diff --git a/README.md b/README.md index cbaad0c..d94445a 100644 --- a/README.md +++ b/README.md @@ -93,4 +93,7 @@ public class Functions ## Change log Adding change log starting with version 3.1.3 -### 3.1.3 \ No newline at end of file +### 3.1.3 +- #### Remove Functions bult-in JwtBearer configuration by default (Breaking change?) + Azure Functions recently [added configuration](https://github.com/Azure/azure-functions-host/pull/9678) for issuer and audience validation for the default authentication flows, not the one supported by this package through `FunctionAuthorizeAttribute`, which interferes with token validation when using our own Bearer scheme token configuration. + In prior versions, this package has functionality to clear Functions built-in configuration, but it was not enabled by default when using `AddJwtBearer(Action configure, bool removeBuiltInConfig = false)`. Since the use of this package is commonly used for custom JWT token, the default value of `removeBuiltInConfig` is now `true`. \ No newline at end of file diff --git a/src/DarkLoop.Azure.Functions.Authorize/Security/FunctionsAuthenticationBuilder.cs b/src/DarkLoop.Azure.Functions.Authorize/Security/FunctionsAuthenticationBuilder.cs index 4cc62eb..89855a7 100644 --- a/src/DarkLoop.Azure.Functions.Authorize/Security/FunctionsAuthenticationBuilder.cs +++ b/src/DarkLoop.Azure.Functions.Authorize/Security/FunctionsAuthenticationBuilder.cs @@ -21,9 +21,10 @@ internal FunctionsAuthenticationBuilder(IServiceCollection services) /// and all HTTP functions are applied the Admin level after a token is validated. /// /// A value indicating whether remove the built-in configuration for JWT. - /// Bearer scheme is still in place, but Admin level is not set incoming requests. + /// Bearer scheme is still in place, but Admin level is not set for incoming requests. + /// When setting this value to true (default) all existing configuration will be removed. /// A instance of the - public FunctionsAuthenticationBuilder AddJwtBearer(bool removeBuiltInConfig = false) + public FunctionsAuthenticationBuilder AddJwtBearer(bool removeBuiltInConfig = true) { return this.AddJwtBearer(delegate { }, removeBuiltInConfig); } @@ -35,18 +36,25 @@ public FunctionsAuthenticationBuilder AddJwtBearer(bool removeBuiltInConfig = fa /// An action configuring the JWT options for authentication. /// When is set to false, it enhances the built-in configuration for the scheme /// A value indicating whether remove the built-in configuration for JWT. - /// Bearer scheme is still in place, but Admin level is not set incoming requests. + /// Bearer scheme is still in place, but Admin level is not set incoming requests. + /// When setting this value to true (default) all existing configuration will be removed. /// A instance of the - public FunctionsAuthenticationBuilder AddJwtBearer(Action configureOptions, bool removeBuiltInConfig = false) + public FunctionsAuthenticationBuilder AddJwtBearer(Action configureOptions, bool removeBuiltInConfig = true) { if(removeBuiltInConfig) { - var descriptor = Services.FirstOrDefault(s => s.ServiceType == typeof(IConfigureOptions)); - var instance = descriptor?.ImplementationInstance as ConfigureNamedOptions; + var descriptors = Services + .Where(s => s.ServiceType == typeof(IConfigureOptions)) + .ToList(); - if (instance?.Name == "Bearer") + foreach (var descriptor in descriptors) { - Services.Remove(descriptor); + var instance = descriptor?.ImplementationInstance as ConfigureNamedOptions; + + if (instance?.Name == "Bearer") + { + Services.Remove(descriptor); + } } }