diff --git a/src/In.ProjectEKA.OtpService/In.ProjectEKA.OtpService.csproj b/src/In.ProjectEKA.OtpService/In.ProjectEKA.OtpService.csproj
index b363c71..bb5543f 100644
--- a/src/In.ProjectEKA.OtpService/In.ProjectEKA.OtpService.csproj
+++ b/src/In.ProjectEKA.OtpService/In.ProjectEKA.OtpService.csproj
@@ -23,5 +23,6 @@
+
diff --git a/src/In.ProjectEKA.OtpService/Notification/NotificationController.cs b/src/In.ProjectEKA.OtpService/Notification/NotificationController.cs
index 95e6e02..d8d57a4 100644
--- a/src/In.ProjectEKA.OtpService/Notification/NotificationController.cs
+++ b/src/In.ProjectEKA.OtpService/Notification/NotificationController.cs
@@ -2,9 +2,11 @@ namespace In.ProjectEKA.OtpService.Notification
{
using System.Threading.Tasks;
using Common;
+ using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
+ [Authorize]
[Route("/notification")]
[ApiController]
public class NotificationController : Controller
diff --git a/src/In.ProjectEKA.OtpService/Otp/OtpController.cs b/src/In.ProjectEKA.OtpService/Otp/OtpController.cs
index 6b024d9..14e2eb3 100644
--- a/src/In.ProjectEKA.OtpService/Otp/OtpController.cs
+++ b/src/In.ProjectEKA.OtpService/Otp/OtpController.cs
@@ -2,9 +2,11 @@ namespace In.ProjectEKA.OtpService.Otp
{
using System.Threading.Tasks;
using Common;
+ using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
+ [Authorize]
[Route("otp")]
[ApiController]
public class OtpController : Controller
diff --git a/src/In.ProjectEKA.OtpService/Startup.cs b/src/In.ProjectEKA.OtpService/Startup.cs
index 6dfee3d..6f7dd07 100644
--- a/src/In.ProjectEKA.OtpService/Startup.cs
+++ b/src/In.ProjectEKA.OtpService/Startup.cs
@@ -2,8 +2,12 @@ namespace In.ProjectEKA.OtpService
{
using System.Collections.Generic;
using System.Linq;
+ using System.Net.Http;
using System.Text.Json;
+ using System.Threading.Tasks;
using Clients;
+ using Common;
+ using Microsoft.AspNetCore.Authentication.JwtBearer;
using Otp;
using Otp.Model;
using Microsoft.AspNetCore.Builder;
@@ -12,6 +16,7 @@ namespace In.ProjectEKA.OtpService
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
+ using Microsoft.IdentityModel.Tokens;
using Notification;
using Serilog;
@@ -40,20 +45,53 @@ public void ConfigureServices(IServiceCollection services) =>
new OtpSenderFactory(serviceProvider.GetService(),
serviceProvider.GetService(),
Configuration.GetValue("whitelisted:numbers")?.Split(",").ToList()))
+ .AddRouting(options => options.LowercaseUrls = true)
.AddControllers()
.AddNewtonsoftJson(options => { })
.AddJsonOptions(options =>
- options.JsonSerializerOptions.PropertyNamingPolicy = JsonNamingPolicy.CamelCase);
+ options.JsonSerializerOptions.PropertyNamingPolicy = JsonNamingPolicy.CamelCase)
+ .Services.AddAuthentication(options =>
+ {
+ options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+ options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
+ })
+ .AddJwtBearer(options =>
+ {
+ // Need to validate Audience and Issuer properly
+ options.Authority = Configuration.GetValue("authServer:url");
+ options.TokenValidationParameters = new TokenValidationParameters
+ {
+ ValidateIssuerSigningKey = true,
+ ValidateLifetime = true,
+ AudienceValidator = (audiences, token, parameters) => true,
+ IssuerValidator = (issuer, token, parameters) => token.Issuer
+ };
+ options.RequireHttpsMetadata = false;
+ options.IncludeErrorDetails = true;
+ options.Events = new JwtBearerEvents
+ {
+ OnTokenValidated = context =>
+ {
+ const string claimTypeClientId = "clientId";
+ if (!context.Principal.HasClaim(claim => claim.Type == claimTypeClientId))
+ {
+ context.Fail($"Claim {claimTypeClientId} is not present in the token.");
+ }
+ return Task.CompletedTask;
+ }
+ };
+ });
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseRouting()
- .UseAuthorization()
.UseStaticFilesWithYaml()
.UseCustomOpenAPI()
.UseIf(!env.IsDevelopment(), x => x.UseHsts())
.UseIf(env.IsDevelopment(), x => x.UseDeveloperExceptionPage())
.UseSerilogRequestLogging()
+ .UseAuthentication()
+ .UseAuthorization()
.UseEndpoints(endpoints => { endpoints.MapControllers(); });
using var serviceScope = app.ApplicationServices.GetRequiredService().CreateScope();
diff --git a/src/In.ProjectEKA.OtpService/appsettings.json b/src/In.ProjectEKA.OtpService/appsettings.json
index 26125e8..625a629 100644
--- a/src/In.ProjectEKA.OtpService/appsettings.json
+++ b/src/In.ProjectEKA.OtpService/appsettings.json
@@ -28,5 +28,10 @@
"whitelisted": {
"numbers": "+91-9999999999,+91-1111111111,+91-8888888888,+91-7777777777,+91-6666666666"
},
- "expiryInMinutes": 5
+ "expiryInMinutes": 5,
+ "authServer": {
+ "url": "http://localhost:8080",
+ "clientId": "otpservice",
+ "clientSecret": "7c8fc045-7129-484f-ac71-9f67c1d77c1a"
+ }
}