private static void AddAuth(IServiceCollection services)
{
var authorityServer = Environment.GetEnvironmentVariable("AuthorityServer");
var webClient = Environment.GetEnvironmentVariable("WebClient");
var redirectUri = $"{webClient}{Environment.GetEnvironmentVariable("WebClientRedirectUri")}";
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = IdentityServerAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddOpenIdConnect("oidc", "TPDM IdentityServer", options =>
{
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.SignOutScheme = IdentityServerConstants.SignoutScheme;
options.SaveTokens = true; // idserver
options.Authority = authorityServer;
options.ClientId = "interactive";
options.ClientSecret = "secret";
options.ResponseType = "code id_token token";
options.Scope.Add(IdentityConfig.ApiName);
options.Scope.Add("roles");
options.ClaimActions.MapUniqueJsonKey("role", "role");
options.TokenValidationParameters = new TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "role"
};
}).AddJwtBearer("Bearer", options =>
{
options.Authority = authorityServer; //value from environment variable // API
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false,
RoleClaimType = "role"
};
options.RequireHttpsMetadata = false;
});
services.AddAuthorization(options =>
{
options.AddPolicy("ApiScope", policy =>
{
policy.RequireAuthenticatedUser();
policy.RequireClaim("scope", IdentityConfig.ApiName);
});
});
services.AddCors(options =>
{
// this defines a CORS policy called "default"
options.AddPolicy("default", policy =>
{
policy.WithOrigins(authorityServer, webClient)
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials();
});
});
services.AddIdentity <IdentityUser, IdentityRole>().AddEntityFrameworkStores <EdFiIdentityDbContext>().AddDefaultTokenProviders();;
services.AddIdentityServer()
.AddInMemoryClients(IdentityConfig.GetClient(redirectUri, new List <string> {
authorityServer, webClient
}))
.AddInMemoryIdentityResources(IdentityConfig.IdentityResources)
.AddInMemoryApiScopes(IdentityConfig.ApiScopes)
.AddAspNetIdentity <IdentityUser>()
.AddDeveloperSigningCredential();
services.Configure <DataProtectionTokenProviderOptions>(opt =>
opt.TokenLifespan = TimeSpan.FromHours(Convert.ToDouble(Environment.GetEnvironmentVariable("ForgotPasswordTokenLifeSpanHours")))
);
services.ConfigureApplicationCookie(options =>
{
options.Events.OnRedirectToAccessDenied =
options.Events.OnRedirectToLogin = context =>
{
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
return(Task.FromResult <object>(null));
};
});
}