From 0a04abd4a820920c7386a00324b4a69df20d46d8 Mon Sep 17 00:00:00 2001 From: Sebastian Date: Fri, 8 Jan 2021 23:37:24 +0100 Subject: [PATCH] Test other approach. --- .../Authentication/IdentityServerServices.cs | 64 ++++++++----------- 1 file changed, 27 insertions(+), 37 deletions(-) diff --git a/backend/src/Squidex/Config/Authentication/IdentityServerServices.cs b/backend/src/Squidex/Config/Authentication/IdentityServerServices.cs index 56578232c..a0c802d79 100644 --- a/backend/src/Squidex/Config/Authentication/IdentityServerServices.cs +++ b/backend/src/Squidex/Config/Authentication/IdentityServerServices.cs @@ -5,7 +5,6 @@ // All rights reserved. Licensed under the MIT license. // ========================================================================== -using System; using IdentityServer4; using IdentityServer4.AccessTokenValidation; using IdentityServer4.Hosting.LocalApiAuthentication; @@ -15,7 +14,6 @@ using Microsoft.AspNetCore.Authentication.OpenIdConnect; using Microsoft.AspNetCore.Builder; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; -using Microsoft.Extensions.Options; using Squidex.Hosting; using Squidex.Web; @@ -41,38 +39,37 @@ namespace Squidex.Config.Authentication else { authBuilder.AddLocalApi(); - - authBuilder.Services.Configure((c, options) => - { - options.ClaimsIssuer = GetAuthorityUrl(c); - - options.ExpectedScope = Constants.ApiScope; - }); + authBuilder.Services.AddOptions() + .Configure((options, urlGenerator) => + { + options.ClaimsIssuer = urlGenerator.BuildUrl(Constants.IdentityServerPrefix, false); + options.ExpectedScope = Constants.ApiScope; + }); } - authBuilder.Services.AddSingleton>(c => new PostConfigureOptions(OpenIdConnectDefaults.AuthenticationScheme, options => - { - if (!string.IsNullOrWhiteSpace(identityOptions.AuthorityUrl)) - { - options.Authority = identityOptions.AuthorityUrl; - } - else + authBuilder.AddOpenIdConnect(); + authBuilder.Services.AddOptions(OpenIdConnectDefaults.AuthenticationScheme) + .Configure((options, urlGenerator) => { - options.Authority = GetAuthorityUrl(c); - } - - options.ClientId = Constants.InternalClientId; - options.ClientSecret = Constants.InternalClientSecret; - options.CallbackPath = "/signin-internal"; - options.RequireHttpsMetadata = identityOptions.RequiresHttps; - options.SaveTokens = true; - options.Scope.Add(Constants.PermissionsScope); - options.Scope.Add(Constants.ProfileScope); - options.Scope.Add(Constants.RoleScope); - options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; - })); + if (!string.IsNullOrWhiteSpace(identityOptions.AuthorityUrl)) + { + options.Authority = identityOptions.AuthorityUrl; + } + else + { + options.Authority = urlGenerator.BuildUrl(Constants.IdentityServerPrefix, false); + } - authBuilder.AddOpenIdConnect(); + options.ClientId = Constants.InternalClientId; + options.ClientSecret = Constants.InternalClientSecret; + options.CallbackPath = "/signin-internal"; + options.RequireHttpsMetadata = identityOptions.RequiresHttps; + options.SaveTokens = true; + options.Scope.Add(Constants.PermissionsScope); + options.Scope.Add(Constants.ProfileScope); + options.Scope.Add(Constants.RoleScope); + options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; + }); authBuilder.AddPolicyScheme(Constants.ApiSecurityScheme, Constants.ApiSecurityScheme, options => { @@ -89,12 +86,5 @@ namespace Squidex.Config.Authentication return authBuilder; } - - private static string GetAuthorityUrl(IServiceProvider services) - { - var urlGenerator = services.GetRequiredService(); - - return urlGenerator.BuildUrl(Constants.IdentityServerPrefix, false); - } } }