From f7eaa0f7deb6718b72bc00b9e56f1f522dcad2a9 Mon Sep 17 00:00:00 2001
From: Developer 02 <developer02@didaloghe.onmicrosoft.com>
Date: Tue, 11 Mar 2025 16:22:54 +0100
Subject: [PATCH] =?UTF-8?q?refactor:=20IssuerSigningKeyResolver=20wurde=20?=
 =?UTF-8?q?aktualisiert,=20um=20die=20Konfiguration=20=C3=BCber=20serviceP?=
 =?UTF-8?q?rovider=20anstelle=20eines=20separaten=20=C3=B6ffentlichen=20Sc?=
 =?UTF-8?q?hl=C3=BCssels=20zu=20erm=C3=B6glichen.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../Controllers/PlaceHolderAuthController.cs  |  2 +-
 WorkFlow.API/LazyServiceProvider.cs           | 18 ++++++++++++++++++
 WorkFlow.API/Models/AuthTokenKeys.cs          |  4 ++++
 WorkFlow.API/Program.cs                       | 19 ++++++++++++-------
 WorkFlow.API/WorkFlow.API.csproj              |  2 +-
 WorkFlow.API/appsettings.json                 | 16 +++++++++-------
 6 files changed, 45 insertions(+), 16 deletions(-)
 create mode 100644 WorkFlow.API/LazyServiceProvider.cs

diff --git a/WorkFlow.API/Controllers/PlaceHolderAuthController.cs b/WorkFlow.API/Controllers/PlaceHolderAuthController.cs
index 651cdc3..d0d6da9 100644
--- a/WorkFlow.API/Controllers/PlaceHolderAuthController.cs
+++ b/WorkFlow.API/Controllers/PlaceHolderAuthController.cs
@@ -20,5 +20,5 @@ public class PlaceholderAuthController : ControllerBase
 
     [HttpGet("check")]
     [Authorize]
-    public IActionResult Check() => throw new NotImplementedException();
+    public IActionResult Check() => Ok();
 }
\ No newline at end of file
diff --git a/WorkFlow.API/LazyServiceProvider.cs b/WorkFlow.API/LazyServiceProvider.cs
new file mode 100644
index 0000000..facad60
--- /dev/null
+++ b/WorkFlow.API/LazyServiceProvider.cs
@@ -0,0 +1,18 @@
+namespace WorkFlow.API;
+
+public class LazyServiceProvider : IServiceProvider
+{
+    private Lazy<IServiceProvider>? _serviceProvider;
+
+    public Func<IServiceProvider> Factory 
+    {
+        set => _serviceProvider = new(value);
+    }
+
+    public object? GetService(Type serviceType)
+    {
+        if (_serviceProvider is null)
+            throw new InvalidOperationException("GetService cannot be called before _serviceProvider is set.");
+        return _serviceProvider.Value.GetService(serviceType);
+    }
+}
diff --git a/WorkFlow.API/Models/AuthTokenKeys.cs b/WorkFlow.API/Models/AuthTokenKeys.cs
index 18a1838..49099df 100644
--- a/WorkFlow.API/Models/AuthTokenKeys.cs
+++ b/WorkFlow.API/Models/AuthTokenKeys.cs
@@ -5,4 +5,8 @@ public class AuthTokenKeys
     public string Cookie { get; init; } = "AuthToken";
 
     public string QueryString { get; init; } = "AuthToken";
+
+    public string Issuer { get; init; } = "auth.digitaldata.works";
+
+    public string Audience { get; init; } = "work-flow.digitaldata.works";
 }
diff --git a/WorkFlow.API/Program.cs b/WorkFlow.API/Program.cs
index e657377..5b57f3f 100644
--- a/WorkFlow.API/Program.cs
+++ b/WorkFlow.API/Program.cs
@@ -2,7 +2,6 @@ using WorkFlow.Application;
 using DigitalData.UserManager.Application;
 using Microsoft.EntityFrameworkCore;
 using WorkFlow.Infrastructure;
-using Microsoft.AspNetCore.Authentication.Cookies;
 using DigitalData.Core.API;
 using DigitalData.Core.Application;
 using DigitalData.UserManager.Application.DTOs.User;
@@ -15,6 +14,9 @@ using WorkFlow.API.Filters;
 using Microsoft.OpenApi.Models;
 using DigitalData.Auth.Client;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
+using WorkFlow.API;
+using Microsoft.Extensions.Options;
+using DigitalData.Core.Abstractions.Security;
 
 var logger = LogManager.Setup().LoadConfigurationFromAppSettings().GetCurrentClassLogger();
 logger.Info("Logging initialized.");
@@ -48,10 +50,9 @@ try
     else
         throw new("The API Key Authorization configuration is not available in the app settings, even though the app is not in development or DiP mode and API Key Authorization is not disabled.");
 
