You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
84 lines
2.8 KiB
84 lines
2.8 KiB
using Microsoft.AspNetCore.Authentication;
|
|
using Microsoft.AspNetCore.Authentication.Cookies;
|
|
using Microsoft.AspNetCore.Builder;
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
using Microsoft.IdentityModel.Tokens;
|
|
using System.IdentityModel.Tokens.Jwt;
|
|
using System.Net.Http;
|
|
using IdentityModel.Client;
|
|
|
|
namespace Client
|
|
{
|
|
public class Startup
|
|
{
|
|
public void ConfigureServices(IServiceCollection services)
|
|
{
|
|
JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
|
|
|
|
services.AddControllersWithViews();
|
|
|
|
services.AddHttpClient();
|
|
|
|
services.AddSingleton<IDiscoveryCache>(r =>
|
|
{
|
|
var factory = r.GetRequiredService<IHttpClientFactory>();
|
|
return new DiscoveryCache(Urls.IdentityServer, () => factory.CreateClient());
|
|
});
|
|
|
|
services.AddAuthentication(options =>
|
|
{
|
|
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
|
|
options.DefaultChallengeScheme = "oidc";
|
|
})
|
|
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme)
|
|
.AddOpenIdConnect("oidc", options =>
|
|
{
|
|
options.Authority = Urls.IdentityServer;
|
|
options.RequireHttpsMetadata = false;
|
|
|
|
options.ClientId = "interactive";
|
|
options.ClientSecret = "49C1A7E1-0C79-4A89-A3D6-A37998FB86B0";
|
|
|
|
// code flow + PKCE (PKCE is turned on by default)
|
|
options.ResponseType = "code";
|
|
options.UsePkce = true;
|
|
|
|
options.Scope.Clear();
|
|
options.Scope.Add("openid");
|
|
options.Scope.Add("profile");
|
|
options.Scope.Add("offline_access");
|
|
options.Scope.Add("api1");
|
|
|
|
// not mapped by default
|
|
options.ClaimActions.MapJsonKey("website", "website");
|
|
|
|
// keeps id_token smaller
|
|
options.GetClaimsFromUserInfoEndpoint = true;
|
|
options.SaveTokens = true;
|
|
|
|
options.TokenValidationParameters = new TokenValidationParameters
|
|
{
|
|
NameClaimType = "name",
|
|
RoleClaimType = "role"
|
|
};
|
|
});
|
|
}
|
|
|
|
public void Configure(IApplicationBuilder app)
|
|
{
|
|
app.UseDeveloperExceptionPage();
|
|
app.UseStaticFiles();
|
|
|
|
app.UseRouting();
|
|
|
|
app.UseAuthentication();
|
|
app.UseAuthorization();
|
|
|
|
app.UseEndpoints(endpoints =>
|
|
{
|
|
endpoints.MapDefaultControllerRoute()
|
|
.RequireAuthorization();
|
|
});
|
|
}
|
|
}
|
|
}
|