diff --git a/LiteCharms.Features/Api/Configuration/AuthentikSettings.cs b/LiteCharms.Features/Api/Configuration/AuthentikSettings.cs index 7422294..db03e12 100644 --- a/LiteCharms.Features/Api/Configuration/AuthentikSettings.cs +++ b/LiteCharms.Features/Api/Configuration/AuthentikSettings.cs @@ -4,7 +4,11 @@ public sealed class AuthentikSettings { public string? Authority { get; set; } - public string? IntrospectionUrl { get; set; } + public string? IntrospectionEndpoint { get; set; } + + public string? MetadataEndpoint { get; set; } + + public string? RevokationEndpoint { get; set; } public string? ClientId { get; set; } diff --git a/LiteCharms.Features/Extensions/Api.cs b/LiteCharms.Features/Extensions/Api.cs index 4038d78..bb24786 100644 --- a/LiteCharms.Features/Extensions/Api.cs +++ b/LiteCharms.Features/Extensions/Api.cs @@ -27,11 +27,11 @@ public static class Api .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options => { options.Authority = authOptions.Authority; + options.MetadataAddress = authOptions.MetadataEndpoint; options.ClientId = authOptions.ClientId; options.ClientSecret = authOptions.ClientSecret; options.SignedOutCallbackPath = "/signout-callback-oidc"; - options.SignedOutRedirectUri = "/"; options.ResponseType = "code"; options.SaveTokens = true; @@ -41,16 +41,6 @@ public static class Api options.Scope.Add("openid"); options.Scope.Add("profile"); options.Scope.Add("email"); - - options.Events = new OpenIdConnectEvents - { - OnRedirectToIdentityProviderForSignOut = context => - { - context.ProtocolMessage.PostLogoutRedirectUri = context.Properties.RedirectUri; - - return Task.CompletedTask; - }, - }; }); return services; @@ -69,7 +59,7 @@ public static class Api .AddOAuth2Introspection(OAuth2IntrospectionDefaults.AuthenticationScheme, options => { options.Authority = authOptions.Authority; - options.IntrospectionEndpoint = authOptions.IntrospectionUrl; + options.IntrospectionEndpoint = authOptions.IntrospectionEndpoint; options.ClientId = authOptions.ClientId; options.ClientSecret = authOptions.ClientSecret; @@ -91,6 +81,47 @@ public static class Api return services; } + public static WebApplication AddSecurityEndpoints(this WebApplication app) + { + app.MapGet("/login", async (HttpContext context, string redirectUri = "/") => + { + await context.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties + { + RedirectUri = redirectUri, + }); + }); + + app.MapGet("/logout", async (HttpContext context, IHttpClientFactory httpClientFactory, IOptions settings) => + { + var authOptions = settings.Value; + var accessToken = await context.GetTokenAsync("access_token"); + + if (!string.IsNullOrEmpty(accessToken)) + { + try + { + var client = httpClientFactory.CreateClient(); + + var requestContent = new FormUrlEncodedContent(new Dictionary(StringComparer.Ordinal) + { + { "token", accessToken }, + { "client_id", authOptions.ClientId! }, + { "client_secret", authOptions.ClientSecret! }, + }); + + await client.PostAsync(authOptions.RevokationEndpoint, requestContent, context.RequestAborted); + } + catch { } + } + + await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme); + + return Results.Redirect("/"); + }); + + return app; + } + public static IServiceCollection AddApiServices(this IServiceCollection services, IConfiguration configuration) { services.AddHttpClient(); diff --git a/LiteCharms.Features/LiteCharms.Features.csproj b/LiteCharms.Features/LiteCharms.Features.csproj index 59556f8..49a14d5 100644 --- a/LiteCharms.Features/LiteCharms.Features.csproj +++ b/LiteCharms.Features/LiteCharms.Features.csproj @@ -38,6 +38,7 @@ +