-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #3 from dahlsailrunner/auth
added authentication with demo identity server
- Loading branch information
Showing
8 changed files
with
153 additions
and
47 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
using IdentityModel.Client; | ||
using Microsoft.Extensions.Options; | ||
using Microsoft.OpenApi.Models; | ||
using Swashbuckle.AspNetCore.SwaggerGen; | ||
|
||
namespace CarvedRock.Api; | ||
|
||
public class SwaggerOptions : IConfigureOptions<SwaggerGenOptions> | ||
{ | ||
private readonly IConfiguration _config; | ||
private readonly ILogger<SwaggerOptions> _logger; | ||
|
||
public SwaggerOptions(IConfiguration config, ILogger<SwaggerOptions> logger) | ||
{ | ||
_config = config; | ||
_logger = logger; | ||
} | ||
|
||
public void Configure(SwaggerGenOptions options) | ||
{ | ||
try | ||
{ | ||
var disco = GetDiscoveryDocument(); | ||
var oauthScopes = new Dictionary<string, string> | ||
{ | ||
{ "api", "Resource access: api" }, | ||
{ "openid", "OpenID information"}, | ||
{ "profile", "User profile information" }, | ||
{ "email", "User email address" } | ||
}; | ||
options.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme | ||
{ | ||
Type = SecuritySchemeType.OAuth2, | ||
Flows = new OpenApiOAuthFlows | ||
{ | ||
AuthorizationCode = new OpenApiOAuthFlow | ||
{ | ||
AuthorizationUrl = new Uri(disco.AuthorizeEndpoint), | ||
TokenUrl = new Uri(disco.TokenEndpoint), | ||
Scopes = oauthScopes | ||
} | ||
} | ||
}); | ||
options.AddSecurityRequirement(new OpenApiSecurityRequirement | ||
{ | ||
{ | ||
new OpenApiSecurityScheme | ||
{ | ||
Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "oauth2" } | ||
}, | ||
oauthScopes.Keys.ToArray() | ||
} | ||
}); | ||
} | ||
catch (Exception ex) | ||
{ | ||
_logger.LogWarning("Error loading discovery document for Swagger UI"); | ||
} | ||
} | ||
|
||
private DiscoveryDocumentResponse GetDiscoveryDocument() | ||
{ | ||
var client = new HttpClient(); | ||
var authority = "https://demo.duendesoftware.com"; | ||
return client.GetDiscoveryDocumentAsync(authority) | ||
.GetAwaiter() | ||
.GetResult(); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,48 +1,50 @@ | ||
using Microsoft.AspNetCore.HttpLogging; | ||
using System.IdentityModel.Tokens.Jwt; | ||
using Microsoft.IdentityModel.Tokens; | ||
|
||
var builder = WebApplication.CreateBuilder(args); | ||
builder.Services.AddHttpLogging(logging => | ||
|
||
JwtSecurityTokenHandler.DefaultMapInboundClaims = false; | ||
builder.Services.AddAuthentication(options => | ||
{ | ||
// https://bit.ly/aspnetcore6-httplogging | ||
logging.LoggingFields = HttpLoggingFields.All; | ||
logging.MediaTypeOptions.AddText("application/javascript"); | ||
logging.RequestBodyLogLimit = 4096; | ||
logging.ResponseBodyLogLimit = 4096; | ||
}); | ||
var path = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData); | ||
builder.Services.AddW3CLogging(opts => { | ||
// https://bit.ly/aspnetcore6-w3clogger | ||
opts.LoggingFields = W3CLoggingFields.All; | ||
opts.FileSizeLimit = 5 * 1024 * 1024; | ||
opts.RetainedFileCountLimit = 2; | ||
opts.FileName = "CarvedRock-W3C-UI"; | ||
opts.LogDirectory = Path.Combine(path, "logs"); | ||
opts.FlushInterval = TimeSpan.FromSeconds(2); | ||
options.DefaultScheme = "Cookies"; | ||
options.DefaultChallengeScheme = "oidc"; | ||
}) | ||
.AddCookie("Cookies") | ||
.AddOpenIdConnect("oidc", options => | ||
{ | ||
options.Authority = "https://demo.duendesoftware.com"; | ||
options.ClientId = "interactive.confidential"; | ||
options.ClientSecret = "secret"; | ||
options.ResponseType = "code"; | ||
options.Scope.Add("openid"); | ||
options.Scope.Add("profile"); | ||
options.Scope.Add("email"); | ||
options.Scope.Add("api"); | ||
options.Scope.Add("offline_access"); | ||
options.GetClaimsFromUserInfoEndpoint = true; | ||
options.TokenValidationParameters = new TokenValidationParameters | ||
{ | ||
NameClaimType = "email" | ||
}; | ||
options.SaveTokens = true; | ||
}); | ||
|
||
// Add services to the container. | ||
builder.Services.AddHttpContextAccessor(); | ||
builder.Services.AddRazorPages(); | ||
builder.Services.AddHttpClient(); | ||
|
||
var app = builder.Build(); | ||
app.UseHttpLogging(); | ||
app.UseW3CLogging(); | ||
|
||
// Configure the HTTP request pipeline. | ||
// if (!app.Environment.IsDevelopment()) | ||
// { | ||
app.UseExceptionHandler("/Error"); | ||
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts. | ||
app.UseHsts(); | ||
//} | ||
app.UseExceptionHandler("/Error"); | ||
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts. | ||
app.UseHsts(); | ||
|
||
app.UseHttpsRedirection(); | ||
app.UseStaticFiles(); | ||
|
||
app.UseRouting(); | ||
|
||
app.UseAuthentication(); | ||
app.UseAuthorization(); | ||
|
||
app.MapRazorPages(); | ||
app.MapRazorPages().RequireAuthorization(); | ||
|
||
app.Run(); |