Merge commit '4576b5aa2b6c6034247d3cd136fe15c82d27a6f4'

LiteCharms.Features.MidrandBooks.Seed/LiteCharms.Features.MidrandBooks.Seed.csproj

@@ -11,7 +11,7 @@
   <!-- Quartz Scheduler-->
   <ItemGroup>
     <PackageReference Include="Bogus" Version="35.6.5" />
-    <PackageReference Include="Meziantou.Analyzer" Version="3.0.101">
+    <PackageReference Include="Meziantou.Analyzer" Version="3.0.98">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
@@ -116,8 +116,8 @@
 
   <!-- Amazon S3 SDK -->
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Extensions.NetCore.Setup" Version="4.0.4.4" />
+    <PackageReference Include="AWSSDK.Extensions.NetCore.Setup" Version="4.0.4.3" />
-    <PackageReference Include="AWSSDK.S3" Version="4.0.24.1" />
+    <PackageReference Include="AWSSDK.S3" Version="4.0.24" />
     <ProjectReference Include="..\LiteCharms.Features\LiteCharms.Features.csproj" />
 
     <!-- global Usings -->

LiteCharms.Features.MidrandBooks/LiteCharms.Features.MidrandBooks.csproj

@@ -32,7 +32,7 @@
   <!-- Quartz Scheduler-->
   <ItemGroup>
     <PackageReference Include="Humanizer" Version="3.0.10" />
-    <PackageReference Include="Meziantou.Analyzer" Version="3.0.101">
+    <PackageReference Include="Meziantou.Analyzer" Version="3.0.98">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
@@ -136,8 +136,8 @@
 
   <!-- Amazon S3 SDK -->
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Extensions.NetCore.Setup" Version="4.0.4.4" />
+    <PackageReference Include="AWSSDK.Extensions.NetCore.Setup" Version="4.0.4.3" />
-    <PackageReference Include="AWSSDK.S3" Version="4.0.24.1" />
+    <PackageReference Include="AWSSDK.S3" Version="4.0.24" />
     <ProjectReference Include="..\LiteCharms.Features\LiteCharms.Features.csproj" />
 
     <!-- global Usings -->

LiteCharms.Features.TechShop/LiteCharms.Features.TechShop.csproj

@@ -136,8 +136,8 @@
 
   <!-- Amazon S3 SDK -->
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Extensions.NetCore.Setup" Version="4.0.4.4" />
+    <PackageReference Include="AWSSDK.Extensions.NetCore.Setup" Version="4.0.4.3" />
-    <PackageReference Include="AWSSDK.S3" Version="4.0.24.1" />
+    <PackageReference Include="AWSSDK.S3" Version="4.0.24" />
     <ProjectReference Include="..\LiteCharms.Features\LiteCharms.Features.csproj" />
 
     <!-- global Usings -->

LiteCharms.Features.Tests/http/authentik/app.http

@@ -1,6 +1,6 @@
 ### Authentik Token Request (Service Account Explicit)
-POST {{authority}}/connect/token
+POST {{authority}}
 Content-Type: application/x-www-form-urlencoded
 Accept-Encoding: identity
 
-grant_type={{grantType}}&client_id={{clientId}}&client_secret={{clientSecret}}&scope={{scope}}
+grant_type={{grantType}}&client_id={{clientId}}&username={{username}}&password={{password}}&scope={{scope}}

LiteCharms.Features.Tests/http/litecharms/http-client.env.json

@@ -1,9 +0,0 @@
-{
-  "uat": {
-    "authority": "https://sts.security.khongisa.co.za",
-    "grantType": "client_credentials",
-    "clientId": "midrandbooks-api-scaler-uat",
-    "clientSecret": "secret_0a8dc1f99061590a52b1272db3a1871d2761c79fbd058b2a968911029e4b208a",
-    "scope": "midrandbooks-api"
-  }
-}

LiteCharms.Features/Api/Configuration/AuthentikSettings.cs

@@ -0,0 +1,22 @@
+namespace LiteCharms.Features.Api.Configuration;
+
+public sealed class AuthentikSettings
+{
+    public string? Authority { get; set; }
+
+    public string? IntrospectionEndpoint { get; set; }
+
+    public string? MetadataEndpoint { get; set; }
+
+    public string? RevokationEndpoint { get; set; }
+
+    public string? ClientId { get; set; }
+
+    public string? ClientSecret { get; set; }
+
+    public string? RequiredClaimName { get; set; }
+
+    public string? RequiredClaimNameValue { get; set; }
+
+    public bool RequireHttpsMetadata { get; set; }
+}

