Merge pull request 'Added a redirect packet attachment to UI signout process' (#75 ) from payments into master

Reviewed-on: #75
Added a redirect packet attachment to UI signout process
2026-06-04 16:03:06 +02:00 · 2026-06-04 16:02:29 +02:00 · 2026-06-04 14:40:00 +02:00 · 2026-06-04 14:39:14 +02:00 · 2026-06-04 14:09:08 +02:00 · 2026-06-04 14:08:27 +02:00
3 changed files with 63 additions and 8 deletions
@@ -6,9 +6,9 @@ public sealed class AuthentikSettings
    public string? IntrospectionUrl { get; set; }
-    public string? ApiResourceName { get; set; }
+    public string? ClientId { get; set; }
-    public string? ApiResourceSecret { get; set; }
+    public string? ClientSecret { get; set; }
    public string? RequiredClaimName { get; set; }
@@ -9,7 +9,54 @@ public static class Api
    public const string Books = nameof(Books);
    public const string Payments = nameof(Payments);
-    public static IServiceCollection AddAuthentic(this IServiceCollection services, IConfiguration configuration)
+    public static IServiceCollection AddAuthentikUiSecurity(this IServiceCollection services, IConfiguration configuration)
    {
        var configSection = configuration.GetSection(nameof(AuthentikSettings));
        var authOptions = new AuthentikSettings();
        configSection.Bind(authOptions);
        services.Configure<AuthentikSettings>(configSection);
        services.AddAuthentication(options =>
        {
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
        })
        .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
        .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
        {
            options.Authority = authOptions.Authority;
            options.ClientId = authOptions.ClientId;
            options.ClientSecret = authOptions.ClientSecret;
            options.SignedOutCallbackPath = "/signout-callback-oidc";
            options.SignedOutRedirectUri = "/";
            options.ResponseType = "code";
            options.SaveTokens = true;
            options.GetClaimsFromUserInfoEndpoint = true;
            options.Scope.Clear();
            options.Scope.Add("openid");
            options.Scope.Add("profile");
            options.Scope.Add("email");
            options.Events = new OpenIdConnectEvents
            {
                OnRedirectToIdentityProviderForSignOut = context =>
                {
                    context.ProtocolMessage.PostLogoutRedirectUri = context.Properties.RedirectUri;
                    return Task.CompletedTask;
                },
            };
        });
        return services;
    }
    public static IServiceCollection AddAuthentikApiSecurity(this IServiceCollection services, IConfiguration configuration)
    {
        var configSection = configuration.GetSection(nameof(AuthentikSettings));
@@ -23,8 +70,8 @@ public static class Api
            {
                options.Authority = authOptions.Authority;
                options.IntrospectionEndpoint = authOptions.IntrospectionUrl;
-                options.ClientId = authOptions.ApiResourceName;
+                options.ClientId = authOptions.ClientId;
-                options.ClientSecret = authOptions.ApiResourceSecret;
+                options.ClientSecret = authOptions.ClientSecret;
                options.NameClaimType = "sub";
                options.DiscoveryPolicy.RequireHttps = authOptions.RequireHttpsMetadata;
@@ -32,7 +79,14 @@ public static class Api
                options.EnableCaching = false;
            });
-        services.AddAuthorization();
+        if (!string.IsNullOrWhiteSpace(authOptions.RequiredClaimName) && !string.IsNullOrWhiteSpace(authOptions.RequiredClaimNameValue))
        {
            services.AddAuthorizationBuilder()
                .AddPolicy("RequiredScope", policy =>
                    policy.RequireClaim(authOptions.RequiredClaimName, authOptions.RequiredClaimNameValue));
        }
        else
            services.AddAuthorization();
        return services;
    }
@@ -124,5 +178,4 @@ public static class Api
    public static string ToEndpointName(this Type target, string? annotation = "") =>
        $"{target.Name.Replace("Endpoint", string.Empty)}{annotation}".ToLower(CultureInfo.CurrentCulture);
 }
@@ -38,6 +38,8 @@
    <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="10.0.8" />
    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.8" />
    <Using Include="Microsoft.AspNetCore.Authentication.OpenIdConnect"/>
    <Using Include="Microsoft.AspNetCore.Authentication.Cookies"/>
    <Using Include="IdentityModel.AspNetCore.OAuth2Introspection"/>
  </ItemGroup>
Author	SHA1	Message	Date
khwezi	9977cf27b9	Merge pull request 'Added a redirect packet attachment to UI signout process' (#75 ) from payments into master Reviewed-on: #75	2026-06-04 16:03:06 +02:00
Khwezi Mngoma	cf7eed0603	Added a redirect packet attachment to UI signout process continuous-integration/drone/pr Build is passing Details	2026-06-04 16:02:29 +02:00
khwezi	8e9ac1e1ad	Merge pull request 'Added signout functionality for user authentik link' (#74 ) from payments into master Reviewed-on: #74	2026-06-04 14:40:00 +02:00
Khwezi Mngoma	fa79bd8021	Added signout functionality for user authentik link continuous-integration/drone/pr Build is passing Details	2026-06-04 14:39:14 +02:00
khwezi	16dae7c9fb	Merge pull request 'Added UI security' (#73 ) from payments into master Reviewed-on: #73	2026-06-04 14:09:08 +02:00
Khwezi Mngoma	5666ffd474	Added UI security continuous-integration/drone/pr Build is passing Details	2026-06-04 14:08:27 +02:00
khwezi	f8153e86b4	Merge pull request 'Applied required scope policy' (#72 ) from payments into master Reviewed-on: #72	2026-06-04 08:58:03 +02:00
Khwezi Mngoma	eef1096ec5	Applied required scope policy continuous-integration/drone/pr Build is passing Details	2026-06-04 08:57:16 +02:00