OpenIddict

phongnguyend · Dec 29, 2024 · 8f4be10 · 8f4be10
1 parent 8b024c9
commit 8f4be10
Show file tree

Hide file tree

Showing 7 changed files with 41 additions and 31 deletions.
diff --git a/src/ModularMonolith/.helm/modularmonolith/charts/webapi/templates/webapi.deployment.yaml b/src/ModularMonolith/.helm/modularmonolith/charts/webapi/templates/webapi.deployment.yaml
@@ -17,9 +17,9 @@ spec:
     spec:
       containers:
       - env:
-        - name: IdentityServerAuthentication__Authority
+        - name: Authentication__IdentityServer__Authority
           value: http://{{ .Release.Name}}-identityserver
-        - name: IdentityServerAuthentication__RequireHttpsMetadata
+        - name: Authentication__IdentityServer__RequireHttpsMetadata
           value: "false"
         envFrom:
         - configMapRef:

diff --git a/src/ModularMonolith/.k8s/webapi.deployment.yaml b/src/ModularMonolith/.k8s/webapi.deployment.yaml
@@ -17,9 +17,9 @@ spec:
     spec:
       containers:
       - env:
-        - name: IdentityServerAuthentication__Authority
+        - name: Authentication__IdentityServer__Authority
           value: http://identityserver
-        - name: IdentityServerAuthentication__RequireHttpsMetadata
+        - name: Authentication__IdentityServer__RequireHttpsMetadata
           value: "false"
         envFrom:
         - configMapRef:

diff --git a/src/ModularMonolith/ClassifiedAds.WebAPI/ConfigurationOptions/AppSettings.cs b/src/ModularMonolith/ClassifiedAds.WebAPI/ConfigurationOptions/AppSettings.cs
@@ -14,7 +14,7 @@ public class AppSettings
 
     public MonitoringOptions Monitoring { get; set; }
 
-    public IdentityServerAuthentication IdentityServerAuthentication { get; set; }
+    public AuthenticationOptions Authentication { get; set; }
 
     public string AllowedHosts { get; set; }
 

diff --git a/...onOptions/IdentityServerAuthentication.cs → ...igurationOptions/AuthenticationOptions.cs b/...onOptions/IdentityServerAuthentication.cs → ...igurationOptions/AuthenticationOptions.cs
@@ -2,23 +2,30 @@
 
 namespace ClassifiedAds.WebAPI.ConfigurationOptions;
 
-public class IdentityServerAuthentication
+public class AuthenticationOptions
 {
     public string Provider { get; set; }
 
+    public IdentityServerOptions IdentityServer { get; set; }
+
+    public JwtOptions Jwt { get; set; }
+}
+
+public class IdentityServerOptions
+{
     public string Authority { get; set; }
 
-    public string ApiName { get; set; }
+    public string Audience { get; set; }
 
     public bool RequireHttpsMetadata { get; set; }
-
-    public OpenIddictOptions OpenIddict { get; set; }
 }
 
-public class OpenIddictOptions
+public class JwtOptions
 {
     public string IssuerUri { get; set; }
 
+    public string Audience { get; set; }
+
     public CertificateOption TokenDecryptionCertificate { get; set; }
 
     public CertificateOption IssuerSigningCertificate { get; set; }

diff --git a/src/ModularMonolith/ClassifiedAds.WebAPI/Program.cs b/src/ModularMonolith/ClassifiedAds.WebAPI/Program.cs
@@ -101,26 +101,26 @@
 
