mirror of
https://github.com/meysamhadeli/booking-microservices.git
synced 2026-04-28 00:20:24 +08:00
Merge pull request #331 from meysamhadeli/fix/fix-jwt-config
fix/fix jwt config
This commit is contained in:
Meysam Hadeli
GitHub
commit
c8faa3097f
@ -30,7 +30,8 @@ public static class JwtExtensions
|
|||||||
options.TokenValidationParameters = new TokenValidationParameters
|
options.TokenValidationParameters = new TokenValidationParameters
|
||||||
{
|
{
|
||||||
ValidateAudience = false,
|
ValidateAudience = false,
|
||||||
ClockSkew = TimeSpan.FromSeconds(2) // For prevent add default value (5min) to life time token!
|
ClockSkew = TimeSpan.FromSeconds(2), // For prevent add default value (5min) to life time token!
|
||||||
|
ValidateLifetime = true, // Enforce token expiry
|
||||||
};
|
};
|
||||||
|
|
||||||
options.RequireHttpsMetadata = jwtOptions.RequireHttpsMetadata;
|
options.RequireHttpsMetadata = jwtOptions.RequireHttpsMetadata;
|
||||||
@ -48,20 +49,14 @@ public static class JwtExtensions
|
|||||||
.RequireAuthenticatedUser()
|
.RequireAuthenticatedUser()
|
||||||
.Build();
|
.Build();
|
||||||
|
|
||||||
// Add your scope policy (optional)
|
|
||||||
if (!string.IsNullOrEmpty(jwtOptions.Audience))
|
|
||||||
{
|
|
||||||
options.AddPolicy(
|
options.AddPolicy(
|
||||||
nameof(ApiScope),
|
nameof(ApiScope),
|
||||||
policy =>
|
policy =>
|
||||||
{
|
{
|
||||||
policy.AuthenticationSchemes.Add(
|
policy.AuthenticationSchemes.Add(JwtBearerDefaults.AuthenticationScheme);
|
||||||
JwtBearerDefaults.AuthenticationScheme);
|
|
||||||
|
|
||||||
policy.RequireAuthenticatedUser();
|
policy.RequireAuthenticatedUser();
|
||||||
policy.RequireClaim("scope", jwtOptions.Audience);
|
policy.RequireClaim("scope", jwtOptions.Audience);
|
||||||
});
|
});
|
||||||
}
|
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -7,11 +7,13 @@ using BuildingBlocks.EFCore;
|
|||||||
using BuildingBlocks.Mongo;
|
using BuildingBlocks.Mongo;
|
||||||
using BuildingBlocks.PersistMessageProcessor;
|
using BuildingBlocks.PersistMessageProcessor;
|
||||||
using BuildingBlocks.Web;
|
using BuildingBlocks.Web;
|
||||||
|
using Duende.IdentityServer.EntityFramework.Entities;
|
||||||
using EasyNetQ.Management.Client;
|
using EasyNetQ.Management.Client;
|
||||||
using Grpc.Net.Client;
|
using Grpc.Net.Client;
|
||||||
using MassTransit;
|
using MassTransit;
|
||||||
using MassTransit.Testing;
|
using MassTransit.Testing;
|
||||||
using MediatR;
|
using MediatR;
|
||||||
|
using Microsoft.AspNetCore.Authorization;
|
||||||
using Microsoft.AspNetCore.Hosting;
|
using Microsoft.AspNetCore.Hosting;
|
||||||
using Microsoft.AspNetCore.Http;
|
using Microsoft.AspNetCore.Http;
|
||||||
using Microsoft.AspNetCore.Mvc.Testing;
|
using Microsoft.AspNetCore.Mvc.Testing;
|
||||||
@ -57,16 +59,15 @@ where TEntryPoint : class
|
|||||||
{
|
{
|
||||||
get
|
get
|
||||||
{
|
{
|
||||||
var claims =
|
var claims = new Dictionary<string, object>
|
||||||
new Dictionary<string, object>
|
|
||||||
{
|
{
|
||||||
{ ClaimTypes.Name, "test@sample.com" },
|
{ ClaimTypes.Name, "test@sample.com" },
|
||||||
{ ClaimTypes.Role, "admin" },
|
{ ClaimTypes.Role, "admin" },
|
||||||
{ "scope", "flight-api" }
|
{ "scope", "flight-api" }
|
||||||
};
|
};
|
||||||
|
|
||||||
var httpClient = _factory?.CreateClient();
|
var httpClient = _factory.CreateClient();
|
||||||
httpClient.SetFakeBearerToken(claims);
|
httpClient.SetFakeBearerToken(claims); // Uses FakeJwtBearer
|
||||||
return httpClient;
|
return httpClient;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -106,19 +107,28 @@ where TEntryPoint : class
|
|||||||
.AsImplementedInterfaces()
|
.AsImplementedInterfaces()
|
||||||
.WithScopedLifetime());
|
.WithScopedLifetime());
|
||||||
|
|
||||||
// add authentication using a fake jwt bearer - we can use SetAdminUser method to set authenticate user to existing HttContextAccessor
|
// Add Fake JWT Authentication - we can use SetAdminUser method to set authenticate user to existing HttContextAccessor
|
||||||
// https://github.com/webmotions/fake-authentication-jwtbearer
|
// https://github.com/webmotions/fake-authentication-jwtbearer
|
||||||
// https://github.com/webmotions/fake-authentication-jwtbearer/issues/14
|
// https://github.com/webmotions/fake-authentication-jwtbearer/issues/14
|
||||||
services.AddAuthentication(
|
services.AddAuthentication(
|
||||||
options =>
|
options =>
|
||||||
{
|
{
|
||||||
options.DefaultAuthenticateScheme =
|
options.DefaultAuthenticateScheme = FakeJwtBearerDefaults.AuthenticationScheme;
|
||||||
FakeJwtBearerDefaults.AuthenticationScheme;
|
|
||||||
|
|
||||||
options.DefaultChallengeScheme =
|
options.DefaultChallengeScheme = FakeJwtBearerDefaults.AuthenticationScheme;
|
||||||
FakeJwtBearerDefaults.AuthenticationScheme;
|
|
||||||
})
|
})
|
||||||
.AddFakeJwtBearer();
|
.AddFakeJwtBearer();
|
||||||
|
|
||||||
|
// Mock Authorization Policies
|
||||||
|
services.AddAuthorization(options =>
|
||||||
|
{
|
||||||
|
options.AddPolicy(nameof(ApiScope), policy =>
|
||||||
|
{
|
||||||
|
policy.AddAuthenticationSchemes(FakeJwtBearerDefaults.AuthenticationScheme);
|
||||||
|
policy.RequireAuthenticatedUser();
|
||||||
|
policy.RequireClaim("scope", "flight-api"); // Test-specific scope
|
||||||
|
});
|
||||||
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user