|
|
|
@ -5,10 +5,14 @@ |
|
|
|
// All rights reserved. Licensed under the MIT license.
|
|
|
|
// ==========================================================================
|
|
|
|
|
|
|
|
using IdentityModel.AspNetCore.OAuth2Introspection; |
|
|
|
using IdentityServer4.AccessTokenValidation; |
|
|
|
using Microsoft.AspNetCore.Authentication; |
|
|
|
using Microsoft.AspNetCore.Authentication.Cookies; |
|
|
|
using Microsoft.AspNetCore.Builder; |
|
|
|
using Microsoft.Extensions.Configuration; |
|
|
|
using Microsoft.Extensions.DependencyInjection; |
|
|
|
using Squidex.Infrastructure; |
|
|
|
using Squidex.Web; |
|
|
|
|
|
|
|
namespace Squidex.Config.Authentication |
|
|
|
@ -17,9 +21,41 @@ namespace Squidex.Config.Authentication |
|
|
|
{ |
|
|
|
public static AuthenticationBuilder AddSquidexIdentityServerAuthentication(this AuthenticationBuilder authBuilder, MyIdentityOptions identityOptions, IConfiguration config) |
|
|
|
{ |
|
|
|
if (!string.IsNullOrWhiteSpace(identityOptions.AuthorityUrl)) |
|
|
|
var apiScope = Constants.ApiScope; |
|
|
|
|
|
|
|
var urlsOptions = config.GetSection("urls").Get<UrlsOptions>(); |
|
|
|
|
|
|
|
if (!string.IsNullOrWhiteSpace(urlsOptions.BaseUrl)) |
|
|
|
{ |
|
|
|
var apiAuthorityUrl = identityOptions.AuthorityUrl; |
|
|
|
string apiAuthorityUrl; |
|
|
|
|
|
|
|
if (!string.IsNullOrWhiteSpace(identityOptions.AuthorityUrl)) |
|
|
|
{ |
|
|
|
apiAuthorityUrl = identityOptions.AuthorityUrl.BuildFullUrl(Constants.IdentityServerPrefix); |
|
|
|
} |
|
|
|
else |
|
|
|
{ |
|
|
|
apiAuthorityUrl = urlsOptions.BuildUrl(Constants.IdentityServerPrefix); |
|
|
|
} |
|
|
|
|
|
|
|
authBuilder.AddIdentityServerAuthentication(options => |
|
|
|
{ |
|
|
|
options.Authority = apiAuthorityUrl; |
|
|
|
options.ApiName = apiScope; |
|
|
|
options.ApiSecret = null; |
|
|
|
options.RequireHttpsMetadata = identityOptions.RequiresHttps; |
|
|
|
options.SupportedTokens = SupportedTokens.Jwt; |
|
|
|
|
|
|
|
var fromHeader = TokenRetrieval.FromAuthorizationHeader(); |
|
|
|
var fromQuery = TokenRetrieval.FromQueryString(); |
|
|
|
|
|
|
|
options.TokenRetriever = request => |
|
|
|
{ |
|
|
|
var result = fromHeader(request) ?? fromQuery(request); |
|
|
|
|
|
|
|
return result; |
|
|
|
}; |
|
|
|
}); |
|
|
|
|
|
|
|
authBuilder.AddOpenIdConnect(options => |
|
|
|
{ |
|
|
|
@ -35,13 +71,11 @@ namespace Squidex.Config.Authentication |
|
|
|
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; |
|
|
|
}); |
|
|
|
} |
|
|
|
else |
|
|
|
|
|
|
|
authBuilder.AddLocalApi(Constants.ApiSecurityScheme, options => |
|
|
|
{ |
|
|
|
authBuilder.AddLocalApi(Constants.ApiSecurityScheme, options => |
|
|
|
{ |
|
|
|
options.ExpectedScope = Constants.ApiScope; |
|
|
|
}); |
|
|
|
} |
|
|
|
options.ExpectedScope = Constants.ApiScope; |
|
|
|
}); |
|
|
|
|
|
|
|
return authBuilder; |
|
|
|
} |
|
|
|
|
Sebastian
6 years ago