LiteCharms.Features/Api/Configuration/LiteCharmsSettings.cs

@@ -1,12 +0,0 @@
-namespace LiteCharms.Features.Api.Configuration;
-
-public sealed class LiteCharmsSettings
-{
-    public string? Authority { get; set; }
-
-    public string? ClientId { get; set; }
-
-    public string? ClientSecret { get; set; }
-
-    public string? Audience { get; set; }
-}

LiteCharms.Features/Extensions/Api.cs

@@ -1,7 +1,6 @@
 using LiteCharms.Features.Abstractions;
 using LiteCharms.Features.Api;
 using LiteCharms.Features.Api.Configuration;
-using Microsoft.AspNetCore.Authentication.JwtBearer;
 
 namespace LiteCharms.Features.Extensions;
 
@@ -10,14 +9,14 @@ public static class Api
     public const string Books = nameof(Books);
     public const string Payments = nameof(Payments);
 
-    public static IServiceCollection AddLiteCharmsWebSecurity(this IServiceCollection services, IConfiguration configuration)
+    public static IServiceCollection AddAuthentikUiSecurity(this IServiceCollection services, IConfiguration configuration)
     {
-        var configSection = configuration.GetSection(nameof(LiteCharmsSettings));
+        var configSection = configuration.GetSection(nameof(AuthentikSettings));
 
-        var authOptions = new LiteCharmsSettings();
+        var authOptions = new AuthentikSettings();
         configSection.Bind(authOptions);
 
-        services.Configure<LiteCharmsSettings>(configSection);
+        services.Configure<AuthentikSettings>(configSection);
 
         services.AddAuthentication(options =>
         {
@@ -27,12 +26,14 @@ public static class Api
         .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
         .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
         {
-            options.Authority = authOptions.Authority;           
+            options.Authority = authOptions.Authority;
+            options.MetadataAddress = authOptions.MetadataEndpoint;
 
             options.ClientId = authOptions.ClientId;
             options.ClientSecret = authOptions.ClientSecret;
-            options.ResponseType = "code";
+            options.SignedOutCallbackPath = "/signout-callback-oidc";
 
+            options.ResponseType = "code";
             options.SaveTokens = true;
             options.GetClaimsFromUserInfoEndpoint = true;
 
@@ -43,16 +44,17 @@ public static class Api
 
             options.Events = new OpenIdConnectEvents
             {
-                OnRedirectToIdentityProviderForSignOut = context =>
+                OnRedirectToIdentityProvider = context =>
                 {
-                    var idToken = context.ProtocolMessage.IdTokenHint;
+                    if (!string.IsNullOrEmpty(context.ProtocolMessage.RedirectUri) && context.ProtocolMessage.RedirectUri.StartsWith("http://", StringComparison.OrdinalIgnoreCase))
-
-                    if (string.IsNullOrEmpty(idToken))
                     {
-                        var tokens = context.Properties.GetTokens();
+                        var uriBuilder = new UriBuilder(context.ProtocolMessage.RedirectUri)
-                        var idTokenItem = tokens.FirstOrDefault(t => string.Equals(t.Name, "id_token", StringComparison.Ordinal));
+                        {
+                            Scheme = "https",
+                            Port = -1,
+                        };
 
-                        if (idTokenItem != null) context.ProtocolMessage.IdTokenHint = idTokenItem.Value;
+                        context.ProtocolMessage.RedirectUri = uriBuilder.Uri.ToString();
                     }
 
                     return Task.CompletedTask;
@@ -60,34 +62,40 @@ public static class Api
             };
         });
 
-        services.AddCascadingAuthenticationState();
-
         return services;
     }
 
-    public static IServiceCollection AddLiteCharmsApiSecurity(this IServiceCollection services, IConfiguration configuration)
+    public static IServiceCollection AddAuthentikApiSecurity(this IServiceCollection services, IConfiguration configuration)
     {
-        var configSection = configuration.GetSection(nameof(LiteCharmsSettings));
+        var configSection = configuration.GetSection(nameof(AuthentikSettings));
 
