to.enter code here

Edit: appsettings.json

"OpenIdSettings": {
  "Authority": "https://myopenidauthenticationendpointurl",
  "ClientId": "myappname",
  "CookiePath":  "mypath"
}

Answer 1

.AddOpenIdConnect(options => GetOpenIdConnectOptions());

Your GetOpenIdConnectOptions() helper returns a new OpenIdConnectOptions instance instead of updating the options object prepared for you by the options => ... delegate.

Fix your method to take an existing OpenIdConnectOptions value and it should work:

services.AddAuthentication()
    .AddOpenIdConnect(options => SetOpenIdConnectOptions(options));

private void SetOpenIdConnectOptions(OpenIdConnectOptions options)
{
    options.ClientId = Configuration["OpenIdSettings:ClientId"];
    options.ClientSecret = Configuration["OpenIdSettings:ClientSecret"];
    options.Authority = Configuration["OpenIdSettings:Authority"];
    options.MetadataAddress = $"{Configuration["OpenIdSettings:Authority"]}/.well-known/openid-configuration";
    options.GetClaimsFromUserInfoEndpoint = true;
    options.SignInScheme = "Cookies";
    options.ResponseType = OpenIdConnectResponseType.IdToken;

    options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
    {
        // This sets the value of User.Identity.Name to users AD username
        NameClaimType = IdentityClaimTypes.WindowsAccountName,
        RoleClaimType = IdentityClaimTypes.Role,
        AuthenticationType = "Cookies",
        ValidateIssuer = false
    };

    // Scopes needed by application
    options.Scope.Add("openid");
    options.Scope.Add("profile");
    options.Scope.Add("roles");
}