From 8f722ce3c92df3b0be63918056356d567a082ae6 Mon Sep 17 00:00:00 2001
From: TekH <h.tek@digitaldata.works>
Date: Fri, 29 May 2026 08:48:10 +0200
Subject: [PATCH] Add DigitalData.Auth.Claims project and enhance JWT handling

Added the `DigitalData.Auth.Claims` project to the solution,
including its build and debug configurations. Updated
`DigitalData.Auth.API.csproj` to reference the new project
and incremented version numbers to 1.4.0.

Enhanced `Program.cs` with a new JWT signature handler for
`EnvelopeReceiverSecretDto`, generating claims for envelope
and receiver-specific data. Added `DirectorySearchService`
to the service collection, configured via `DirectorySearchOptions`.
---
 DigitalData.Auth.sln                          |  7 +++++++
 .../DigitalData.Auth.API.csproj               |  7 ++++---
 src/DigitalData.Auth.API/Program.cs           | 21 +++++++++++++++++++
 3 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/DigitalData.Auth.sln b/DigitalData.Auth.sln
index 796c087..d96ad75 100644
--- a/DigitalData.Auth.sln
+++ b/DigitalData.Auth.sln
@@ -13,6 +13,8 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "DigitalData.Auth.Tests", "D
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "DigitalData.Auth.Abstractions", "DigitalData.Auth.Abstractions\DigitalData.Auth.Abstractions.csproj", "{09FF9BF0-25BB-4EB2-B1B2-6D2873B9538C}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "DigitalData.Auth.Claims", "DigitalData.Auth.Claims\DigitalData.Auth.Claims.csproj", "{5AF91476-1897-46D2-B9E0-323EB9D39B15}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -35,6 +37,10 @@ Global
 		{09FF9BF0-25BB-4EB2-B1B2-6D2873B9538C}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{09FF9BF0-25BB-4EB2-B1B2-6D2873B9538C}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{09FF9BF0-25BB-4EB2-B1B2-6D2873B9538C}.Release|Any CPU.Build.0 = Release|Any CPU
+		{5AF91476-1897-46D2-B9E0-323EB9D39B15}.Debug|Any CPU.ActiveCfg = Release|Any CPU
+		{5AF91476-1897-46D2-B9E0-323EB9D39B15}.Debug|Any CPU.Build.0 = Release|Any CPU
+		{5AF91476-1897-46D2-B9E0-323EB9D39B15}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{5AF91476-1897-46D2-B9E0-323EB9D39B15}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -44,6 +50,7 @@ Global
 		{521A2BC0-AEA8-4500-AAA9-1951556EDF9F} = {C0123B52-5168-4C87-98A0-11A220EC392F}
 		{AF517FD9-3EBE-4452-AAEC-DFF17CC270E3} = {C0123B52-5168-4C87-98A0-11A220EC392F}
 		{09FF9BF0-25BB-4EB2-B1B2-6D2873B9538C} = {C0123B52-5168-4C87-98A0-11A220EC392F}
+		{5AF91476-1897-46D2-B9E0-323EB9D39B15} = {C0123B52-5168-4C87-98A0-11A220EC392F}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {4D163037-043C-41AE-AB94-C7314F2C38DA}
diff --git a/src/DigitalData.Auth.API/DigitalData.Auth.API.csproj b/src/DigitalData.Auth.API/DigitalData.Auth.API.csproj
index 1e9b284..e7c575d 100644
--- a/src/DigitalData.Auth.API/DigitalData.Auth.API.csproj
+++ b/src/DigitalData.Auth.API/DigitalData.Auth.API.csproj
@@ -4,9 +4,9 @@
     <TargetFrameworks>net8.0</TargetFrameworks>
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
-    <Version>1.3.0</Version>
-    <AssemblyVersion>1.3.0</AssemblyVersion>
-    <FileVersion>1.3.0</FileVersion>
+    <Version>1.4.0</Version>
+    <AssemblyVersion>1.4.0</AssemblyVersion>
+    <FileVersion>1.4.0</FileVersion>
   </PropertyGroup>
 
   <ItemGroup>
@@ -37,6 +37,7 @@
 	
   <ItemGroup>
     <ProjectReference Include="..\..\DigitalData.Auth.Abstractions\DigitalData.Auth.Abstractions.csproj" />
+    <ProjectReference Include="..\..\DigitalData.Auth.Claims\DigitalData.Auth.Claims.csproj" />
   </ItemGroup>
 
 </Project>
\ No newline at end of file
diff --git a/src/DigitalData.Auth.API/Program.cs b/src/DigitalData.Auth.API/Program.cs
index 9a50a02..7a347d3 100644
--- a/src/DigitalData.Auth.API/Program.cs
+++ b/src/DigitalData.Auth.API/Program.cs
@@ -10,6 +10,9 @@ using DigitalData.Core.Security.Extensions;
 using DigitalData.UserManager.Application;
 using DigitalData.UserManager.Application.DTOs.User;
 using DigitalData.UserManager.DependencyInjection;
+using DigitalData.Auth.Claims;
+using EnvelopeGenerator.Application.Common.Dto.EnvelopeReceiver;
+using EnvelopeGenerator.Application.Common.Extensions;
 using EnvelopeGenerator.DependencyInjection;
 using EnvelopeGenerator.Infrastructure;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
@@ -74,6 +77,24 @@ try
 
         return claims;
     });
+
+    builder.Services.AddJwtSignatureHandler<EnvelopeReceiverSecretDto>(er =>
+    {
+        var claims = new Dictionary<string, object>
+        {
+            { JwtRegisteredClaimNames.Sub, (er.Envelope!.Uuid, er.Receiver!.Signature).ToEnvelopeKey() },
+            { EnvelopeClaimNames.EnvelopeId, er.Envelope.Id },
+            { EnvelopeClaimNames.EnvelopeUuid, er.Envelope.Uuid },
+            { EnvelopeClaimNames.ReceiverId, er.Receiver.Id },
+            { EnvelopeClaimNames.ReceiverSignature, er.Receiver.Signature },
+            { JwtRegisteredClaimNames.Email, er.Receiver.EmailAddress ?? string.Empty },
+            { JwtRegisteredClaimNames.Iat, DateTimeOffset.UtcNow.ToUnixTimeSeconds() },
+            { ClaimTypes.Role, "receiver" }
+        };
+
+        return claims;
+    });
+
     builder.Services.AddDirectorySearchService(config.GetSection("DirectorySearchOptions"));
     builder.Services.AddSignalR();