-        var authOptions = new LiteCharmsSettings();
+        var authOptions = new AuthentikSettings();
         configSection.Bind(authOptions);
 
-        services.Configure<LiteCharmsSettings>(configSection);
+        services.Configure<AuthentikSettings>(configSection);
 
-        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+        services.AddAuthentication(OAuth2IntrospectionDefaults.AuthenticationScheme)
-            .AddJwtBearer(options =>
+            .AddOAuth2Introspection(OAuth2IntrospectionDefaults.AuthenticationScheme, options =>
             {
                 options.Authority = authOptions.Authority;
-                options.Audience = authOptions.Audience;
+                options.IntrospectionEndpoint = authOptions.IntrospectionEndpoint;
-                options.TokenValidationParameters = new TokenValidationParameters
+                options.ClientId = authOptions.ClientId;
-                {
+                options.ClientSecret = authOptions.ClientSecret;
-                    ValidIssuer = authOptions.Authority,
+
-                    ValidateAudience = true,
+                options.NameClaimType = "sub";
-                    ValidateIssuer = true,
+                options.DiscoveryPolicy.RequireHttps = authOptions.RequireHttpsMetadata;
-                };
+                options.DiscoveryPolicy.ValidateEndpoints = false;
+                options.EnableCaching = false;
             });
 
-        services.AddAuthorization();
+        if (!string.IsNullOrWhiteSpace(authOptions.RequiredClaimName) && !string.IsNullOrWhiteSpace(authOptions.RequiredClaimNameValue))
+        {
+            services.AddAuthorizationBuilder()
+                .AddPolicy("RequiredScope", policy =>
+                    policy.RequireClaim(authOptions.RequiredClaimName, authOptions.RequiredClaimNameValue));
+        }
+        else
+            services.AddAuthorization();
 
         return services;
     }
@@ -98,11 +106,11 @@ public static class Api
         {
             await context.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties
             {
-                RedirectUri = redirectUri,
+                RedirectUri = redirectUri,                
             });
         });
 
-        app.MapGet("/logout", async (HttpContext context, IHttpClientFactory httpClientFactory, IOptions<LiteCharmsSettings> settings) =>
+        app.MapGet("/logout", async (HttpContext context, IHttpClientFactory httpClientFactory, IOptions<AuthentikSettings> settings) =>
         {
             await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
 
@@ -110,7 +118,7 @@ public static class Api
 
             await context.SignOutAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties
             {
-                RedirectUri = currentBaseUrl,
+                RedirectUri = currentBaseUrl
             });
         });
 

LiteCharms.Features/LiteCharms.Features.csproj

@@ -38,10 +38,10 @@
     <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="10.0.8" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.8" />
 
-    <Using Include="Microsoft.AspNetCore.Authentication" />
+    <Using Include="Microsoft.AspNetCore.Authentication"/>
-    <Using Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" />
+    <Using Include="Microsoft.AspNetCore.Authentication.OpenIdConnect"/>
-    <Using Include="Microsoft.AspNetCore.Authentication.Cookies" />
+    <Using Include="Microsoft.AspNetCore.Authentication.Cookies"/>
-    <Using Include="IdentityModel.AspNetCore.OAuth2Introspection" />
+    <Using Include="IdentityModel.AspNetCore.OAuth2Introspection"/>
   </ItemGroup>
 
   <!-- API Versioning -->
@@ -67,7 +67,7 @@
   <!-- Quartz Scheduler-->
   <ItemGroup>    
     <PackageReference Include="Hashids.net" Version="1.7.0" />    
-    <PackageReference Include="Meziantou.Analyzer" Version="3.0.101">
+    <PackageReference Include="Meziantou.Analyzer" Version="3.0.98">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>    
@@ -171,8 +171,8 @@
   
   <!-- Amazon S3 SDK -->
   <ItemGroup>
-    <PackageReference Include="AWSSDK.Extensions.NetCore.Setup" Version="4.0.4.4" />
+    <PackageReference Include="AWSSDK.Extensions.NetCore.Setup" Version="4.0.4.3" />
-    <PackageReference Include="AWSSDK.S3" Version="4.0.24.1" />
+    <PackageReference Include="AWSSDK.S3" Version="4.0.24" />
     
     <!-- global Usings -->
     <Using Include="Amazon.S3" />