 services.AddAuthentication(options =>
 {
-    options.DefaultScheme = appSettings.IdentityServerAuthentication.Provider switch
+    options.DefaultScheme = appSettings.Authentication.Provider switch
     {
-        "OpenIddict" => "OpenIddict",
+        "Jwt" => "Jwt",
         _ => JwtBearerDefaults.AuthenticationScheme
     };
 })
 .AddJwtBearer(options =>
 {
-    options.Authority = appSettings.IdentityServerAuthentication.Authority;
-    options.Audience = appSettings.IdentityServerAuthentication.ApiName;
-    options.RequireHttpsMetadata = appSettings.IdentityServerAuthentication.RequireHttpsMetadata;
+    options.Authority = appSettings.Authentication.IdentityServer.Authority;
+    options.Audience = appSettings.Authentication.IdentityServer.Audience;
+    options.RequireHttpsMetadata = appSettings.Authentication.IdentityServer.RequireHttpsMetadata;
 })
-.AddJwtBearer("OpenIddict", options =>
+.AddJwtBearer("Jwt", options =>
 {
     options.TokenValidationParameters = new TokenValidationParameters
     {
-        ValidateAudience = false,
-        ValidIssuer = appSettings.IdentityServerAuthentication.OpenIddict.IssuerUri,
-        TokenDecryptionKey = new X509SecurityKey(appSettings.IdentityServerAuthentication.OpenIddict.TokenDecryptionCertificate.FindCertificate()),
-        IssuerSigningKey = new X509SecurityKey(appSettings.IdentityServerAuthentication.OpenIddict.IssuerSigningCertificate.FindCertificate()),
+        ValidIssuer = appSettings.Authentication.Jwt.IssuerUri,
+        ValidAudience = appSettings.Authentication.Jwt.Audience,
+        TokenDecryptionKey = new X509SecurityKey(appSettings.Authentication.Jwt.TokenDecryptionCertificate.FindCertificate()),
+        IssuerSigningKey = new X509SecurityKey(appSettings.Authentication.Jwt.IssuerSigningCertificate.FindCertificate()),
     };
 });
 
@@ -161,8 +161,8 @@
         {
             AuthorizationCode = new OpenApiOAuthFlow
             {
-                TokenUrl = new Uri(appSettings.IdentityServerAuthentication.Authority + "/connect/token", UriKind.Absolute),
-                AuthorizationUrl = new Uri(appSettings.IdentityServerAuthentication.Authority + "/connect/authorize", UriKind.Absolute),
+                TokenUrl = new Uri(appSettings.Authentication.IdentityServer.Authority + "/connect/token", UriKind.Absolute),
+                AuthorizationUrl = new Uri(appSettings.Authentication.IdentityServer.Authority + "/connect/authorize", UriKind.Absolute),
                 Scopes = new Dictionary<string, string>
                 {
                             { "openid", "OpenId" },
@@ -172,7 +172,7 @@
             },
             ClientCredentials = new OpenApiOAuthFlow
             {
-                TokenUrl = new Uri(appSettings.IdentityServerAuthentication.Authority + "/connect/token", UriKind.Absolute),
+                TokenUrl = new Uri(appSettings.Authentication.IdentityServer.Authority + "/connect/token", UriKind.Absolute),
                 Scopes = new Dictionary<string, string>
                 {
                             { "ClassifiedAds.WebAPI", "ClassifiedAds WebAPI" },

diff --git a/src/ModularMonolith/ClassifiedAds.WebAPI/appsettings.json b/src/ModularMonolith/ClassifiedAds.WebAPI/appsettings.json
@@ -1,11 +1,14 @@
 {
-  "IdentityServerAuthentication": {
-    "Provider": "IdentityServer4",
-    "Authority": "https://localhost:44367",
-    "ApiName": "ClassifiedAds.WebAPI",
-    "RequireHttpsMetadata": "true",
-    "OpenIddict": {
+  "Authentication": {
+    "Provider": "IdentityServer",
+    "IdentityServer": {
+      "Authority": "https://localhost:44367",
+      "Audience": "ClassifiedAds.WebAPI",
+      "RequireHttpsMetadata": "true"
+    },
+    "Jwt": {
       "IssuerUri": "https://localhost:44367/",
+      "Audience": "ClassifiedAds.WebAPI",
       "TokenDecryptionCertificate": {
         "Thumbprint": null,
         "Path": "Certs/classifiedads.identityserver.pfx",

diff --git a/src/ModularMonolith/docker-compose.yml b/src/ModularMonolith/docker-compose.yml
@@ -64,8 +64,8 @@ services:
           - rabbitmq
         environment:
           ASPNETCORE_ENVIRONMENT: ${ASPNETCORE_ENVIRONMENT}
-          IdentityServerAuthentication__Authority: "http://host.docker.internal:9000"
-          IdentityServerAuthentication__RequireHttpsMetadata: "false"
+          Authentication__IdentityServer__Authority: "http://host.docker.internal:9000"
+          Authentication__IdentityServer__RequireHttpsMetadata: "false"
           Modules__AuditLog__ConnectionStrings__Default: ${Modules__AuditLog__ConnectionStrings__Default}
           Modules__Configuration__ConnectionStrings__Default: ${Modules__Configuration__ConnectionStrings__Default}
           Modules__Identity__ConnectionStrings__Default: ${Modules__Identity__ConnectionStrings__Default}