Authorization : AddAuthorization() method do not use the configureOptions parameter #364
Comments
|
This overload shouldn't even exist, actually 😄 |
|
Why shouldn't this overload exist? Its just sugar to add/configure in one line (assuming it was implemented :) |
|
Because it's actually the only Add method in aspnet/Security that accepts a delegate to configure the options 😄 This pattern is fine, but it should be used everywhere or nowhere, for consistency 😄 |
|
If you are talking about AddAuthentication(), that's because its fake, and is only adding other things like DataProtection. All of the other AddXyz follow this pattern. The difference its there is no master AuthenticationOptions to configure. I'm probably going to prototype nuking using IOptions from all of the auth middlewares soon, and having them go back to taking concrete instances in UseGoogle etc... |
|
I guess it could/should be updated to configure SharedAuthenticationOptions, which must currently be configured with the hardly-discoverable generic services.Configure() 😄 There are a few places where Add doesn't take a delegate: https://github.com/aspnet/Session/blob/dev/src/Microsoft.AspNet.Session/SessionServiceCollectionExtensions.cs |
Does that mean we won't be able to use Configure*Authentication anymore? |
|
Yeah those are probably bugs in those repos, I made a pass through to fix these once Yeah AuthOptions will basically no longer go in DI, and only can be configured via UseXyz. |
|
I protest then, because it's a great way to configure per-environment options: https://gist.github.com/PinpointTownes/c2096cd2cbf812f8d500
|
|
I don't think that argument holds much water, since you can just switch to using the ConfigureXyz methods instead and still have something similar |
|
Both ConfigureXyzServices and ConfigureXyz can be per environment today |
|
@HaoK I asked the question around the differents ways to "configure" the Options on stackoverflow: |
Using
You would remove it from the security middleware, but not from the other ones? |
|
Yes, the motivation is mostly around nuking named options. Security middleware (unlike frameworks) doesn't lend itself to the singleton style of options that frameworks use. Many of the other middlewares today aren't actually using IOptions for their options anyways, so this would make everything consistent, and clean up options as well by nuking the whole named complexity that I had to create just to get Security/Identity/Cookies all playing well together... |
|
Understood 😄 Related question: do you have plans for multi-tenant scenarios? (#35). |
|
For once I'll reply with a @blowdart -ism: no plans |
|
@HaoK, that is sad. |
https://github.com/aspnet/Security/blob/dev/src/Microsoft.AspNet.Authorization/ServiceCollectionExtensions.cs#L22
The text was updated successfully, but these errors were encountered: