From 33ead6ebf487558e5ded832f17766c3e496479f6 Mon Sep 17 00:00:00 2001
From: Developer 02 <developer02@didaloghe.onmicrosoft.com>
Date: Mon, 10 Feb 2025 14:09:15 +0100
Subject: [PATCH] =?UTF-8?q?fix:=20UniqueName=20aktualisiert,=20um=20den=20?=
 =?UTF-8?q?Benutzernamen=20in=20den=20Anspr=C3=BCchen=20des=20Benutzername?=
 =?UTF-8?q?ns=20zu=20halten.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/DigitalData.Auth.API/Program.cs | 34 +++++++++++++++++++++++++++--
 1 file changed, 32 insertions(+), 2 deletions(-)

diff --git a/src/DigitalData.Auth.API/Program.cs b/src/DigitalData.Auth.API/Program.cs
index 27dd250..71dd06e 100644
--- a/src/DigitalData.Auth.API/Program.cs
+++ b/src/DigitalData.Auth.API/Program.cs
@@ -32,7 +32,7 @@ builder.Services.AddJwtSignatureHandler<Consumer>(api => new Dictionary<string,
 builder.Services.AddJwtSignatureHandler<UserReadDto>(user => new Dictionary<string, object>
 {
     { JwtRegisteredClaimNames.Sub, user.Id },
-    { JwtRegisteredClaimNames.UniqueName, user.Id },
+    { JwtRegisteredClaimNames.UniqueName, user.Username },
     { JwtRegisteredClaimNames.Email, user.Email ?? string.Empty },
     { JwtRegisteredClaimNames.GivenName, user.Prename ?? string.Empty },
     { JwtRegisteredClaimNames.FamilyName, user.Name ?? string.Empty },
@@ -108,7 +108,37 @@ builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
                     && token is not null)  
                     context.Token = token;
                 return Task.CompletedTask;
-            }
+            },
+        };
+    });
+
+builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+    .AddJwtBearer(options =>
+    {
+        options.RequireHttpsMetadata = apiParams!.RequireHttpsMetadata;
+        options.ClaimsIssuer = apiParams!.Issuer;
+        options.Audience = apiParams.LocalConsumer.Audience;
+        options.TokenValidationParameters = new()
+        {
+            ValidateIssuer = true,
+            ValidIssuer = apiParams!.Issuer,
+            ValidateAudience = true,
+            ValidAudience = apiParams.LocalConsumer.Audience,
+            ValidateLifetime = true,
+            IssuerSigningKey = issuerSigningKeyInitiator?.Value
+        };
+
+        options.Events = new JwtBearerEvents
+        {
+            OnMessageReceived = context =>
+            {
+                // if there is no token read related cookie
+                if (context.Token is null   // if there is no token
+                    && context.Request.Cookies.TryGetValue(apiParams!.DefaultCookieName, out var token)    // get token from cookies  
+                    && token is not null)
+                    context.Token = token;
+                return Task.CompletedTask;
+            },
         };
     });