litecharms/components
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 114 Wiki Activity

Refactored security components #76

Merged
khwezi merged 1 commits from payments into master 2026-06-05 05:44:47 +02:00
Conversation 0 Commits 1 Files Changed 3
+49 -13
3 changed files with 49 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
LiteCharms.Features/Api/Configuration/AuthentikSettings.cs
+5 -1
View File
@@ -4,7 +4,11 @@ public sealed class AuthentikSettings
{
public string? Authority { get; set; }
public string? IntrospectionUrl { get; set; }
public string? IntrospectionEndpoint { get; set; }
public string? MetadataEndpoint { get; set; }
public string? RevokationEndpoint { get; set; }
public string? ClientId { get; set; }
LiteCharms.Features/Extensions/Api.cs
+43 -12
View File
@@ -27,11 +27,11 @@ public static class Api
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.Authority = authOptions.Authority;
options.MetadataAddress = authOptions.MetadataEndpoint;
options.ClientId = authOptions.ClientId;
options.ClientSecret = authOptions.ClientSecret;
options.SignedOutCallbackPath = "/signout-callback-oidc";
options.SignedOutRedirectUri = "/";
options.ResponseType = "code";
options.SaveTokens = true;
@@ -41,16 +41,6 @@ public static class Api
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProviderForSignOut = context =>
{
context.ProtocolMessage.PostLogoutRedirectUri = context.Properties.RedirectUri;
return Task.CompletedTask;
},
};
});
return services;
@@ -69,7 +59,7 @@ public static class Api
.AddOAuth2Introspection(OAuth2IntrospectionDefaults.AuthenticationScheme, options =>
{
options.Authority = authOptions.Authority;
options.IntrospectionEndpoint = authOptions.IntrospectionUrl;
options.IntrospectionEndpoint = authOptions.IntrospectionEndpoint;
options.ClientId = authOptions.ClientId;
options.ClientSecret = authOptions.ClientSecret;
@@ -91,6 +81,47 @@ public static class Api
return services;
}
public static WebApplication AddSecurityEndpoints(this WebApplication app)
{
app.MapGet("/login", async (HttpContext context, string redirectUri = "/") =>
{
await context.ChallengeAsync(OpenIdConnectDefaults.AuthenticationScheme, new AuthenticationProperties
{
RedirectUri = redirectUri,
});
});
app.MapGet("/logout", async (HttpContext context, IHttpClientFactory httpClientFactory, IOptions<AuthentikSettings> settings) =>
{
var authOptions = settings.Value;
var accessToken = await context.GetTokenAsync("access_token");
if (!string.IsNullOrEmpty(accessToken))
{
try
{
var client = httpClientFactory.CreateClient();
var requestContent = new FormUrlEncodedContent(new Dictionary<string, string>(StringComparer.Ordinal)
{
{ "token", accessToken },
{ "client_id", authOptions.ClientId! },
{ "client_secret", authOptions.ClientSecret! },
});
await client.PostAsync(authOptions.RevokationEndpoint, requestContent, context.RequestAborted);
}
catch { }
}
await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
return Results.Redirect("/");
});
return app;
}
public static IServiceCollection AddApiServices(this IServiceCollection services, IConfiguration configuration)
{
services.AddHttpClient();
LiteCharms.Features/LiteCharms.Features.csproj
+1
View File
@@ -38,6 +38,7 @@
<PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="10.0.8" />
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.8" />
<Using Include="Microsoft.AspNetCore.Authentication"/>
<Using Include="Microsoft.AspNetCore.Authentication.OpenIdConnect"/>
<Using Include="Microsoft.AspNetCore.Authentication.Cookies"/>
<Using Include="IdentityModel.AspNetCore.OAuth2Introspection"/>