public static IServiceCollection AddOpenIdConnectBFF(this IServiceCollection services,
IConfiguration config,
string openIdConnectConfigKey = "Security:OpenIdConnect")
{
services.AddAuthentication(options =>
{
options.DefaultScheme = "cookies";
options.DefaultChallengeScheme = "oidc";
})
.AddCookie("cookies", options =>
{
options.Cookie.Name = "bff";
options.Cookie.SameSite = SameSiteMode.Strict;
})
.AddOpenIdConnect("oidc", options =>
{
var settings = new OpenIdConnectSettings();
config.BindSectionOrThrow(openIdConnectConfigKey, settings);
options.Authority = settings.Authority;
options.ClientId = settings.ClientId;
options.ClientSecret = settings.ClientSecret;
options.ResponseType = "code";
options.GetClaimsFromUserInfoEndpoint = true;
options.SaveTokens = true;
options.Scope.Clear();
foreach (var scope in settings.Scope)
{
options.Scope.Add(scope);
}
if (!options.Scope.Contains("openid"))
{
options.Scope.Add("openid");
}
if (!options.Scope.Contains("offline_access"))
{
options.Scope.Add("offline_access");
}
options.TokenValidationParameters = new TokenValidationParameters {
NameClaimType = "name",
RoleClaimType = "role"
};
});
return(services);
}
public static AuthenticationBuilder AddOpenIdConnect(this AuthenticationBuilder builder, IConfiguration config,
string configKey = "Security:OpenIdConnect")
{
var settings = new OpenIdConnectSettings();
config.BindSectionOrThrow(configKey, settings);
builder
.AddOpenIdConnect("oidc",
OpenIdConnectDefaults.DisplayName,
opt => settings.LoadOptions(opt)
);
return(builder);
}
