From 051c72d40a26b909cd7fd2a0f6338cd7f99798ae Mon Sep 17 00:00:00 2001 From: ali zaferany Date: Wed, 27 Jul 2022 15:18:47 +0430 Subject: [PATCH] feat: add oauth2 (jwt + introspection) authentication & authorization --- .../QuickstartTemplate.WebApi.csproj | 3 ++ src/QuickstartTemplate.WebApi/Startup.cs | 37 ++++++++++++++++++- .../appsettings.Development.json | 6 +++ .../appsettings.json | 6 +++ 4 files changed, 51 insertions(+), 1 deletion(-) diff --git a/src/QuickstartTemplate.WebApi/QuickstartTemplate.WebApi.csproj b/src/QuickstartTemplate.WebApi/QuickstartTemplate.WebApi.csproj index 92ef4a6a..c96e003f 100644 --- a/src/QuickstartTemplate.WebApi/QuickstartTemplate.WebApi.csproj +++ b/src/QuickstartTemplate.WebApi/QuickstartTemplate.WebApi.csproj @@ -14,6 +14,9 @@ + + + diff --git a/src/QuickstartTemplate.WebApi/Startup.cs b/src/QuickstartTemplate.WebApi/Startup.cs index 05555683..0546b869 100644 --- a/src/QuickstartTemplate.WebApi/Startup.cs +++ b/src/QuickstartTemplate.WebApi/Startup.cs @@ -1,4 +1,4 @@ -using Microsoft.AspNetCore.HttpLogging; +using IdentityModel.AspNetCore.AccessTokenValidation; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.Versioning; using QuickstartTemplate.ApplicationCore; @@ -34,7 +34,41 @@ public void ConfigureServices(IServiceCollection services) o.ReportApiVersions = true; o.ApiVersionReader = new UrlSegmentApiVersionReader(); }); + + services.AddAuthentication("Bearer") + + // JWT tokens (default scheme) + .AddJwtBearer("Bearer", options => + { + _configuration.Bind("Authentication", options); + + options.MapInboundClaims = false; + options.TokenValidationParameters.ValidTypes = new[] { "at+jwt" }; + options.SaveToken = true; + // if token does not contain a dot, it is a reference token + options.ForwardDefaultSelector = Selector.ForwardReferenceToken("Introspection"); + }) + + // reference tokens + .AddOAuth2Introspection("Introspection", options => + { + _configuration.Bind("Authentication", options); + + options.EnableCaching = true; + }); + + services.AddScopeTransformation(); + services.AddAuthorization(options => + { + options.AddPolicy("admin", + policy => policy.RequireScope("QuickstartTemplate:admin")); + options.AddPolicy("read", + policy => policy.RequireScope("QuickstartTemplate:read")); + options.AddPolicy("write", + policy => policy.RequireScope("QuickstartTemplate:write")); + }); + services.AddInfrastructure(); services.AddApplication(); @@ -71,6 +105,7 @@ public void Configure(WebApplication app) //https://josef.codes/asp-net-core-6-http-logging-log-requests-responses/ app.UseHttpLogging(); + app.UseAuthentication(); app.UseAuthorization(); app.MapControllers(); diff --git a/src/QuickstartTemplate.WebApi/appsettings.Development.json b/src/QuickstartTemplate.WebApi/appsettings.Development.json index 9e044bc5..99327be1 100644 --- a/src/QuickstartTemplate.WebApi/appsettings.Development.json +++ b/src/QuickstartTemplate.WebApi/appsettings.Development.json @@ -23,6 +23,12 @@ } ] }, + "Authentication" : { + "Authority" : "https://demo.duendesoftware.com", + "Audience" : "api1", + "ClientId" : "api1", + "ClientSecret" : "secret" + }, "HttpLogging": { "LoggingFields": "None" }, diff --git a/src/QuickstartTemplate.WebApi/appsettings.json b/src/QuickstartTemplate.WebApi/appsettings.json index 9e044bc5..78186191 100644 --- a/src/QuickstartTemplate.WebApi/appsettings.json +++ b/src/QuickstartTemplate.WebApi/appsettings.json @@ -23,6 +23,12 @@ } ] }, + "Authentication" : { + "Authority" : "", + "Audience" : "", + "ClientId" : "", + "ClientSecret" : "" + }, "HttpLogging": { "LoggingFields": "None" },