feat(Programm): Konfiguriert für Auth.API

DigitalData.UserManager.API/Program.cs

@@ -13,6 +13,12 @@ using Newtonsoft.Json;
 using Microsoft.IdentityModel.Tokens;
 using DigitalData.UserManager.Application.DTOs.User;
 using DigitalData.UserManager.API.Models;
+using DigitalData.Auth.Client;
+using DigitalData.UserManager.API;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.Extensions.Options;
+using DigitalData.Core.Abstractions.Security.Extensions;
+using Microsoft.OpenApi.Models;
 
 var logger = LogManager.Setup().LoadConfigurationFromAppSettings().GetCurrentClassLogger();
 logger.Debug("init main");
@@ -92,10 +98,85 @@ try {
         Claims = user.ToClaimList().ToDictionary(claim => claim.Type, claim => claim.Value as object)
     });
 
+    var lazyProvider = new LazyServiceProvider();
+
+    builder.Services.AddAuthHubClient(config.GetSection("AuthClientParams"));
+
+    var authTokenKeys = config.GetSection(nameof(AuthTokenKeys)).Get<AuthTokenKeys>() ?? new();
+
+    builder.Services
+        .AddAuthentication(options =>
+        {
+            options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+            options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
+        })
+        .AddJwtBearer(opt =>
+        {
+            opt.TokenValidationParameters = new TokenValidationParameters
+            {
+                ValidateIssuerSigningKey = true,
+                IssuerSigningKeyResolver = (token, securityToken, identifier, parameters) =>
+                {
+                    var clientParams = lazyProvider.GetRequiredService<IOptions<ClientParams>>()?.Value;
+                    var publicKey = clientParams!.PublicKeys.Get(authTokenKeys.Issuer, authTokenKeys.Audience);
+                    return new List<SecurityKey>() { publicKey.SecurityKey };
+                },
+                ValidateIssuer = true,
+                ValidIssuer = authTokenKeys.Issuer,
+                ValidateAudience = true,
+                ValidAudience = authTokenKeys.Audience,
+            };
+
+            opt.Events = new JwtBearerEvents
+            {
+                OnMessageReceived = context =>
+                {
+                    // if there is no token read related cookie or query string
+                    if (context.Token is null)   // if there is no token
+                    {
+                        if (context.Request.Cookies.TryGetValue(authTokenKeys.Cookie, out var cookieToken) && cookieToken is not null)
+                            context.Token = cookieToken;
+                        else if (context.Request.Query.TryGetValue(authTokenKeys.QueryString, out var queryStrToken))
+                            context.Token = queryStrToken;
+                    }
+                    return Task.CompletedTask;
+                }
+            };
+        });
+
+    builder.Services.AddSwaggerGen(setupAct =>
+    {
+        setupAct.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
+        {
+            Description = "JWT Authorization header using the Bearer scheme. Example: \"Bearer {token}\"",
+            Name = "Authorization",
+            In = ParameterLocation.Header,
+            Type = SecuritySchemeType.Http,
+            Scheme = "Bearer"
+        });
+
+        setupAct.AddSecurityRequirement(new OpenApiSecurityRequirement
+        {
+            {
+                new OpenApiSecurityScheme
+                {
+                    Reference = new OpenApiReference
+                    {
+                        Type = ReferenceType.SecurityScheme,
+                        Id = "Bearer"
+                    }
+                },
+                Array.Empty<string>()
+            }
+        });
+    });
+
     builder.Services.AddCookieBasedLocalizer();
 
     var app = builder.Build();
 
+    lazyProvider.Factory = () => app.Services;
+
     cnn_str = new(() =>
     {
         var encryptor = app.Services.GetRequiredService<Encryptor>();