/// <summary>
/// Extension method to register the authentication services.
/// </summary>
/// <param name="services">IServiceCollection instance.</param>
/// <param name="configuration">IConfiguration instance.</param>
public static void AddGoodReadsAuthentication(
this IServiceCollection services,
IConfiguration configuration)
{
configuration = configuration ?? throw new ArgumentNullException(nameof(configuration));
// This works specifically for single tenant application.
ValidateAuthenticationConfigurationSettings(configuration);
services.AddAuthentication(options => { options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; })
.AddJwtBearer(options =>
{
var azureADOptions = new AzureADOptions();
configuration.Bind("AzureAd", azureADOptions);
options.Authority = $"{azureADOptions.Instance}{azureADOptions.TenantId}/v2.0";
options.TokenValidationParameters = new TokenValidationParameters
{
ValidAudiences = AuthenticationServiceCollectionExtensions.GetValidAudiences(configuration),
ValidIssuers = AuthenticationServiceCollectionExtensions.GetValidIssuers(configuration),
AudienceValidator = AuthenticationServiceCollectionExtensions.AudienceValidator,
};
});
RegisterAuthorizationPolicy(services);
}
/// <summary>
/// Gets a collection of valid issuer.
/// </summary>
/// <param name="configuration">Represents a set of key/value application configuration properties.</param>
/// <returns>A collection of valid issuer.</returns>
private static IEnumerable <string> GetValidIssuers(IConfiguration configuration)
{
var tenantId = configuration[AuthenticationServiceCollectionExtensions.TenantIdConfigurationSettingsKey];
var validIssuers =
AuthenticationServiceCollectionExtensions.GetSettings(
configuration,
AuthenticationServiceCollectionExtensions.ValidIssuersConfigurationSettingsKey);
validIssuers = validIssuers.Select(validIssuer => validIssuer.Replace("TENANT_ID", tenantId, StringComparison.OrdinalIgnoreCase));
return(validIssuers);
}