elias/booking-microservices
1
0
Fork 0
mirror of https://github.com/meysamhadeli/booking-microservices.git synced 2026-04-11 02:20:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: Update identity server

Browse Source
This commit is contained in:
Pc 2023-02-22 00:46:30 +03:30
parent 7fa458f87e
commit e4ddcc1a4b
4 changed files with 27 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/actions/docker-build-publish/action.yml vendored
View File

@ -43,11 +43,11 @@ runs:
if: ${{ github.ref == 'refs/heads/main' && success() }}
shell: bash
run: |
docker build -t ${{ inputs.registry-username }}/${{ inputs.image-name }}:v1.6.1 -f "${{ github.workspace }}/${{ inputs.dockerfile-path }}" .
docker build -t ${{ inputs.registry-username }}/${{ inputs.image-name }}:v1.6.2 -f "${{ github.workspace }}/${{ inputs.dockerfile-path }}" .
- name: Publish Docker Image
if: ${{ github.ref == 'refs/heads/main' && success() }}
shell: bash
run: |
docker push ${{ inputs.registry-username }}/${{ inputs.image-name }}:v1.6.1
docker push ${{ inputs.registry-username }}/${{ inputs.image-name }}:v1.6.2

2
deployments/k8s/flight.yml
View File

@ -39,7 +39,7 @@ spec:
- name: "MongoOptions__DatabaseName"
value: "flight-db"
- name: "Jwt__Authority"
value: "http://127.0.0.1:2521"
value: "http://127.0.0.1:10679"
- name: "Jwt__Audience"
value: "flight-api"
- name: "Jwt__RequireHttpsMetadata"

37
src/BuildingBlocks/Jwt/JwtExtensions.cs
View File

@ -1,11 +1,9 @@
using BuildingBlocks.Web;
using Duende.IdentityServer.Models;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.Extensions.DependencyInjection;
namespace BuildingBlocks.Jwt;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
public static class JwtExtensions
{
@ -13,25 +11,36 @@ public static class JwtExtensions
{
var jwtOptions = services.GetOptions<JwtBearerOptions>("Jwt");
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
services.AddAuthorization();
services.AddAuthentication(o => {
o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddCookie(cfg => cfg.SlidingExpiration = true)
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>
{
options.Authority = jwtOptions.Authority;
options.Audience = jwtOptions.Audience;
options.TokenValidationParameters.ValidateAudience = false;
options.TokenValidationParameters.ValidTypes = new[] { "at+jwt" };
options.RequireHttpsMetadata = jwtOptions.RequireHttpsMetadata;
options.Configuration = new OpenIdConnectConfiguration();
options.BackchannelHttpHandler = new HttpClientHandler()
{
ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator,
};
});
if (!string.IsNullOrEmpty(jwtOptions.Audience))
{
services.AddAuthorization(options =>
options.AddPolicy(nameof(ApiScope), policy =>
{
policy.RequireAuthenticatedUser();
policy.RequireClaim("scope", jwtOptions.Audience);
})
);
}
// if (!string.IsNullOrEmpty(jwtOptions.Audience))
// {
// services.AddAuthorization(options =>
// options.AddPolicy(nameof(ApiScope), policy =>
// {
// policy.RequireAuthenticatedUser();
// policy.RequireClaim("scope", jwtOptions.Audience);
// })
// );
// }
return services;
}

2
src/Services/Identity/src/Identity/Extensions/Infrastructure/IdentityServerExtensions.cs
View File

@ -38,7 +38,7 @@ public static class IdentityServerExtensions
.AddResourceOwnerValidator<UserValidator>();
//ref: https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html
identityServerBuilder.AddDeveloperSigningCredential();
// identityServerBuilder.AddDeveloperSigningCredential();
return services;
}