Feature/identity server public origing to base url (#456)

* Add Tenant specific microsoft authentication * Default no tenant in appsettings * Adding access to graph to authorize reading profile * Configure internal identityserver to use the BaseUrl as the PublicOrigin.
6 years ago · 1dbaeebe7a
3 changed files with 9 additions and 3 deletions
--- a/backend/src/Squidex/Areas/IdentityServer/Config/IdentityServerServices.cs
+++ b/backend/src/Squidex/Areas/IdentityServer/Config/IdentityServerServices.cs
@ -15,6 +15,7 @@ using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.DataProtection.KeyManagement;
 using Microsoft.AspNetCore.DataProtection.Repositories;
 using Microsoft.AspNetCore.Identity;
+using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Options;
 using Squidex.Domain.Users;
@ -26,12 +27,14 @@ namespace Squidex.Areas.IdentityServer.Config
 {
    public static class IdentityServerServices
    {
-        public static void AddSquidexIdentityServer(this IServiceCollection services)
+        public static void AddSquidexIdentityServer(this IServiceCollection services, IConfiguration config)
        {
            X509Certificate2 certificate;

            var assembly = typeof(IdentityServerServices).Assembly;

+            var urlsOptions = config.GetSection("urls").Get<UrlsOptions>();
+
            using (var certificateStream = assembly.GetManifestResourceStream("Squidex.Areas.IdentityServer.Config.Cert.IdentityCert.pfx"))
            {
                var certData = new byte[certificateStream!.Length];
@ -74,6 +77,10 @@ namespace Squidex.Areas.IdentityServer.Config
            services.AddIdentityServer(options =>
                {
                    options.UserInteraction.ErrorUrl = "/error/";
+                    if (!string.IsNullOrWhiteSpace(urlsOptions.BaseUrl))
+                    {
+                        options.PublicOrigin = urlsOptions.BaseUrl;
+                    }
                })
                .AddAspNetIdentity<IdentityUser>()
                .AddInMemoryApiResources(GetApiResources())
--- a/backend/src/Squidex/Config/Authentication/MicrosoftAuthenticationServices.cs
+++ b/backend/src/Squidex/Config/Authentication/MicrosoftAuthenticationServices.cs
@ -27,7 +27,6 @@ namespace Squidex.Config.Authentication
                    if (!string.IsNullOrEmpty(tenantId))
                    {
                        var resource = "https://graph.microsoft.com";
-
                        options.AuthorizationEndpoint = $"https://login.microsoftonline.com/{tenantId}/oauth2/authorize?resource={resource}";
                        options.TokenEndpoint = $"https://login.microsoftonline.com/{tenantId}/oauth2/token?resource={resource}";
                    }
--- a/backend/src/Squidex/Startup.cs
+++ b/backend/src/Squidex/Startup.cs
@ -54,7 +54,7 @@ namespace Squidex
            services.AddSquidexHealthChecks(config);
            services.AddSquidexHistory();
            services.AddSquidexIdentity(config);
-            services.AddSquidexIdentityServer();
+            services.AddSquidexIdentityServer(config);
            services.AddSquidexInfrastructure(config);
            services.AddSquidexMigration(config);
            services.AddSquidexNotifications(config);