public static NaosServicesContextOptions AddOidcAuthentication(
this NaosServicesContextOptions naosOptions,
Action <AuthenticationHandlerOptions> options = null,
string section = "naos:authentication:oidc")
{
EnsureArg.IsNotNull(naosOptions, nameof(naosOptions));
var configuration = naosOptions.Context.Configuration.GetSection(section).Get <OidcConfiguration>();
var handlerOptions = new AuthenticationHandlerOptions();
options?.Invoke(handlerOptions);
naosOptions.Context.Services.AddAuthentication(options =>
{
options.DefaultScheme = AuthenticationKeys.CookiesScheme;
options.DefaultChallengeScheme = AuthenticationKeys.OidcScheme;
})
.AddCookie()
.AddOpenIdConnect(options =>
{
options.Authority = configuration.Authority;
options.ClientId = configuration.ClientId;
options.ClientSecret = configuration.ClientSecret;
options.SaveTokens = true;
options.ResponseType = IdentityModel.Protocols.OpenIdConnect.OpenIdConnectResponseType.Code; // configuration.ResponseType;
options.RequireHttpsMetadata = false; // dev only
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.Scope.Add("claims");
options.SaveTokens = true;
//options.Events = new OpenIdConnectEvents
//{
// OnTokenResponseReceived = async ctx =>
// {
// var a = ctx.Principal;
// },
// OnAuthorizationCodeReceived = async ctx =>
// {
// var a = ctx.Principal;
// }
//};
options.TokenValidationParameters = new IdentityModel.Tokens.TokenValidationParameters
{
NameClaimType = "name",
RoleClaimType = "groups",
ValidateIssuer = true
};
});
naosOptions.Context.Services.AddAuthorization();
naosOptions.Context.Messages.Add($"naos services builder: authentication added (type={AspNetCore.Authentication.OpenIdConnect.OpenIdConnectDefaults.AuthenticationScheme})");
naosOptions.Context.Services.AddSingleton(new NaosFeatureInformation {
Name = "Authentication", Description = AspNetCore.Authentication.OpenIdConnect.OpenIdConnectDefaults.AuthenticationScheme, EchoRoute = "naos/authentication/echo"
});
return(naosOptions);
}
public static NaosServicesContextOptions AddEasyAuthentication(
this NaosServicesContextOptions naosOptions,
Action <AuthenticationHandlerOptions> options = null,
string section = "naos:authentication:easyauth")
{
EnsureArg.IsNotNull(naosOptions, nameof(naosOptions));
var configuration = naosOptions.Context.Configuration.GetSection(section).Get <EasyAuthConfiguration>();
var handlerOptions = new AuthenticationHandlerOptions();
options?.Invoke(handlerOptions);
naosOptions.Context.Services
.AddAuthorization()
.AddScoped <IPolicyEvaluator>(sp => new EasyAuthPolicyEvaluator(
sp.GetRequiredService <IAuthorizationService>(),
handlerOptions.Provider.EmptyToNull() ?? configuration.Provider.EmptyToNull() ?? EasyAuthProviders.AzureActiveDirectory))
.AddAuthentication(AuthenticationKeys.EasyAuthScheme)
.AddEasyAuth(options);
naosOptions.Context.Messages.Add($"naos services builder: authentication added (type={AuthenticationKeys.EasyAuthScheme})");
naosOptions.Context.Services.AddSingleton(new NaosFeatureInformation {
Name = "Authentication", Description = "EasyAuth", EchoRoute = "naos/authentication/echo"
});
return(naosOptions);
}
