Merge pull request 'payments' (#91) from payments into master

Reviewed-on: #91

LiteCharms.Features/Extensions/Api.cs

@@ -10,7 +10,7 @@ public static class Api
     public const string Books = nameof(Books);
     public const string Payments = nameof(Payments);
 
-    public static IServiceCollection AddLiteCharmsUiSecurity(this IServiceCollection services, IConfiguration configuration)
+    public static IServiceCollection AddLiteCharmsWebSecurity(this IServiceCollection services, IConfiguration configuration)
     {
         var configSection = configuration.GetSection(nameof(LiteCharmsSettings));
 
@@ -27,13 +27,12 @@ public static class Api
         .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
         .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
         {
-            options.Authority = authOptions.Authority;           
+            options.Authority = authOptions.Authority;
 
             options.ClientId = authOptions.ClientId;
             options.ClientSecret = authOptions.ClientSecret;
-            options.SignedOutCallbackPath = "/signout-callback-oidc";
-
             options.ResponseType = "code";
+
             options.SaveTokens = true;
             options.GetClaimsFromUserInfoEndpoint = true;
 
@@ -42,15 +41,27 @@ public static class Api
             options.Scope.Add("profile");
             options.Scope.Add("email");
 
-            options.CorrelationCookie.SecurePolicy = CookieSecurePolicy.Always;
-            options.CorrelationCookie.SameSite = SameSiteMode.None;
-            options.CorrelationCookie.HttpOnly = true;
+            options.Events = new OpenIdConnectEvents
+            {
+                OnRedirectToIdentityProviderForSignOut = context =>
+                {
+                    var idToken = context.ProtocolMessage.IdTokenHint;
 
-            options.NonceCookie.SecurePolicy = CookieSecurePolicy.Always;
-            options.NonceCookie.SameSite = SameSiteMode.None;
-            options.NonceCookie.HttpOnly = true;
+                    if (string.IsNullOrEmpty(idToken))
+                    {
+                        var tokens = context.Properties.GetTokens();
+                        var idTokenItem = tokens.FirstOrDefault(t => string.Equals(t.Name, "id_token", StringComparison.Ordinal));
+
+                        if (idTokenItem != null) context.ProtocolMessage.IdTokenHint = idTokenItem.Value;
+                    }
+
+                    return Task.CompletedTask;
+                },
+            };
         });
 
+        services.AddCascadingAuthenticationState();
+
         return services;
     }
 
@@ -87,19 +98,17 @@ public static class Api
         {
             await context.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties
             {
-                RedirectUri = redirectUri,                
+                RedirectUri = redirectUri,
             });
         });
 
-        app.MapGet("/logout", async (HttpContext context, IHttpClientFactory httpClientFactory, IOptions<LiteCharmsSettings> settings) =>
+        app.MapGet("/logout", async (HttpContext context) =>
         {
             await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
 
-            string currentBaseUrl = $"https://{context.Request.Host}{context.Request.PathBase}/";
-
             await context.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties
             {
-                RedirectUri = currentBaseUrl
+                RedirectUri = "/",
             });
         });