public static void AddAuthenticationSettings(this IServiceCollection services, IConfiguration configuration)
{
ScopePolicies scopePolicies = configuration.GetSection("ScopePolicies").Get <ScopePolicies>();
services.AddScoped <IAuthContext, AuthContext>();
services.AddAuthentication("Bearer")
.AddJwtBearer("Bearer", config =>
{
config.Authority = configuration["IdentityURL"];
config.Audience = configuration["ApiName"];
config.RequireHttpsMetadata = false;
});
services.AddAuthorization(options =>
{
if (scopePolicies.User != null)
{
options.AddPolicy(scopePolicies.User.Create, policy => policy.Requirements.Add(new HasScopeRequirement(scopePolicies.User.Create, configuration["IdentityURL"], GrantType.ClientCredentials)));
}
else if (scopePolicies.Accounts != null && scopePolicies.Accounts.Access == null)
{
options.AddPolicy(scopePolicies.Accounts.Read, policy => policy.Requirements.Add(new HasScopeRequirement(scopePolicies.Accounts.Read, configuration["IdentityURL"], GrantType.AuthorizationCode)));
options.AddPolicy(scopePolicies.Accounts.Write, policy => policy.Requirements.Add(new HasScopeRequirement(scopePolicies.Accounts.Write, configuration["IdentityURL"], GrantType.AuthorizationCode)));
options.AddPolicy(scopePolicies.Accounts.Delete, policy => policy.Requirements.Add(new HasScopeRequirement(scopePolicies.Accounts.Delete, configuration["IdentityURL"], GrantType.AuthorizationCode)));
}
else
{
options.AddPolicy(scopePolicies.Accounts.Access, policy => policy.Requirements.Add(new HasScopeRequirement(scopePolicies.Accounts.Access, configuration["IdentityURL"], GrantType.AuthorizationCode)));
}
});
services.AddScoped <IAuthorizationHandler, HasScopeHandler>();
}
public AuthOptions()
{
ScopePolicies = new ScopePolicies();
}
