public static AuthenticationBuilder AddHelseIdJwtBearer(this AuthenticationBuilder authenticationBuilder,
IHelseIdApiKonfigurasjon configAuth)
{
var builder = authenticationBuilder.AddJwtBearer(
options =>
{
options.Authority = configAuth.Authority;
options.Audience = configAuth.ApiName;
options.RequireHttpsMetadata = true;
options.SaveToken = true;
options.RefreshOnIssuerKeyNotFound = true;
options.TokenValidationParameters = new TokenValidationParameters
{
RequireSignedTokens = true,
RequireAudience = true,
RequireExpirationTime = true,
ValidateIssuer = true,
ValidateIssuerSigningKey = true,
ValidateAudience = true,
ValidateLifetime = true,
};
}
);
return(builder);
}
public static void AddHelseIdAuthorization(this IServiceCollection services, IHelseIdApiKonfigurasjon configAuth)
{
services.AddAuthorization(
config =>
{
var authenticatedHidUserPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
var apiAccessPolicy = new AuthorizationPolicyBuilder()
.Combine(authenticatedHidUserPolicy)
.RequireScope(configAuth.ApiScope)
.Build();
config.DefaultPolicy = apiAccessPolicy;
config.AddPolicy(Policies.HidAuthenticated, authenticatedHidUserPolicy);
config.AddPolicy(Policies.ApiAccess, apiAccessPolicy);
}
);
}
public static void ConfigureHelseIdApiAuthentication(this IServiceCollection services,
IHelseIdApiKonfigurasjon config, IConfigurationSection configAuthSection)
{
services.AddHttpContextAccessor();
services.AddSingleton <IAutentiseringkonfigurasjon>(config);
if (config.AuthUse)
{
services.AddOptions <HelseIdOptions>()
.Bind(configAuthSection)
.ValidateDataAnnotations();
services.AddScoped <ICurrentUser, CurrentHttpUser>();
services.AddScoped <IAccessTokenProvider, HttpContextAccessTokenProvider>();
services
.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddHelseIdJwtBearer(config);
services.AddHelseIdAuthorization(config);
}
}