From e4ddcc1a4bfd1e27a5cc3f6b68410f18e4aebdcd Mon Sep 17 00:00:00 2001
From: Pc <meysamhadeli@gmail.com>
Date: Wed, 22 Feb 2023 00:46:30 +0330
Subject: [PATCH] chore: Update identity server

---
 .../actions/docker-build-publish/action.yml   |  4 +-
 deployments/k8s/flight.yml                    |  2 +-
 src/BuildingBlocks/Jwt/JwtExtensions.cs       | 37 ++++++++++++-------
 .../IdentityServerExtensions.cs               |  2 +-
 4 files changed, 27 insertions(+), 18 deletions(-)

diff --git a/.github/actions/docker-build-publish/action.yml b/.github/actions/docker-build-publish/action.yml
index 268d98d..54e48b6 100644
--- a/.github/actions/docker-build-publish/action.yml
+++ b/.github/actions/docker-build-publish/action.yml
@@ -43,11 +43,11 @@ runs:
       if: ${{ github.ref == 'refs/heads/main' && success() }}
       shell: bash
       run: |
-        docker build -t ${{ inputs.registry-username }}/${{ inputs.image-name }}:v1.6.1 -f "${{ github.workspace }}/${{ inputs.dockerfile-path }}" .
+        docker build -t ${{ inputs.registry-username }}/${{ inputs.image-name }}:v1.6.2 -f "${{ github.workspace }}/${{ inputs.dockerfile-path }}" .
 
     - name: Publish Docker Image
       if: ${{ github.ref == 'refs/heads/main' && success() }}
       shell: bash
       run: |
-        docker push ${{ inputs.registry-username }}/${{ inputs.image-name }}:v1.6.1
+        docker push ${{ inputs.registry-username }}/${{ inputs.image-name }}:v1.6.2
 
diff --git a/deployments/k8s/flight.yml b/deployments/k8s/flight.yml
index 96ad74e..1678352 100644
--- a/deployments/k8s/flight.yml
+++ b/deployments/k8s/flight.yml
@@ -39,7 +39,7 @@ spec:
           - name: "MongoOptions__DatabaseName"
             value: "flight-db"
           - name: "Jwt__Authority"
-            value: "http://127.0.0.1:2521"
+            value: "http://127.0.0.1:10679"
           - name: "Jwt__Audience"
             value: "flight-api"
           - name: "Jwt__RequireHttpsMetadata"
diff --git a/src/BuildingBlocks/Jwt/JwtExtensions.cs b/src/BuildingBlocks/Jwt/JwtExtensions.cs
index 627f55b..c970b5c 100644
--- a/src/BuildingBlocks/Jwt/JwtExtensions.cs
+++ b/src/BuildingBlocks/Jwt/JwtExtensions.cs
@@ -1,11 +1,9 @@
 using BuildingBlocks.Web;
-using Duende.IdentityServer.Models;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.Extensions.DependencyInjection;
 
 namespace BuildingBlocks.Jwt;
 
-using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 public static class JwtExtensions
 {
@@ -13,25 +11,36 @@ public static class JwtExtensions
     {
         var jwtOptions = services.GetOptions<JwtBearerOptions>("Jwt");
 
-        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+        services.AddAuthorization();
+
+        services.AddAuthentication(o => {
+                o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+                o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
+            })
+            .AddCookie(cfg => cfg.SlidingExpiration = true)
             .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>
             {
                 options.Authority = jwtOptions.Authority;
+                options.Audience = jwtOptions.Audience;
                 options.TokenValidationParameters.ValidateAudience = false;
+                options.TokenValidationParameters.ValidTypes = new[] { "at+jwt" };
                 options.RequireHttpsMetadata = jwtOptions.RequireHttpsMetadata;
-                options.Configuration = new OpenIdConnectConfiguration();
+                options.BackchannelHttpHandler = new HttpClientHandler()
+                {
+                    ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator,
+                };
             });
 
-        if (!string.IsNullOrEmpty(jwtOptions.Audience))
-        {
-            services.AddAuthorization(options =>
-                options.AddPolicy(nameof(ApiScope), policy =>
-                {
-                    policy.RequireAuthenticatedUser();
-                    policy.RequireClaim("scope", jwtOptions.Audience);
-                })
-            );
-        }
+        // if (!string.IsNullOrEmpty(jwtOptions.Audience))
+        // {
+        //     services.AddAuthorization(options =>
+        //         options.AddPolicy(nameof(ApiScope), policy =>
+        //         {
+        //             policy.RequireAuthenticatedUser();
+        //             policy.RequireClaim("scope", jwtOptions.Audience);
+        //         })
+        //     );
+        // }
 
         return services;
     }
diff --git a/src/Services/Identity/src/Identity/Extensions/Infrastructure/IdentityServerExtensions.cs b/src/Services/Identity/src/Identity/Extensions/Infrastructure/IdentityServerExtensions.cs
index 495f955..492a3ed 100644
--- a/src/Services/Identity/src/Identity/Extensions/Infrastructure/IdentityServerExtensions.cs
+++ b/src/Services/Identity/src/Identity/Extensions/Infrastructure/IdentityServerExtensions.cs
@@ -38,7 +38,7 @@ public static class IdentityServerExtensions
             .AddResourceOwnerValidator<UserValidator>();
 
         //ref: https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html
-        identityServerBuilder.AddDeveloperSigningCredential();
+        // identityServerBuilder.AddDeveloperSigningCredential();
 
         return services;
     }