Merge pull request 'Simplified login process' (#80) from payments into master

Reviewed-on: #80

LiteCharms.Features/Api/Configuration/AuthentikSettings.cs

@@ -4,7 +4,11 @@ public sealed class AuthentikSettings
 {
     public string? Authority { get; set; }
 
-    public string? IntrospectionUrl { get; set; }
+    public string? IntrospectionEndpoint { get; set; }
+
+    public string? MetadataEndpoint { get; set; }
+
+    public string? RevokationEndpoint { get; set; }
 
     public string? ClientId { get; set; }
 

LiteCharms.Features/Extensions/Api.cs

@@ -27,11 +27,11 @@ public static class Api
         .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
         {
             options.Authority = authOptions.Authority;
+            options.MetadataAddress = authOptions.MetadataEndpoint;
 
             options.ClientId = authOptions.ClientId;
             options.ClientSecret = authOptions.ClientSecret;
             options.SignedOutCallbackPath = "/signout-callback-oidc";
-            options.SignedOutRedirectUri = "/";
 
             options.ResponseType = "code";
             options.SaveTokens = true;
@@ -44,12 +44,15 @@ public static class Api
 
             options.Events = new OpenIdConnectEvents
             {
-                OnRedirectToIdentityProviderForSignOut = context =>
+                OnRedirectToIdentityProvider = context =>
                 {
-                    context.ProtocolMessage.PostLogoutRedirectUri = context.Properties.RedirectUri;
+                    var fallbackUri = context.ProtocolMessage.RedirectUri;
+
+                    if (fallbackUri.StartsWith("http://", StringComparison.OrdinalIgnoreCase))
+                        context.ProtocolMessage.RedirectUri = fallbackUri.Replace("http://", "https://", StringComparison.OrdinalIgnoreCase);
 
                     return Task.CompletedTask;
-                },
+                }
             };
         });
 
@@ -69,7 +72,7 @@ public static class Api
             .AddOAuth2Introspection(OAuth2IntrospectionDefaults.AuthenticationScheme, options =>
             {
                 options.Authority = authOptions.Authority;
-                options.IntrospectionEndpoint = authOptions.IntrospectionUrl;
+                options.IntrospectionEndpoint = authOptions.IntrospectionEndpoint;
                 options.ClientId = authOptions.ClientId;
                 options.ClientSecret = authOptions.ClientSecret;
 
@@ -91,6 +94,31 @@ public static class Api
         return services;
     }
 
+    public static WebApplication AddSecurityEndpoints(this WebApplication app)
+    {
+        app.MapGet("/login", async (HttpContext context, string redirectUri = "/") =>
+        {
+            await context.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties
+            {
+                RedirectUri = redirectUri,                
+            });
+        });
+
+        app.MapGet("/logout", async (HttpContext context, IHttpClientFactory httpClientFactory, IOptions<AuthentikSettings> settings) =>
+        {
+            await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
+
+            string currentBaseUrl = $"https://{context.Request.Host}{context.Request.PathBase}/";
+
+            await context.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties
+            {
+                RedirectUri = currentBaseUrl
+            });
+        });
+
+        return app;
+    }
+
     public static IServiceCollection AddApiServices(this IServiceCollection services, IConfiguration configuration)
     {
         services.AddHttpClient();

LiteCharms.Features/LiteCharms.Features.csproj

@@ -38,6 +38,7 @@
     <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="10.0.8" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.8" />
 
+    <Using Include="Microsoft.AspNetCore.Authentication"/>
     <Using Include="Microsoft.AspNetCore.Authentication.OpenIdConnect"/>
     <Using Include="Microsoft.AspNetCore.Authentication.Cookies"/>
     <Using Include="IdentityModel.AspNetCore.OAuth2Introspection"/>