Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hot Reload Authentication settings #1969

Open
Tracked by #67
aaronburtle opened this issue Jan 12, 2024 · 2 comments
Open
Tracked by #67

Hot Reload Authentication settings #1969

aaronburtle opened this issue Jan 12, 2024 · 2 comments
Assignees
@aaronburtle
Labels
enhancement New feature or request 🔥Hot Reload Tasks related to DAB's Hot Reload feature proposal
Milestone
1.3

Comments

@aaronburtle
Copy link
Contributor

The authorization settings are configured during startup. This means that simply refreshing the RuntimeConfig to reflect saved changes is not enough to update the authorization settings that the service will be using. Instead, those changes that need to be made must be done so in a way that refreshes the settings that were configured during startup.
@aaronburtle aaronburtle added the enhancement New feature or request label Jan 12, 2024
@aaronburtle aaronburtle added this to the 0.12 milestone Jan 12, 2024
@aaronburtle aaronburtle self-assigned this Jan 12, 2024
@aaronburtle aaronburtle mentioned this issue Jan 12, 2024
Open
@seantleonard seantleonard modified the milestones: 0.12, 0.11rc Jan 24, 2024
@seantleonard seantleonard changed the title Hot Reload Authorization settings Hot Reload Authentication settings Jan 24, 2024
@seantleonard seantleonard modified the milestones: 0.11rc, 0.12rc Feb 7, 2024
@seantleonard seantleonard modified the milestones: 0.12rc, 1.2rc Mar 7, 2024
@seantleonard
Copy link
Contributor

Moving this + hot reload related tasks to post GA -> tracking via 1.2rc milestone.

@seantleonard seantleonard added the 🔥Hot Reload Tasks related to DAB's Hot Reload feature proposal label May 14, 2024
@seantleonard
Copy link
Contributor

Startup.cs ConfigureAuthentication() function requires refactoring to fulfill this task.

All possible authentication schemes (JWT, SWA, AppService, Simulator) need to be configured regardless of what contents exist in the runtime configuration.

e.g.

services.AddAuthentication(defaultScheme: EasyAuthType.StaticWebApp)
     .AddJwtBearer(options =>
     {
          options.Property = "<IOptionsMonitor?>"
      });
    .AddEasyAuthAuthentication(easyAuthAuthenticationProvider: EasyAuthType.StaticWebApp)
    .AddEasyAuthAuthentication(easyAuthAuthenticationProvider: EasyAuthType.AppService);
    // condition Simulator auth for development mode ONLY
    .AddSimulatorAuthentication();

Requirements to figure out:

  • AddJwtBearer supports IOptionsMonitor, need to figure out how to signal changes due to hot reload because hot reloading different jwt providers requires refreshing the jwtprovider options.
  • Authenticate requests using the currently configured authentication configuration, this requires modifications the ClientRoleHeaderAuthenticationMiddleware
    public async Task InvokeAsync(HttpContext httpContext)
    {
        // authNResult will be one of:
        // 1. Succeeded - Authenticated
        // 2. Failure - Token issue
        // 3. None - No token provided, no auth result.
        AuthenticateResult authNResult = await httpContext.AuthenticateAsync(); // no param to AuthenticateAsync() uses default authentication scheme (which per above config is set as: services.AddAuthentication(defaultScheme: EasyAuthType.StaticWebApp))

The following method signature should be used instead:
` ``csharp
public static Task AuthenticateAsync(this HttpContext context, string? scheme);

Depending on the configured authentication provider, supply the appropriate scheme to `AuthenticateAsync()`.

@seantleonard seantleonard modified the milestones: 1.2, 1.3 Jun 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aaronburtle aaronburtle

Labels
enhancement New feature or request 🔥Hot Reload Tasks related to DAB's Hot Reload feature proposal
Projects
None yet
Milestone
1.3
Development

No branches or pull requests
2 participants
@seantleonard @aaronburtle