Merge pull request 'Applied required scope policy' (#72 ) from payments into master

Reviewed-on: #72
Applied required scope policy
2026-06-04 08:58:03 +02:00 · 2026-06-04 08:57:16 +02:00 · 2026-06-04 08:48:15 +02:00 · 2026-06-04 08:47:18 +02:00 · 2026-06-03 17:49:04 +02:00 · 2026-06-03 17:48:38 +02:00
5 changed files with 11 additions and 9 deletions
@@ -1,6 +1,6 @@
 {
  "FeatureManagement": {
-    "CategorySeederService": true,
+    "CategorySeederService": false,
    "CustomerSeederService": false,
    "ProductsSeederService": false
  },
@@ -1,6 +1,6 @@
-## Authentik Token Request
+### Authentik Token Request (Service Account Explicit)
 POST {{authority}}
 Content-Type: application/x-www-form-urlencoded
 Accept-Encoding: identity

-grant_type={{grantType}}&client_id={{clientId}}&client_secret={{clientSecret}}&username={{username}}&password={{password}}&scope={{scope}}
+grant_type={{grantType}}&client_id={{clientId}}&username={{username}}&password={{password}}&scope={{scope}}
@@ -4,6 +4,8 @@ public sealed class AuthentikSettings
 {
    public string? Authority { get; set; }

+    public string? IntrospectionUrl { get; set; }
+
    public string? ApiResourceName { get; set; }

    public string? ApiResourceSecret { get; set; }
@@ -13,6 +15,4 @@ public sealed class AuthentikSettings
    public string? RequiredClaimNameValue { get; set; }

    public bool RequireHttpsMetadata { get; set; }
-
-    public bool BypassSslErrors { get; set; }
 }
@@ -22,18 +22,20 @@ public static class Api
            .AddOAuth2Introspection(OAuth2IntrospectionDefaults.AuthenticationScheme, options =>
            {
                options.Authority = authOptions.Authority;
+                options.IntrospectionEndpoint = authOptions.IntrospectionUrl;
                options.ClientId = authOptions.ApiResourceName;
                options.ClientSecret = authOptions.ApiResourceSecret;

+                options.NameClaimType = "sub";
                options.DiscoveryPolicy.RequireHttps = authOptions.RequireHttpsMetadata;
-                options.EnableCaching = true;
-                options.CacheDuration = TimeSpan.FromMinutes(10);
+                options.DiscoveryPolicy.ValidateEndpoints = false;
+                options.EnableCaching = false;                
            });

        if (!string.IsNullOrWhiteSpace(authOptions.RequiredClaimName) && !string.IsNullOrWhiteSpace(authOptions.RequiredClaimNameValue))
        {
            services.AddAuthorizationBuilder()
-                .AddPolicy("ApiScope", policy =>
+                .AddPolicy("RequiredScope", policy =>
                    policy.RequireClaim(authOptions.RequiredClaimName, authOptions.RequiredClaimNameValue));
        }
        else
@@ -4,7 +4,7 @@ namespace LiteCharms.Features.Hasher;

 public sealed partial class HashService(IHashids hasher) : IService
 {
-    [GeneratedRegex(@"\A\b[0-9a-fA-F]+\b\Z")]
+    [GeneratedRegex(@"\A\b[0-9a-fA-F]+\b\Z", RegexOptions.None, matchTimeoutMilliseconds: 100)]
    private static partial Regex HexHashRegex { get; }

    [GeneratedRegex(@"\A[0-9a-fA-F]{32}\Z", RegexOptions.None, matchTimeoutMilliseconds: 100)]
Author	SHA1	Message	Date
khwezi	f8153e86b4	Merge pull request 'Applied required scope policy' (#72 ) from payments into master Reviewed-on: #72	2026-06-04 08:58:03 +02:00
Khwezi Mngoma	eef1096ec5	Applied required scope policy continuous-integration/drone/pr Build is passing Details	2026-06-04 08:57:16 +02:00
khwezi	84d33d3607	Merge pull request 'Refactored authentication' (#71 ) from payments into master Reviewed-on: #71	2026-06-04 08:48:15 +02:00
Khwezi Mngoma	8f97d7cf38	Refactored authentication continuous-integration/drone/pr Build is passing Details	2026-06-04 08:47:18 +02:00
khwezi	f51cc03327	Merge pull request 'Disabled caching' (#70 ) from payments into master Reviewed-on: #70	2026-06-03 17:49:04 +02:00
Khwezi Mngoma	652ca82a57	Disabled caching continuous-integration/drone/pr Build is passing Details	2026-06-03 17:48:38 +02:00