elias/booking-microservices
1
0
Fork 0
mirror of https://github.com/meysamhadeli/booking-microservices.git synced 2026-04-10 17:59:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #331 from meysamhadeli/fix/fix-jwt-config

Browse Source 
fix/fix jwt config
This commit is contained in:
Meysam Hadeli 2025-04-11 23:15:01 +03:30 committed by GitHub
commit c8faa3097f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 34 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
building-blocks/Jwt/JwtExtensions.cs
View File

@ -30,7 +30,8 @@ public static class JwtExtensions
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = false,
ClockSkew = TimeSpan.FromSeconds(2) // For prevent add default value (5min) to life time token!
ClockSkew = TimeSpan.FromSeconds(2), // For prevent add default value (5min) to life time token!
ValidateLifetime = true, // Enforce token expiry
};
options.RequireHttpsMetadata = jwtOptions.RequireHttpsMetadata;
@ -48,20 +49,14 @@ public static class JwtExtensions
.RequireAuthenticatedUser()
.Build();
// Add your scope policy (optional)
if (!string.IsNullOrEmpty(jwtOptions.Audience))
{
options.AddPolicy(
nameof(ApiScope),
policy =>
{
policy.AuthenticationSchemes.Add(
JwtBearerDefaults.AuthenticationScheme);
policy.RequireAuthenticatedUser();
policy.RequireClaim("scope", jwtOptions.Audience);
});
}
options.AddPolicy(
nameof(ApiScope),
policy =>
{
policy.AuthenticationSchemes.Add(JwtBearerDefaults.AuthenticationScheme);
policy.RequireAuthenticatedUser();
policy.RequireClaim("scope", jwtOptions.Audience);
});
});
}

38
building-blocks/TestBase/TestBase.cs
View File

@ -7,11 +7,13 @@ using BuildingBlocks.EFCore;
using BuildingBlocks.Mongo;
using BuildingBlocks.PersistMessageProcessor;
using BuildingBlocks.Web;
using Duende.IdentityServer.EntityFramework.Entities;
using EasyNetQ.Management.Client;
using Grpc.Net.Client;
using MassTransit;
using MassTransit.Testing;
using MediatR;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc.Testing;
@ -57,16 +59,15 @@ where TEntryPoint : class
{
get
{
var claims =
new Dictionary<string, object>
{
{ClaimTypes.Name, "test@sample.com"},
{ClaimTypes.Role, "admin"},
{"scope", "flight-api"}
};
var claims = new Dictionary<string, object>
{
{ ClaimTypes.Name, "test@sample.com" },
{ ClaimTypes.Role, "admin" },
{ "scope", "flight-api" }
};
var httpClient = _factory?.CreateClient();
httpClient.SetFakeBearerToken(claims);
var httpClient = _factory.CreateClient();
httpClient.SetFakeBearerToken(claims); // Uses FakeJwtBearer
return httpClient;
}
}
@ -106,19 +107,28 @@ where TEntryPoint : class
.AsImplementedInterfaces()
.WithScopedLifetime());
// add authentication using a fake jwt bearer - we can use SetAdminUser method to set authenticate user to existing HttContextAccessor
// Add Fake JWT Authentication - we can use SetAdminUser method to set authenticate user to existing HttContextAccessor
// https://github.com/webmotions/fake-authentication-jwtbearer
// https://github.com/webmotions/fake-authentication-jwtbearer/issues/14
services.AddAuthentication(
options =>
{
options.DefaultAuthenticateScheme =
FakeJwtBearerDefaults.AuthenticationScheme;
options.DefaultAuthenticateScheme = FakeJwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme =
FakeJwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = FakeJwtBearerDefaults.AuthenticationScheme;
})
.AddFakeJwtBearer();
// Mock Authorization Policies
services.AddAuthorization(options =>
{
options.AddPolicy(nameof(ApiScope), policy =>
{
policy.AddAuthenticationSchemes(FakeJwtBearerDefaults.AuthenticationScheme);
policy.RequireAuthenticatedUser();
policy.RequireClaim("scope", "flight-api"); // Test-specific scope
});
});
});
});
}