From 3bdf897ac87bb011734a6e0988ed9ff18beafe73 Mon Sep 17 00:00:00 2001
From: Khwezi Mngoma <khwezi@msn.com>
Date: Sat, 16 May 2026 20:12:35 +0200
Subject: [PATCH] Added authentication logic to app

---
 ShopAdmin/Components/Pages/Login.razor | 14 ++++++--
 ShopAdmin/Program.cs                   | 44 +++++++++++++++++++++++++-
 ShopAdmin/ShopAdmin.csproj             |  9 ++++++
 ShopAdmin/appsettings.json             |  3 ++
 4 files changed, 67 insertions(+), 3 deletions(-)

diff --git a/ShopAdmin/Components/Pages/Login.razor b/ShopAdmin/Components/Pages/Login.razor
index 3673380..deec9c9 100644
--- a/ShopAdmin/Components/Pages/Login.razor
+++ b/ShopAdmin/Components/Pages/Login.razor
@@ -1,5 +1,7 @@
 @page "/login"
 @using Microsoft.AspNetCore.Components.Authorization
+@inject NavigationManager Navigation
+@rendermode InteractiveServer
 
 <div class="auth-workspace-canvas">
     <div class="tech-background-matrix">
@@ -67,8 +69,16 @@
     [CascadingParameter]
     private Task<AuthenticationState>? AuthState { get; set; }
 
-    private void HandleLogin()
+    protected override async Task OnInitializedAsync()
     {
-        // Wire up your OAuth / OpenID Connect Redirect or Auth trigger state here
+        if (AuthState is not null)
+        {
+            var state = await AuthState;
+
+            if (state.User.Identity?.IsAuthenticated ?? false) 
+                Navigation.NavigateTo("/", replace: true);
+        }
     }
+
+    private void HandleLogin() => Navigation.NavigateTo("/auth/login", forceLoad: true);
 }
\ No newline at end of file
diff --git a/ShopAdmin/Program.cs b/ShopAdmin/Program.cs
index 821838b..a145f05 100644
--- a/ShopAdmin/Program.cs
+++ b/ShopAdmin/Program.cs
@@ -1,5 +1,6 @@
 using LiteCharms.Features.Extensions;
 using LiteCharms.Features.Mediator;
+using Microsoft.AspNetCore.Authentication;
 using ShopAdmin.Components;
 using static LiteCharms.Features.Email.Extensions.Constants;
 
@@ -8,6 +9,8 @@ var builder = WebApplication.CreateBuilder(args);
 builder.Services.AddRazorComponents()
     .AddInteractiveServerComponents();
 
+builder.Services.AddCascadingAuthenticationState();
+
 builder.AddMonitoring();
 
 builder.Services.AddControllers();
@@ -33,6 +36,37 @@ builder.Services.AddPostgresHealtchCheck();
 builder.Services.AddQuartzHealtchCheck();
 builder.Services.AddHealthChecksSupport(builder.Configuration);
 
+builder.Services.AddAuthentication(options =>
+{
+    options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
+    options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
+})
+.AddCookie()
+.AddOpenIdConnect(options =>
+{
+    options.Authority = builder.Configuration.GetSection("IdKongisa:Authority").Value;
+    options.ClientId = builder.Configuration.GetSection("IdKongisa:ClientId").Value;
+    options.ClientSecret = builder.Configuration.GetSection("IdKongisa:ClientSecret").Value;
+
+    options.ResponseType = "code";
+    options.SaveTokens = true;
+
+    options.GetClaimsFromUserInfoEndpoint = true;
+
+    options.MetadataAddress = $"{options.Authority}/.well-known/openid-configuration";
+
+    options.Scope.Clear();
+    options.Scope.Add("openid");
+    options.Scope.Add("profile");
+    options.Scope.Add("email");
+
+    options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
+    {
+        NameClaimType = "name",
+        RoleClaimType = "groups"
+    };
+});
+
 var app = builder.Build();
 
 var schedulerFactory = app.Services.GetRequiredService<ISchedulerFactory>();
@@ -53,11 +87,19 @@ app.UseHealthChecks("/health", new HealthCheckOptions
 });
 
 app.UseStatusCodePagesWithReExecute("/not-found", createScopeForStatusCodePages: true);
-app.UseHttpsRedirection();
 
+app.UseHttpsRedirection();
 app.UseAntiforgery();
 
+app.UseAuthentication();
+app.UseAuthorization();
+
 app.MapStaticAssets();
+
+app.MapGet("/auth/login", (string redirectUri = "/") =>
+    Results.Challenge(new AuthenticationProperties { RedirectUri = redirectUri },[OpenIdConnectDefaults.AuthenticationScheme]));
+app.MapGet("/auth/logout", () => Results.SignOut(new AuthenticationProperties { RedirectUri = "/" }, [CookieAuthenticationDefaults.AuthenticationScheme, OpenIdConnectDefaults.AuthenticationScheme]));
+
 app.MapRazorComponents<App>()
     .AddInteractiveServerRenderMode();
 
diff --git a/ShopAdmin/ShopAdmin.csproj b/ShopAdmin/ShopAdmin.csproj
index 0eb2409..309dd4e 100644
--- a/ShopAdmin/ShopAdmin.csproj
+++ b/ShopAdmin/ShopAdmin.csproj
@@ -20,6 +20,15 @@
     <PackageReference Include="Polly" Version="8.6.6" />
   </ItemGroup>
 
+  <!-- Authentication-->
+  <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="10.0.8" />
+    
+    <!-- Global Usings -->
+    <Using Include="Microsoft.AspNetCore.Authentication.Cookies"/>
+    <Using Include="Microsoft.AspNetCore.Authentication.OpenIdConnect"/>
+  </ItemGroup>
+
   <!-- UI -->
   <ItemGroup>
     <PackageReference Include="ANM.Blazored.Toast" Version="0.1.1" />
diff --git a/ShopAdmin/appsettings.json b/ShopAdmin/appsettings.json
index 417425d..7eb3aaa 100644
--- a/ShopAdmin/appsettings.json
+++ b/ShopAdmin/appsettings.json
@@ -1,4 +1,7 @@
 {
+  "IdKongisa": {
+    "Authority": "https://id.khongisa.co.za/application/o/litecharms-shopadmin"
+  },
   "Email": {
     "Credentials": {
       "Username": "shop@litecharms.co.za"