public static IServiceCollection AddConfiguredAuthentication( this IServiceCollection services, OidcOptions oidc ) { JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); services .AddScoped <IClaimsTransformation, UserClaimsTransformation>() .AddAuthentication(options => { options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options => { options.Audience = oidc.Audience; options.Authority = oidc.Authority; options.RequireHttpsMetadata = oidc.RequireHttpsMetadata; }) .AddApiKey(ApiKeyAuthentication.AuthenticationScheme, options => {}) .AddTicketAuthentication(TicketAuthentication.AuthenticationScheme, options => {}) .AddCookie(AppConstants.CookieScheme, opt => { opt.ExpireTimeSpan = new TimeSpan(0, oidc.MksCookieMinutes, 0); opt.Cookie = new CookieBuilder { Name = AppConstants.CookieScheme, }; opt.Events.OnRedirectToAccessDenied = ctx => { ctx.HttpContext.Response.StatusCode = StatusCodes.Status403Forbidden; return(System.Threading.Tasks.Task.CompletedTask); }; opt.Events.OnRedirectToLogin = ctx => { ctx.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized; return(System.Threading.Tasks.Task.CompletedTask); }; }) ; return(services); }
public static IServiceCollection AddSwagger( this IServiceCollection services, OidcOptions oidc, OpenApiOptions openapi ) { string xmlDoc = Assembly.GetExecutingAssembly().GetName().Name + ".xml"; services.AddSwaggerGen(options => { options.SwaggerDoc("v1", new OpenApiInfo { Title = openapi.ApiName, Version = "v1", Description = "API documentation and interaction" }); options.EnableAnnotations(); #if DEBUG string[] files = Directory.GetFiles("bin", xmlDoc, SearchOption.AllDirectories); if (files.Length > 0) { options.IncludeXmlComments(files[0]); } #else if (File.Exists(xmlDoc)) { options.IncludeXmlComments(xmlDoc); } #endif if (!string.IsNullOrEmpty(oidc.Authority)) { // this displays *all* flows allowed, which is a bit confusing at the ui // so not adding it at this point // options.AddSecurityDefinition("oidc", new OpenApiSecurityScheme // { // Type = SecuritySchemeType.OpenIdConnect, // OpenIdConnectUrl = new Uri($"{oidc.Authority}/.well-known/openid-configuration"), // }); options.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme { Type = SecuritySchemeType.OAuth2, Flows = new OpenApiOAuthFlows { AuthorizationCode = new OpenApiOAuthFlow { AuthorizationUrl = new Uri( openapi.Client.AuthorizationUrl ?? $"{oidc.Authority}/connect/authorize" ), TokenUrl = new Uri( openapi.Client.TokenUrl ?? $"{oidc.Authority}/connect/token" ), Scopes = new Dictionary <string, string> { { oidc.Audience, "User Access" } } } }, }); options.AddSecurityRequirement(new OpenApiSecurityRequirement { { new OpenApiSecurityScheme { Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "oauth2" } }, new[] { oidc.Audience } } }); } }); return(services); }