diff --git a/EstateReportingAPI/Bootstrapper/MiddlewareRegistry.cs b/EstateReportingAPI/Bootstrapper/MiddlewareRegistry.cs index 51d5871..935cff3 100644 --- a/EstateReportingAPI/Bootstrapper/MiddlewareRegistry.cs +++ b/EstateReportingAPI/Bootstrapper/MiddlewareRegistry.cs @@ -1,11 +1,7 @@ using Microsoft.OpenApi; -using OpenIddict.Client; using Shared.Middleware; namespace EstateReportingAPI.Bootstrapper{ - using System.Diagnostics.CodeAnalysis; - using System.Net.Security; - using System.Reflection; using Common; using Lamar; using Microsoft.AspNetCore.Authentication.JwtBearer; @@ -13,8 +9,12 @@ namespace EstateReportingAPI.Bootstrapper{ using Microsoft.IdentityModel.Tokens; using Newtonsoft.Json; using Newtonsoft.Json.Serialization; + using OpenIddict.Validation.AspNetCore; using Shared.General; using Swashbuckle.AspNetCore.Filters; + using System.Diagnostics.CodeAnalysis; + using System.Net.Security; + using System.Reflection; [ExcludeFromCodeCoverage] public class MiddlewareRegistry : ServiceRegistry{ @@ -81,24 +81,35 @@ private void ConfigureSwagger(){ private void ConfigureAuthentication(){ String? inTestMode = Environment.GetEnvironmentVariable("InTestMode"); if (String.Compare(inTestMode, Boolean.TrueString, StringComparison.InvariantCultureIgnoreCase) != 0){ + this.AddAuthentication(options => + { + options.DefaultScheme = OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme; + }); + this.AddOpenIddict() - // Register the OpenIddict client components. - .AddClient(options => { - // Allow grant_type=client_credentials to be negotiated. - options.AllowClientCredentialsFlow(); - - // Disable token storage, which is not necessary for non-interactive flows like - // grant_type=password, grant_type=client_credentials or grant_type=refresh_token. - options.DisableTokenStorage(); - - // Register the System.Net.Http integration and use the identity of the current - // assembly as a more specific user agent, which can be useful when dealing with - // providers that use the user agent as a way to throttle requests (e.g Reddit). - options.UseSystemNetHttp().SetProductInformation(typeof(Program).Assembly); - - // Add a client registration matching the client application definition in the server project. - options.AddRegistration(new OpenIddictClientRegistration { Issuer = new Uri(ConfigurationReader.GetValue("SecurityConfiguration", "Authority"), UriKind.Absolute), ClientId = ConfigurationReader.GetValue("SecurityConfiguration", "ApiName") }); + .AddValidation(options => + { + // Same as your Authority + options.SetIssuer(new Uri(ConfigurationReader.GetValue("SecurityConfiguration", "Authority"))); + + // Enables discovery and HTTP backchannel support + options.UseSystemNetHttp() + .ConfigureHttpClientHandler(handler => + { + // DEV ONLY: bypass all certificate errors + handler.ServerCertificateCustomValidationCallback = + HttpClientHandler.DangerousAcceptAnyServerCertificateValidator; + }); + + // Register the ASP.NET Core integration + options.UseAspNetCore(); + + // Optionally set expected audience(s): + options.AddAudiences(ConfigurationReader.GetValue("SecurityConfiguration", "ApiName")); + }); + + this.AddAuthorization(); } } diff --git a/EstateReportingAPI/EstateReportingAPI.csproj b/EstateReportingAPI/EstateReportingAPI.csproj index 7fa3f81..1da2b45 100644 --- a/EstateReportingAPI/EstateReportingAPI.csproj +++ b/EstateReportingAPI/EstateReportingAPI.csproj @@ -18,7 +18,8 @@ - + +