Merge pull request 'Added cookie policies on AddLiteCharmsWebSecurity' (#125) from dataprotection into master
Reviewed-on: #125
This commit was merged in pull request #125.
This commit is contained in:
@@ -3,9 +3,6 @@ using LiteCharms.Features.Api;
|
|||||||
using LiteCharms.Features.Api.Configuration;
|
using LiteCharms.Features.Api.Configuration;
|
||||||
using LiteCharms.Features.Api.Sdk;
|
using LiteCharms.Features.Api.Sdk;
|
||||||
using LiteCharms.Features.Postgres;
|
using LiteCharms.Features.Postgres;
|
||||||
using Microsoft.AspNetCore.Hosting;
|
|
||||||
using System.Runtime.InteropServices;
|
|
||||||
using System.Security.Cryptography.X509Certificates;
|
|
||||||
|
|
||||||
namespace LiteCharms.Features.Extensions;
|
namespace LiteCharms.Features.Extensions;
|
||||||
|
|
||||||
@@ -75,39 +72,48 @@ public static class Api
|
|||||||
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
|
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
|
||||||
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
|
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
|
||||||
})
|
})
|
||||||
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
|
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
|
||||||
|
{
|
||||||
|
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
|
||||||
|
options.Cookie.SameSite = SameSiteMode.Lax;
|
||||||
|
options.Cookie.Name = "LiteCharmsApp.Session";
|
||||||
|
})
|
||||||
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
|
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
|
||||||
{
|
{
|
||||||
options.Authority = authOptions.Authority;
|
options.Authority = authOptions.Authority;
|
||||||
|
|
||||||
options.ClientId = authOptions.ClientId;
|
options.ClientId = authOptions.ClientId;
|
||||||
options.ClientSecret = authOptions.ClientSecret;
|
options.ClientSecret = authOptions.ClientSecret;
|
||||||
options.ResponseType = "code";
|
options.ResponseType = "code";
|
||||||
|
|
||||||
options.SaveTokens = true;
|
options.SaveTokens = true;
|
||||||
options.GetClaimsFromUserInfoEndpoint = true;
|
options.GetClaimsFromUserInfoEndpoint = true;
|
||||||
|
options.CorrelationCookie.SecurePolicy = CookieSecurePolicy.Always;
|
||||||
|
options.CorrelationCookie.SameSite = SameSiteMode.None;
|
||||||
|
|
||||||
|
options.NonceCookie.SecurePolicy = CookieSecurePolicy.Always;
|
||||||
|
options.NonceCookie.SameSite = SameSiteMode.None;
|
||||||
|
|
||||||
options.ForwardSignOut = CookieAuthenticationDefaults.AuthenticationScheme;
|
options.ForwardSignOut = CookieAuthenticationDefaults.AuthenticationScheme;
|
||||||
|
|
||||||
options.Scope.Clear();
|
options.Scope.Clear();
|
||||||
options.Scope.Add("openid");
|
options.Scope.Add("openid");
|
||||||
options.Scope.Add("profile");
|
options.Scope.Add("profile");
|
||||||
options.Scope.Add("email");
|
options.Scope.Add("email");
|
||||||
|
|
||||||
options.Events = new OpenIdConnectEvents
|
options.Events = new OpenIdConnectEvents
|
||||||
{
|
{
|
||||||
OnRedirectToIdentityProviderForSignOut = context =>
|
OnRedirectToIdentityProviderForSignOut = context =>
|
||||||
{
|
{
|
||||||
var idToken = context.ProtocolMessage.IdTokenHint;
|
var idToken = context.ProtocolMessage.IdTokenHint;
|
||||||
|
|
||||||
if (string.IsNullOrEmpty(idToken))
|
if (string.IsNullOrEmpty(idToken))
|
||||||
{
|
{
|
||||||
var tokens = context.Properties.GetTokens();
|
var tokens = context.Properties.GetTokens();
|
||||||
var idTokenItem = tokens.FirstOrDefault(t => string.Equals(t.Name, "id_token", StringComparison.Ordinal));
|
var idTokenItem = tokens.FirstOrDefault(t => string.Equals(t.Name, "id_token", StringComparison.Ordinal));
|
||||||
|
|
||||||
if (idTokenItem != null) context.ProtocolMessage.IdTokenHint = idTokenItem.Value;
|
if (idTokenItem != null) context.ProtocolMessage.IdTokenHint = idTokenItem.Value;
|
||||||
}
|
}
|
||||||
|
|
||||||
return Task.CompletedTask;
|
return Task.CompletedTask;
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -197,6 +197,7 @@
|
|||||||
<!-- Shared Usings -->
|
<!-- Shared Usings -->
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<Using Include="Microsoft.AspNetCore.DataProtection" />
|
<Using Include="Microsoft.AspNetCore.DataProtection" />
|
||||||
|
<Using Include="System.Security.Cryptography.X509Certificates" />
|
||||||
<Using Include="Microsoft.AspNetCore.Components.Server.ProtectedBrowserStorage" />
|
<Using Include="Microsoft.AspNetCore.Components.Server.ProtectedBrowserStorage" />
|
||||||
<Using Include="System.Text.Json.Serialization" />
|
<Using Include="System.Text.Json.Serialization" />
|
||||||
<Using Include="System.Reflection" />
|
<Using Include="System.Reflection" />
|
||||||
|
|||||||
Reference in New Issue
Block a user