From ee6f8a283ee1f3ae7b95609cd2a2731a951b03c6 Mon Sep 17 00:00:00 2001 From: Khwezi Mngoma Date: Wed, 3 Jun 2026 17:37:33 +0200 Subject: [PATCH 1/2] Refactored oauth registration --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 75bddf9..ac5d4a4 100644 --- a/.gitignore +++ b/.gitignore @@ -363,3 +363,4 @@ MigrationBackup/ FodyWeavers.xsd /LiteCharms.Features.Tests/http/http-client.env.json /LiteCharms.Features.Tests/http/midrandshop-api/http-client.env.json +/LiteCharms.Features.Tests/http/authentik/http-client.env.json From a50830ffaa5d186477c23d7b19707e6e72ed5668 Mon Sep 17 00:00:00 2001 From: Khwezi Mngoma Date: Wed, 3 Jun 2026 17:37:56 +0200 Subject: [PATCH 2/2] Refactored auth --- .../http/authentik/app.http | 6 ++++++ LiteCharms.Features/Extensions/Api.cs | 21 ++++++++++++------- 2 files changed, 19 insertions(+), 8 deletions(-) create mode 100644 LiteCharms.Features.Tests/http/authentik/app.http diff --git a/LiteCharms.Features.Tests/http/authentik/app.http b/LiteCharms.Features.Tests/http/authentik/app.http new file mode 100644 index 0000000..93b1bc2 --- /dev/null +++ b/LiteCharms.Features.Tests/http/authentik/app.http @@ -0,0 +1,6 @@ +## Authentik Token Request +POST {{authority}} +Content-Type: application/x-www-form-urlencoded +Accept-Encoding: identity + +grant_type={{grantType}}&client_id={{clientId}}&client_secret={{clientSecret}}&username={{username}}&password={{password}}&scope={{scope}} \ No newline at end of file diff --git a/LiteCharms.Features/Extensions/Api.cs b/LiteCharms.Features/Extensions/Api.cs index 8bb3b69..bf73b01 100644 --- a/LiteCharms.Features/Extensions/Api.cs +++ b/LiteCharms.Features/Extensions/Api.cs @@ -11,26 +11,31 @@ public static class Api public static IServiceCollection AddAuthentic(this IServiceCollection services, IConfiguration configuration) { + var configSection = configuration.GetSection(nameof(AuthentikSettings)); + var authOptions = new AuthentikSettings(); + configSection.Bind(authOptions); - configuration.GetSection("Authentik").Bind(authOptions); - - services.Configure(configuration.GetSection(nameof(AuthentikSettings))); + services.Configure(configSection); services.AddAuthentication(OAuth2IntrospectionDefaults.AuthenticationScheme) - .AddOAuth2Introspection(options => + .AddOAuth2Introspection(OAuth2IntrospectionDefaults.AuthenticationScheme, options => { - options.Authority = options.Authority; - options.ClientId = options.ClientId; - options.ClientSecret = options.ClientSecret; + options.Authority = authOptions.Authority; + options.ClientId = authOptions.ApiResourceName; + options.ClientSecret = authOptions.ApiResourceSecret; + options.DiscoveryPolicy.RequireHttps = authOptions.RequireHttpsMetadata; options.EnableCaching = true; options.CacheDuration = TimeSpan.FromMinutes(10); }); if (!string.IsNullOrWhiteSpace(authOptions.RequiredClaimName) && !string.IsNullOrWhiteSpace(authOptions.RequiredClaimNameValue)) - services.AddAuthorizationBuilder().AddPolicy("ApiScope", policy => + { + services.AddAuthorizationBuilder() + .AddPolicy("ApiScope", policy => policy.RequireClaim(authOptions.RequiredClaimName, authOptions.RequiredClaimNameValue)); + } else services.AddAuthorization();