Add support for Alipay certificate signing and openid.

[BuknSS]

I need to call Alipay's "fund expenditure interface", and I have to change the key signature method to the certificate signature method, which will make the current Alipay Provider unavailable, so I refer to the Alipay official SDK code, add some code, just add two certificate-related fields in the request content:

• app_cert_sn
• alipay_root_cert_sn

When options AppCertPath and RootCertPath are configured with the certificate file path, the certificate signing mode will be enabled

Alipay's certificate signature document:

• https://opendocs.alipay.com/common/057k53?pathHash=7b14a0af#%E8%AF%81%E4%B9%A6%E6%96%B9%E5%BC%8F

---

Alipay now only provides open_id to new merchants, without user_id. In this case, the following code will cause an error.

AspNet.Security.OAuth.Providers/src/AspNet.Security.OAuth.Alipay/AlipayAuthenticationHandler.cs

Line 137 in 1aaadb1

identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, mainElement.GetString("user_id")!, ClaimValueTypes.String, Options.ClaimsIssuer));

Alipay's openid document:

• https://opendocs.alipay.com/mini/0ai2i6

Alipay documents are in Chinese, so they need to be translated.

---

Screenshot of network packet capture:

Calling TokenEndpoint

Calling UserInformationEndpoint

[martincostello]

Don't assume that certificates are on the file system - they could (should?) be stored in a secure location, such as the Windows Certificate Manager, or loaded from a remote source such as Azure Key Vault. Take a look at the Apple provider for examples on handling such scenarios.

This example might also help: configuring Sign in With Apple