From 82f23d447bea3c1248dc477f4bc1ddac17abf04b Mon Sep 17 00:00:00 2001
From: Developer 02 <developer02@didaloghe.onmicrosoft.com>
Date: Wed, 15 Jan 2025 10:25:51 +0100
Subject: [PATCH] =?UTF-8?q?chore:=20Authentifizierung=20mit=20layz=20loadi?=
 =?UTF-8?q?ng=20hinzugef=C3=BCgt.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../DigitalData.Auth.API.csproj               |  4 +-
 src/DigitalData.Auth.API/Program.cs           | 43 ++++++++++++++++++-
 2 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/src/DigitalData.Auth.API/DigitalData.Auth.API.csproj b/src/DigitalData.Auth.API/DigitalData.Auth.API.csproj
index af1efcb..3b137cb 100644
--- a/src/DigitalData.Auth.API/DigitalData.Auth.API.csproj
+++ b/src/DigitalData.Auth.API/DigitalData.Auth.API.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
@@ -7,6 +7,8 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.12" />
+    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="8.3.0" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.4.0" />
   </ItemGroup>
 
diff --git a/src/DigitalData.Auth.API/Program.cs b/src/DigitalData.Auth.API/Program.cs
index 9d3788f..2ea8a29 100644
--- a/src/DigitalData.Auth.API/Program.cs
+++ b/src/DigitalData.Auth.API/Program.cs
@@ -1,5 +1,9 @@
 using DigitalData.Auth.API.Config;
 using DigitalData.Auth.API.Services;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.IdentityModel.JsonWebTokens;
+using Microsoft.IdentityModel.Tokens;
+using System.Security.Claims;
 
 var builder = WebApplication.CreateBuilder(args);
 
@@ -14,10 +18,45 @@ builder.Services.Configure<AuthApiParams>(config);
 builder.Services.AddConsumerApiServiceFromConfiguration(config);
 
 builder.Services.AddControllers();
-// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
+
 builder.Services.AddEndpointsApiExplorer();
 builder.Services.AddSwaggerGen();
 
+// Add authentication
+Lazy<SecurityKey>? issuerSigningKeyInitiator = null;
+
+builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+    .AddJwtBearer(options =>
+    {
+        options.RequireHttpsMetadata = apiParams!.RequireHttpsMetadata;
+        options.ClaimsIssuer = apiParams!.Issuer;
+        options.Audience = apiParams!.DefaultConsumer.Audience;
+        options.TokenValidationParameters = new()
+        {
+            ValidateIssuer = true,
+            ValidIssuer = apiParams!.Issuer,
+            ValidateAudience = true,
+            ValidAudience = apiParams!.DefaultConsumer.Audience,
+            ValidateLifetime = true,
+            IssuerSigningKey = issuerSigningKeyInitiator?.Value,
+            NameClaimType = JwtRegisteredClaimNames.Name,
+            RoleClaimType = ClaimTypes.Role
+        };
+
+        options.Events = new JwtBearerEvents
+        {
+            OnMessageReceived = context =>
+            {
+                // if there is no token read related cookie
+                if (context.Token is null   // if there is no token
+                    && context.Request.Cookies.TryGetValue(apiParams!.CookieName, out var token)    // get token from cookies  
+                    && token is not null)  
+                    context.Token = token;
+                return Task.CompletedTask;
+            }
+        };
+    });
+
 var app = builder.Build();
 
 // Configure the HTTP request pipeline.
@@ -29,6 +68,8 @@ if (app.Environment.IsDevelopment())
 
 app.UseHttpsRedirection();
 
+app.UseAuthentication();
+
 app.UseAuthorization();
 
 app.MapControllers();