|
|
|
@ -5,7 +5,6 @@ |
|
|
|
// All rights reserved. Licensed under the MIT license.
|
|
|
|
// ==========================================================================
|
|
|
|
|
|
|
|
using System; |
|
|
|
using IdentityServer4; |
|
|
|
using IdentityServer4.AccessTokenValidation; |
|
|
|
using IdentityServer4.Hosting.LocalApiAuthentication; |
|
|
|
@ -15,7 +14,6 @@ using Microsoft.AspNetCore.Authentication.OpenIdConnect; |
|
|
|
using Microsoft.AspNetCore.Builder; |
|
|
|
using Microsoft.Extensions.Configuration; |
|
|
|
using Microsoft.Extensions.DependencyInjection; |
|
|
|
using Microsoft.Extensions.Options; |
|
|
|
using Squidex.Hosting; |
|
|
|
using Squidex.Web; |
|
|
|
|
|
|
|
@ -41,38 +39,37 @@ namespace Squidex.Config.Authentication |
|
|
|
else |
|
|
|
{ |
|
|
|
authBuilder.AddLocalApi(); |
|
|
|
|
|
|
|
authBuilder.Services.Configure<LocalApiAuthenticationOptions>((c, options) => |
|
|
|
{ |
|
|
|
options.ClaimsIssuer = GetAuthorityUrl(c); |
|
|
|
|
|
|
|
options.ExpectedScope = Constants.ApiScope; |
|
|
|
}); |
|
|
|
authBuilder.Services.AddOptions<LocalApiAuthenticationOptions>() |
|
|
|
.Configure<IUrlGenerator>((options, urlGenerator) => |
|
|
|
{ |
|
|
|
options.ClaimsIssuer = urlGenerator.BuildUrl(Constants.IdentityServerPrefix, false); |
|
|
|
options.ExpectedScope = Constants.ApiScope; |
|
|
|
}); |
|
|
|
} |
|
|
|
|
|
|
|
authBuilder.Services.AddSingleton<IPostConfigureOptions<OpenIdConnectOptions>>(c => new PostConfigureOptions<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options => |
|
|
|
{ |
|
|
|
if (!string.IsNullOrWhiteSpace(identityOptions.AuthorityUrl)) |
|
|
|
{ |
|
|
|
options.Authority = identityOptions.AuthorityUrl; |
|
|
|
} |
|
|
|
else |
|
|
|
authBuilder.AddOpenIdConnect(); |
|
|
|
authBuilder.Services.AddOptions<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme) |
|
|
|
.Configure<IUrlGenerator>((options, urlGenerator) => |
|
|
|
{ |
|
|
|
options.Authority = GetAuthorityUrl(c); |
|
|
|
} |
|
|
|
|
|
|
|
options.ClientId = Constants.InternalClientId; |
|
|
|
options.ClientSecret = Constants.InternalClientSecret; |
|
|
|
options.CallbackPath = "/signin-internal"; |
|
|
|
options.RequireHttpsMetadata = identityOptions.RequiresHttps; |
|
|
|
options.SaveTokens = true; |
|
|
|
options.Scope.Add(Constants.PermissionsScope); |
|
|
|
options.Scope.Add(Constants.ProfileScope); |
|
|
|
options.Scope.Add(Constants.RoleScope); |
|
|
|
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; |
|
|
|
})); |
|
|
|
if (!string.IsNullOrWhiteSpace(identityOptions.AuthorityUrl)) |
|
|
|
{ |
|
|
|
options.Authority = identityOptions.AuthorityUrl; |
|
|
|
} |
|
|
|
else |
|
|
|
{ |
|
|
|
options.Authority = urlGenerator.BuildUrl(Constants.IdentityServerPrefix, false); |
|
|
|
} |
|
|
|
|
|
|
|
authBuilder.AddOpenIdConnect(); |
|
|
|
options.ClientId = Constants.InternalClientId; |
|
|
|
options.ClientSecret = Constants.InternalClientSecret; |
|
|
|
options.CallbackPath = "/signin-internal"; |
|
|
|
options.RequireHttpsMetadata = identityOptions.RequiresHttps; |
|
|
|
options.SaveTokens = true; |
|
|
|
options.Scope.Add(Constants.PermissionsScope); |
|
|
|
options.Scope.Add(Constants.ProfileScope); |
|
|
|
options.Scope.Add(Constants.RoleScope); |
|
|
|
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; |
|
|
|
}); |
|
|
|
|
|
|
|
authBuilder.AddPolicyScheme(Constants.ApiSecurityScheme, Constants.ApiSecurityScheme, options => |
|
|
|
{ |
|
|
|
@ -89,12 +86,5 @@ namespace Squidex.Config.Authentication |
|
|
|
|
|
|
|
return authBuilder; |
|
|
|
} |
|
|
|
|
|
|
|
private static string GetAuthorityUrl(IServiceProvider services) |
|
|
|
{ |
|
|
|
var urlGenerator = services.GetRequiredService<IUrlGenerator>(); |
|
|
|
|
|
|
|
return urlGenerator.BuildUrl(Constants.IdentityServerPrefix, false); |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
Sebastian
5 years ago