Adding authentication to otp service

src/In.ProjectEKA.OtpService/In.ProjectEKA.OtpService.csproj

@@ -23,5 +23,6 @@
         <PackageReference Include="Serilog.AspNetCore" Version="3.2.0" />
         <PackageReference Include="Serilog.Settings.AppSettings" Version="2.2.2" />
         <PackageReference Include="Serilog.Settings.Configuration" Version="3.1.1-dev-00224" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="3.1.3" />
     </ItemGroup>
 </Project>

src/In.ProjectEKA.OtpService/Notification/NotificationController.cs

@@ -2,9 +2,11 @@ namespace In.ProjectEKA.OtpService.Notification
 {
     using System.Threading.Tasks;
     using Common;
+    using Microsoft.AspNetCore.Authorization;
     using Microsoft.AspNetCore.Http;
     using Microsoft.AspNetCore.Mvc;
 
+    [Authorize]
     [Route("/notification")]
     [ApiController]
     public class NotificationController : Controller

src/In.ProjectEKA.OtpService/Otp/OtpController.cs

@@ -2,9 +2,11 @@ namespace In.ProjectEKA.OtpService.Otp
 {
     using System.Threading.Tasks;
     using Common;
+    using Microsoft.AspNetCore.Authorization;
     using Microsoft.AspNetCore.Http;
     using Microsoft.AspNetCore.Mvc;
 
+    [Authorize]
     [Route("otp")]
     [ApiController]
     public class OtpController : Controller

src/In.ProjectEKA.OtpService/Startup.cs

@@ -2,8 +2,12 @@ namespace In.ProjectEKA.OtpService
 {
     using System.Collections.Generic;
     using System.Linq;
+    using System.Net.Http;
     using System.Text.Json;
+    using System.Threading.Tasks;
     using Clients;
+    using Common;
+    using Microsoft.AspNetCore.Authentication.JwtBearer;
     using Otp;
     using Otp.Model;
     using Microsoft.AspNetCore.Builder;
@@ -12,6 +16,7 @@ namespace In.ProjectEKA.OtpService
     using Microsoft.Extensions.Configuration;
     using Microsoft.Extensions.DependencyInjection;
     using Microsoft.Extensions.Hosting;
+    using Microsoft.IdentityModel.Tokens;
     using Notification;
     using Serilog;
 
@@ -40,20 +45,53 @@ public void ConfigureServices(IServiceCollection services) =>
                     new OtpSenderFactory(serviceProvider.GetService<OtpSender>(),
                         serviceProvider.GetService<FakeOtpSender>(),
                         Configuration.GetValue<string>("whitelisted:numbers")?.Split(",").ToList()))
+                .AddRouting(options => options.LowercaseUrls = true)
                 .AddControllers()
                 .AddNewtonsoftJson(options => { })
                 .AddJsonOptions(options =>
-                    options.JsonSerializerOptions.PropertyNamingPolicy = JsonNamingPolicy.CamelCase);
+                    options.JsonSerializerOptions.PropertyNamingPolicy = JsonNamingPolicy.CamelCase)
+                .Services.AddAuthentication(options =>
+                {
+                    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+                    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
+                })
+                .AddJwtBearer(options =>
+                {
+                    // Need to validate Audience and Issuer properly
+                    options.Authority = Configuration.GetValue<string>("authServer:url");
+                    options.TokenValidationParameters = new TokenValidationParameters
+                    {
+                        ValidateIssuerSigningKey = true,
+                        ValidateLifetime = true,
+                        AudienceValidator = (audiences, token, parameters) => true,
+                        IssuerValidator = (issuer, token, parameters) => token.Issuer
+                    };
+                    options.RequireHttpsMetadata = false;
+                    options.IncludeErrorDetails = true;
+                    options.Events = new JwtBearerEvents
+                    {
+                        OnTokenValidated = context =>
+                        {
+                            const string claimTypeClientId = "clientId";
+                            if (!context.Principal.HasClaim(claim => claim.Type == claimTypeClientId))
+                            {
+                                context.Fail($"Claim {claimTypeClientId} is not present in the token.");
+                            }
+                            return Task.CompletedTask;
+                        }
+                    };
+                });
 
         public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
         {
             app.UseRouting()
-                .UseAuthorization()
                 .UseStaticFilesWithYaml()
                 .UseCustomOpenAPI()
                 .UseIf(!env.IsDevelopment(), x => x.UseHsts())
                 .UseIf(env.IsDevelopment(), x => x.UseDeveloperExceptionPage())
                 .UseSerilogRequestLogging()
+                .UseAuthentication()
+                .UseAuthorization()
                 .UseEndpoints(endpoints => { endpoints.MapControllers(); });
 
             using var serviceScope = app.ApplicationServices.GetRequiredService<IServiceScopeFactory>().CreateScope();

src/In.ProjectEKA.OtpService/appsettings.json

@@ -28,5 +28,10 @@
   "whitelisted": {
     "numbers": "+91-9999999999,+91-1111111111,+91-8888888888,+91-7777777777,+91-6666666666"
   },
-  "expiryInMinutes": 5
+  "expiryInMinutes": 5,
+  "authServer": {
+    "url": "http://localhost:8080",
+    "clientId": "otpservice",
+    "clientSecret": "7c8fc045-7129-484f-ac71-9f67c1d77c1a"
+  }
 }