elias/booking-microservices
1
0
Fork 0
mirror of https://github.com/meysamhadeli/booking-microservices.git synced 2026-04-21 03:27:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: Update identity server

Browse Source
This commit is contained in:
Pc 2023-02-22 00:46:30 +03:30
parent 7fa458f87e
commit e4ddcc1a4b
4 changed files with 27 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/actions/docker-build-publish/action.yml vendored
View File

@ -43,11 +43,11 @@ runs:
if: ${{ github.ref == 'refs/heads/main' && success() }} if: ${{ github.ref == 'refs/heads/main' && success() }}
shell: bash shell: bash
run: | run: |
docker build -t ${{ inputs.registry-username }}/${{ inputs.image-name }}:v1.6.1 -f "${{ github.workspace }}/${{ inputs.dockerfile-path }}" . docker build -t ${{ inputs.registry-username }}/${{ inputs.image-name }}:v1.6.2 -f "${{ github.workspace }}/${{ inputs.dockerfile-path }}" .
- name: Publish Docker Image - name: Publish Docker Image
if: ${{ github.ref == 'refs/heads/main' && success() }} if: ${{ github.ref == 'refs/heads/main' && success() }}
shell: bash shell: bash
run: | run: |
docker push ${{ inputs.registry-username }}/${{ inputs.image-name }}:v1.6.1 docker push ${{ inputs.registry-username }}/${{ inputs.image-name }}:v1.6.2

2
deployments/k8s/flight.yml
View File

@ -39,7 +39,7 @@ spec:
- name: "MongoOptions__DatabaseName" - name: "MongoOptions__DatabaseName"
value: "flight-db" value: "flight-db"
- name: "Jwt__Authority" - name: "Jwt__Authority"
value: "http://127.0.0.1:2521" value: "http://127.0.0.1:10679"
- name: "Jwt__Audience" - name: "Jwt__Audience"
value: "flight-api" value: "flight-api"
- name: "Jwt__RequireHttpsMetadata" - name: "Jwt__RequireHttpsMetadata"

37
src/BuildingBlocks/Jwt/JwtExtensions.cs
View File

@ -1,11 +1,9 @@
using BuildingBlocks.Web; using BuildingBlocks.Web;
using Duende.IdentityServer.Models;
using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection;
namespace BuildingBlocks.Jwt; namespace BuildingBlocks.Jwt;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
public static class JwtExtensions public static class JwtExtensions
{ {
@ -13,25 +11,36 @@ public static class JwtExtensions
{ {
var jwtOptions = services.GetOptions<JwtBearerOptions>("Jwt"); var jwtOptions = services.GetOptions<JwtBearerOptions>("Jwt");
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) services.AddAuthorization();
services.AddAuthentication(o => {
o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddCookie(cfg => cfg.SlidingExpiration = true)
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options => .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>
{ {
options.Authority = jwtOptions.Authority; options.Authority = jwtOptions.Authority;
options.Audience = jwtOptions.Audience;
options.TokenValidationParameters.ValidateAudience = false; options.TokenValidationParameters.ValidateAudience = false;
options.TokenValidationParameters.ValidTypes = new[] { "at+jwt" };
options.RequireHttpsMetadata = jwtOptions.RequireHttpsMetadata; options.RequireHttpsMetadata = jwtOptions.RequireHttpsMetadata;
options.Configuration = new OpenIdConnectConfiguration(); options.BackchannelHttpHandler = new HttpClientHandler()
{
ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator,
};
}); });
if (!string.IsNullOrEmpty(jwtOptions.Audience)) // if (!string.IsNullOrEmpty(jwtOptions.Audience))
{ // {
services.AddAuthorization(options => // services.AddAuthorization(options =>
options.AddPolicy(nameof(ApiScope), policy => // options.AddPolicy(nameof(ApiScope), policy =>
{ // {
policy.RequireAuthenticatedUser(); // policy.RequireAuthenticatedUser();
policy.RequireClaim("scope", jwtOptions.Audience); // policy.RequireClaim("scope", jwtOptions.Audience);
}) // })
); // );
} // }
return services; return services;
} }

2
src/Services/Identity/src/Identity/Extensions/Infrastructure/IdentityServerExtensions.cs
View File

@ -38,7 +38,7 @@ public static class IdentityServerExtensions
.AddResourceOwnerValidator<UserValidator>(); .AddResourceOwnerValidator<UserValidator>();
//ref: https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html //ref: https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html
identityServerBuilder.AddDeveloperSigningCredential(); // identityServerBuilder.AddDeveloperSigningCredential();
return services; return services;
} }