-    // Created separately from AuthClientParams (added via options) for use in Jwt Bearer configuration
-    var authPublicKey = config.GetSection("AuthPublicKey").Get<ClientPublicKey>() ?? throw new InvalidOperationException("The AuthPublicKey configuration is missing or invalid.");
+    var lazyProvider = new LazyServiceProvider();
 
-    builder.Services.AddAuthHubClient(config.GetSection("AuthClientParams"), opt => opt.PublicKeys.Add(authPublicKey));
+    builder.Services.AddAuthHubClient(config.GetSection("AuthClientParams"));
 
     builder.Services.AddControllers();
 
@@ -69,12 +70,14 @@ try
                 ValidateIssuerSigningKey = true,
                 IssuerSigningKeyResolver = (token, securityToken, identifier, parameters) =>
                 {
-                    return [authPublicKey.SecurityKey];
+                    var clientParams = lazyProvider.GetRequiredService<IOptions<ClientParams>>()?.Value;
+                    var publicKey = clientParams!.PublicKeys.Get(authTokenKeys.Issuer, authTokenKeys.Audience);
+                    return [publicKey.SecurityKey];
                 },
                 ValidateIssuer = true,
-                ValidIssuer = authPublicKey.Issuer,
+                ValidIssuer = authTokenKeys.Issuer,
                 ValidateAudience = true,
-                ValidAudience = authPublicKey.Audience,
+                ValidAudience = authTokenKeys.Audience,
             };
 
             opt.Events = new JwtBearerEvents
@@ -130,6 +133,8 @@ try
 
     var app = builder.Build();
 
+    lazyProvider.Factory = () => app.Services;
+
     // Configure the HTTP request pipeline.
     if (app.IsDevOrDiP() && app.Configuration.GetValue<bool>("EnableSwagger"))
     {
diff --git a/WorkFlow.API/WorkFlow.API.csproj b/WorkFlow.API/WorkFlow.API.csproj
index 423bcfc..54b25c9 100644
--- a/WorkFlow.API/WorkFlow.API.csproj
+++ b/WorkFlow.API/WorkFlow.API.csproj
@@ -12,7 +12,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="DigitalData.Auth.Client" Version="1.1.5" />
+    <PackageReference Include="DigitalData.Auth.Client" Version="1.2.1.1" />
     <PackageReference Include="DigitalData.Core.API" Version="2.1.1" />
     <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.13" />
     <PackageReference Include="NLog" Version="5.3.4" />
diff --git a/WorkFlow.API/appsettings.json b/WorkFlow.API/appsettings.json
index 7d9567f..aa54ae8 100644
--- a/WorkFlow.API/appsettings.json
+++ b/WorkFlow.API/appsettings.json
@@ -78,12 +78,14 @@
     }
   },
   "AuthClientParams": {
-    "Url": "https://localhost:7192",
-    "PublicKeys": []
-  },
-  "AuthPublicKey": {
-    "Issuer": "auth.digitaldata.works",
-    "Audience": "work-flow.digitaldata.works",
-    "Content": "-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3QCd7dH/xOUITFZbitMa/xnh8a0LyL6ZBvSRAwkI9ceplTRSHJXoM1oB+xtjWE1kOuHVLe941Tm03szS4+/rHIm0Ejva/KKlv7sPFAHE/pWuoPS303vOHgI4HAFcuwywA8CghUWzaaK5LU/Hl8srWwxBHv5hKIUjJFJygeAIENvFOZ1gFbB3MPEC99PiPOwAmfl4tMQUmSsFyspl/RWVi7bTv26ZE+m3KPcWppmvmYjXlSitxRaySxnfFvpca/qWfd/uUUg2KWKtpAwWVkqr0qD9v3TyKSgHoGDsrFpwSx8qufUJSinmZ1u/0iKl6TXeHubYS4C4SUSVjOWXymI2ZQIDAQAB-----END PUBLIC KEY-----"
+    "Url": "https://localhost:7192/auth-hub",
+    "PublicKeys": [
+      {
+        "Issuer": "auth.digitaldata.works",
+        "Audience": "work-flow.digitaldata.works",
+        "Content": "-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3QCd7dH/xOUITFZbitMa/xnh8a0LyL6ZBvSRAwkI9ceplTRSHJXoM1oB+xtjWE1kOuHVLe941Tm03szS4+/rHIm0Ejva/KKlv7sPFAHE/pWuoPS303vOHgI4HAFcuwywA8CghUWzaaK5LU/Hl8srWwxBHv5hKIUjJFJygeAIENvFOZ1gFbB3MPEC99PiPOwAmfl4tMQUmSsFyspl/RWVi7bTv26ZE+m3KPcWppmvmYjXlSitxRaySxnfFvpca/qWfd/uUUg2KWKtpAwWVkqr0qD9v3TyKSgHoGDsrFpwSx8qufUJSinmZ1u/0iKl6TXeHubYS4C4SUSVjOWXymI2ZQIDAQAB-----END PUBLIC KEY-----"
+      }
+    ],
+    "RetryDelay": "00:00:05"
   }
 }
\ No newline at end of file