public static void AddAuthenticationSettings(this IServiceCollection services, IConfiguration configuration) { ScopePolicies scopePolicies = configuration.GetSection("ScopePolicies").Get <ScopePolicies>(); services.AddScoped <IAuthContext, AuthContext>(); services.AddAuthentication("Bearer") .AddJwtBearer("Bearer", config => { config.Authority = configuration["IdentityURL"]; config.Audience = configuration["ApiName"]; config.RequireHttpsMetadata = false; }); services.AddAuthorization(options => { if (scopePolicies.User != null) { options.AddPolicy(scopePolicies.User.Create, policy => policy.Requirements.Add(new HasScopeRequirement(scopePolicies.User.Create, configuration["IdentityURL"], GrantType.ClientCredentials))); } else if (scopePolicies.Accounts != null && scopePolicies.Accounts.Access == null) { options.AddPolicy(scopePolicies.Accounts.Read, policy => policy.Requirements.Add(new HasScopeRequirement(scopePolicies.Accounts.Read, configuration["IdentityURL"], GrantType.AuthorizationCode))); options.AddPolicy(scopePolicies.Accounts.Write, policy => policy.Requirements.Add(new HasScopeRequirement(scopePolicies.Accounts.Write, configuration["IdentityURL"], GrantType.AuthorizationCode))); options.AddPolicy(scopePolicies.Accounts.Delete, policy => policy.Requirements.Add(new HasScopeRequirement(scopePolicies.Accounts.Delete, configuration["IdentityURL"], GrantType.AuthorizationCode))); } else { options.AddPolicy(scopePolicies.Accounts.Access, policy => policy.Requirements.Add(new HasScopeRequirement(scopePolicies.Accounts.Access, configuration["IdentityURL"], GrantType.AuthorizationCode))); } }); services.AddScoped <IAuthorizationHandler, HasScopeHandler>(); }
public AuthOptions() { ScopePolicies = new ScopePolicies(); }