public static IServiceCollection AddConfiguredAuthentication(
this IServiceCollection services,
OidcOptions oidc
)
{
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
services
.AddScoped <IClaimsTransformation, UserClaimsTransformation>()
.AddAuthentication(options =>
{
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>
{
options.Audience = oidc.Audience;
options.Authority = oidc.Authority;
options.RequireHttpsMetadata = oidc.RequireHttpsMetadata;
})
.AddApiKey(ApiKeyAuthentication.AuthenticationScheme, options => {})
.AddTicketAuthentication(TicketAuthentication.AuthenticationScheme, options => {})
.AddCookie(AppConstants.CookieScheme, opt =>
{
opt.ExpireTimeSpan = new TimeSpan(0, oidc.MksCookieMinutes, 0);
opt.Cookie = new CookieBuilder
{
Name = AppConstants.CookieScheme,
};
opt.Events.OnRedirectToAccessDenied = ctx => {
ctx.HttpContext.Response.StatusCode = StatusCodes.Status403Forbidden;
return(System.Threading.Tasks.Task.CompletedTask);
};
opt.Events.OnRedirectToLogin = ctx => {
ctx.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
return(System.Threading.Tasks.Task.CompletedTask);
};
})
;
return(services);
}
public static IServiceCollection AddSwagger(
this IServiceCollection services,
OidcOptions oidc,
OpenApiOptions openapi
)
{
string xmlDoc = Assembly.GetExecutingAssembly().GetName().Name + ".xml";
services.AddSwaggerGen(options =>
{
options.SwaggerDoc("v1", new OpenApiInfo
{
Title = openapi.ApiName,
Version = "v1",
Description = "API documentation and interaction"
});
options.EnableAnnotations();
#if DEBUG
string[] files = Directory.GetFiles("bin", xmlDoc, SearchOption.AllDirectories);
if (files.Length > 0)
{
options.IncludeXmlComments(files[0]);
}
#else
if (File.Exists(xmlDoc))
{
options.IncludeXmlComments(xmlDoc);
}
#endif
if (!string.IsNullOrEmpty(oidc.Authority))
{
// this displays *all* flows allowed, which is a bit confusing at the ui
// so not adding it at this point
// options.AddSecurityDefinition("oidc", new OpenApiSecurityScheme
// {
// Type = SecuritySchemeType.OpenIdConnect,
// OpenIdConnectUrl = new Uri($"{oidc.Authority}/.well-known/openid-configuration"),
// });
options.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
{
Type = SecuritySchemeType.OAuth2,
Flows = new OpenApiOAuthFlows
{
AuthorizationCode = new OpenApiOAuthFlow
{
AuthorizationUrl = new Uri(
openapi.Client.AuthorizationUrl
?? $"{oidc.Authority}/connect/authorize"
),
TokenUrl = new Uri(
openapi.Client.TokenUrl
?? $"{oidc.Authority}/connect/token"
),
Scopes = new Dictionary <string, string>
{
{ oidc.Audience, "User Access" }
}
}
},
});
options.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference {
Type = ReferenceType.SecurityScheme, Id = "oauth2"
}
},
new[] { oidc.Audience }
}
});
}
});
return(services);
}
