diff --git a/LiteCharms.Features/Api/Configuration/AuthentikSettings.cs b/LiteCharms.Features/Api/Configuration/AuthentikSettings.cs index 113d0dd..7422294 100644 --- a/LiteCharms.Features/Api/Configuration/AuthentikSettings.cs +++ b/LiteCharms.Features/Api/Configuration/AuthentikSettings.cs @@ -6,9 +6,9 @@ public sealed class AuthentikSettings public string? IntrospectionUrl { get; set; } - public string? ApiResourceName { get; set; } + public string? ClientId { get; set; } - public string? ApiResourceSecret { get; set; } + public string? ClientSecret { get; set; } public string? RequiredClaimName { get; set; } diff --git a/LiteCharms.Features/Extensions/Api.cs b/LiteCharms.Features/Extensions/Api.cs index 58336d8..1fbfef0 100644 --- a/LiteCharms.Features/Extensions/Api.cs +++ b/LiteCharms.Features/Extensions/Api.cs @@ -9,7 +9,42 @@ public static class Api public const string Books = nameof(Books); public const string Payments = nameof(Payments); - public static IServiceCollection AddAuthentic(this IServiceCollection services, IConfiguration configuration) + public static IServiceCollection AddAuthentikUiSecurity(this IServiceCollection services, IConfiguration configuration) + { + var configSection = configuration.GetSection(nameof(AuthentikSettings)); + + var authOptions = new AuthentikSettings(); + configSection.Bind(authOptions); + + services.Configure(configSection); + + services.AddAuthentication(options => + { + options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; + options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; + }) + .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme) + .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options => + { + options.Authority = authOptions.Authority; + + options.ClientId = authOptions.ClientId; + options.ClientSecret = authOptions.ClientSecret; + + options.ResponseType = "code"; + options.SaveTokens = true; + options.GetClaimsFromUserInfoEndpoint = true; + + options.Scope.Clear(); + options.Scope.Add("openid"); + options.Scope.Add("profile"); + options.Scope.Add("email"); + }); + + return services; + } + + public static IServiceCollection AddAuthentikApiSecurity(this IServiceCollection services, IConfiguration configuration) { var configSection = configuration.GetSection(nameof(AuthentikSettings)); @@ -23,13 +58,13 @@ public static class Api { options.Authority = authOptions.Authority; options.IntrospectionEndpoint = authOptions.IntrospectionUrl; - options.ClientId = authOptions.ApiResourceName; - options.ClientSecret = authOptions.ApiResourceSecret; + options.ClientId = authOptions.ClientId; + options.ClientSecret = authOptions.ClientSecret; options.NameClaimType = "sub"; options.DiscoveryPolicy.RequireHttps = authOptions.RequireHttpsMetadata; options.DiscoveryPolicy.ValidateEndpoints = false; - options.EnableCaching = false; + options.EnableCaching = false; }); if (!string.IsNullOrWhiteSpace(authOptions.RequiredClaimName) && !string.IsNullOrWhiteSpace(authOptions.RequiredClaimNameValue)) @@ -131,5 +166,4 @@ public static class Api public static string ToEndpointName(this Type target, string? annotation = "") => $"{target.Name.Replace("Endpoint", string.Empty)}{annotation}".ToLower(CultureInfo.CurrentCulture); - } diff --git a/LiteCharms.Features/LiteCharms.Features.csproj b/LiteCharms.Features/LiteCharms.Features.csproj index 4379e7c..59556f8 100644 --- a/LiteCharms.Features/LiteCharms.Features.csproj +++ b/LiteCharms.Features/LiteCharms.Features.csproj @@ -38,6 +38,8 @@ + +