tsai
/
squidex
mirror of https://github.com/Squidex/squidex.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Headless CMS and Content Managment Hub
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4771 Commits
10 Branches
150 Tags
122 MiB
 
 
 
 
 
Tree: 2968bb87e1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2968bb87e1'
${ noResults }
squidex/backend/src/Squidex/Config/Authentication/IdentityServerServices.cs

80 lines
3.5 KiB
Raw Blame History

// ==========================================================================
// Squidex Headless CMS
// ==========================================================================
// Copyright (c) Squidex UG (haftungsbeschraenkt)
// All rights reserved. Licensed under the MIT license.
// ==========================================================================
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using OpenIddict.Validation.AspNetCore;
using Squidex.Hosting;
using Squidex.Web;
using static OpenIddict.Abstractions.OpenIddictConstants;
namespace Squidex.Config.Authentication
{
public static class IdentityServerServices
{
public static AuthenticationBuilder AddSquidexIdentityServerAuthentication(this AuthenticationBuilder authBuilder, MyIdentityOptions identityOptions, IConfiguration config)
{
var useCustomAuthorityUrl = !string.IsNullOrWhiteSpace(identityOptions.AuthorityUrl);
if (useCustomAuthorityUrl)
{
const string ExternalIdentityServerSchema = nameof(ExternalIdentityServerSchema);
authBuilder.AddOpenIdConnect(ExternalIdentityServerSchema, options =>
{
options.Authority = identityOptions.AuthorityUrl;
options.Scope.Add(Scopes.Email);
options.Scope.Add(Scopes.Profile);
options.Scope.Add(Constants.ScopePermissions);
options.Scope.Add(Constants.ScopeApi);
});
authBuilder.AddPolicyScheme(Constants.ApiSecurityScheme, Constants.ApiSecurityScheme, options =>
{
options.ForwardDefaultSelector = context => ExternalIdentityServerSchema;
});
}
else
{
authBuilder.AddPolicyScheme(Constants.ApiSecurityScheme, Constants.ApiSecurityScheme, options =>
{
options.ForwardDefaultSelector = _ => OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme;
});
}
authBuilder.AddOpenIdConnect();
authBuilder.Services.AddOptions<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme)
.Configure<IUrlGenerator>((options, urlGenerator) =>
{
if (!string.IsNullOrWhiteSpace(identityOptions.AuthorityUrl))
{
options.Authority = identityOptions.AuthorityUrl;
}
else
{
options.Authority = urlGenerator.BuildUrl(Constants.PrefixIdentityServer, false);
}
options.ClientId = Constants.ClientInternalId;
options.ClientSecret = Constants.ClientInternalSecret;
options.CallbackPath = "/signin-internal";
options.RequireHttpsMetadata = identityOptions.RequiresHttps;
options.SaveTokens = true;
options.Scope.Add(Scopes.Email);
options.Scope.Add(Scopes.Profile);
options.Scope.Add(Constants.ScopePermissions);
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
});
return authBuilder;
}
}
}