Compare commits
8 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 khwezi
|
8e9ac1e1ad | ||
 Khwezi Mngoma
|
fa79bd8021 | ||
|
khwezi
|
16dae7c9fb | ||
|
Khwezi Mngoma
|
5666ffd474 | ||
|
khwezi
|
f8153e86b4 | ||
|
Khwezi Mngoma
|
eef1096ec5 | ||
|
khwezi
|
84d33d3607 | ||
|
Khwezi Mngoma
|
8f97d7cf38 |
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"FeatureManagement": {
|
||||
"CategorySeederService": true,
|
||||
"CategorySeederService": false,
|
||||
"CustomerSeederService": false,
|
||||
"ProductsSeederService": false
|
||||
},
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
## Authentik Token Request
|
||||
### Authentik Token Request (Service Account Explicit)
|
||||
POST {{authority}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Accept-Encoding: identity
|
||||
|
||||
grant_type={{grantType}}&client_id={{clientId}}&client_secret={{clientSecret}}&username={{username}}&password={{password}}&scope={{scope}}
|
||||
grant_type={{grantType}}&client_id={{clientId}}&username={{username}}&password={{password}}&scope={{scope}}
|
||||
|
||||
@@ -4,9 +4,11 @@ public sealed class AuthentikSettings
|
||||
{
|
||||
public string? Authority { get; set; }
|
||||
|
||||
public string? ApiResourceName { get; set; }
|
||||
public string? IntrospectionUrl { get; set; }
|
||||
|
||||
public string? ApiResourceSecret { get; set; }
|
||||
public string? ClientId { get; set; }
|
||||
|
||||
public string? ClientSecret { get; set; }
|
||||
|
||||
public string? RequiredClaimName { get; set; }
|
||||
|
||||
|
||||
@@ -9,7 +9,44 @@ public static class Api
|
||||
public const string Books = nameof(Books);
|
||||
public const string Payments = nameof(Payments);
|
||||
|
||||
public static IServiceCollection AddAuthentic(this IServiceCollection services, IConfiguration configuration)
|
||||
public static IServiceCollection AddAuthentikUiSecurity(this IServiceCollection services, IConfiguration configuration)
|
||||
{
|
||||
var configSection = configuration.GetSection(nameof(AuthentikSettings));
|
||||
|
||||
var authOptions = new AuthentikSettings();
|
||||
configSection.Bind(authOptions);
|
||||
|
||||
services.Configure<AuthentikSettings>(configSection);
|
||||
|
||||
services.AddAuthentication(options =>
|
||||
{
|
||||
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
|
||||
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
|
||||
})
|
||||
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
|
||||
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
|
||||
{
|
||||
options.Authority = authOptions.Authority;
|
||||
|
||||
options.ClientId = authOptions.ClientId;
|
||||
options.ClientSecret = authOptions.ClientSecret;
|
||||
options.SignedOutCallbackPath = "/signout-callback-oidc";
|
||||
options.SignedOutRedirectUri = "/";
|
||||
|
||||
options.ResponseType = "code";
|
||||
options.SaveTokens = true;
|
||||
options.GetClaimsFromUserInfoEndpoint = true;
|
||||
|
||||
options.Scope.Clear();
|
||||
options.Scope.Add("openid");
|
||||
options.Scope.Add("profile");
|
||||
options.Scope.Add("email");
|
||||
});
|
||||
|
||||
return services;
|
||||
}
|
||||
|
||||
public static IServiceCollection AddAuthentikApiSecurity(this IServiceCollection services, IConfiguration configuration)
|
||||
{
|
||||
var configSection = configuration.GetSection(nameof(AuthentikSettings));
|
||||
|
||||
@@ -22,18 +59,20 @@ public static class Api
|
||||
.AddOAuth2Introspection(OAuth2IntrospectionDefaults.AuthenticationScheme, options =>
|
||||
{
|
||||
options.Authority = authOptions.Authority;
|
||||
options.ClientId = authOptions.ApiResourceName;
|
||||
options.ClientSecret = authOptions.ApiResourceSecret;
|
||||
options.IntrospectionEndpoint = authOptions.IntrospectionUrl;
|
||||
options.ClientId = authOptions.ClientId;
|
||||
options.ClientSecret = authOptions.ClientSecret;
|
||||
|
||||
options.NameClaimType = "sub";
|
||||
options.DiscoveryPolicy.RequireHttps = authOptions.RequireHttpsMetadata;
|
||||
options.DiscoveryPolicy.ValidateEndpoints = false;
|
||||
options.EnableCaching = false;
|
||||
options.CacheDuration = TimeSpan.FromMinutes(10);
|
||||
});
|
||||
|
||||
if (!string.IsNullOrWhiteSpace(authOptions.RequiredClaimName) && !string.IsNullOrWhiteSpace(authOptions.RequiredClaimNameValue))
|
||||
{
|
||||
services.AddAuthorizationBuilder()
|
||||
.AddPolicy("ApiScope", policy =>
|
||||
.AddPolicy("RequiredScope", policy =>
|
||||
policy.RequireClaim(authOptions.RequiredClaimName, authOptions.RequiredClaimNameValue));
|
||||
}
|
||||
else
|
||||
@@ -129,5 +168,4 @@ public static class Api
|
||||
|
||||
public static string ToEndpointName(this Type target, string? annotation = "") =>
|
||||
$"{target.Name.Replace("Endpoint", string.Empty)}{annotation}".ToLower(CultureInfo.CurrentCulture);
|
||||
|
||||
}
|
||||
|
||||
@@ -4,7 +4,7 @@ namespace LiteCharms.Features.Hasher;
|
||||
|
||||
public sealed partial class HashService(IHashids hasher) : IService
|
||||
{
|
||||
[GeneratedRegex(@"\A\b[0-9a-fA-F]+\b\Z")]
|
||||
[GeneratedRegex(@"\A\b[0-9a-fA-F]+\b\Z", RegexOptions.None, matchTimeoutMilliseconds: 100)]
|
||||
private static partial Regex HexHashRegex { get; }
|
||||
|
||||
[GeneratedRegex(@"\A[0-9a-fA-F]{32}\Z", RegexOptions.None, matchTimeoutMilliseconds: 100)]
|
||||
|
||||
@@ -38,6 +38,8 @@
|
||||
<PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="10.0.8" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.8" />
|
||||
|
||||
<Using Include="Microsoft.AspNetCore.Authentication.OpenIdConnect"/>
|
||||
<Using Include="Microsoft.AspNetCore.Authentication.Cookies"/>
|
||||
<Using Include="IdentityModel.AspNetCore.OAuth2Introspection"/>
|
||||
</ItemGroup>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user