From 38a28113a330548e0d3f17fb65fca89dd12bf05e Mon Sep 17 00:00:00 2001 From: ThompsonNye <88248872+ThompsonNye@users.noreply.github.com> Date: Sun, 4 Aug 2024 15:32:12 +0200 Subject: [PATCH] Require oidc metadata url instead of individual values --- src/WebApi/Authentication/JwtOptions.cs | 13 ++++--------- src/WebApi/Common/DependencyInjectionExtensions.cs | 7 ++----- tests/WebApi.Tests.Integration/WebAppFactory.cs | 5 ++--- 3 files changed, 8 insertions(+), 17 deletions(-) diff --git a/src/WebApi/Authentication/JwtOptions.cs b/src/WebApi/Authentication/JwtOptions.cs index e05daa0..01e8223 100644 --- a/src/WebApi/Authentication/JwtOptions.cs +++ b/src/WebApi/Authentication/JwtOptions.cs @@ -6,11 +6,9 @@ public class JwtOptions { public const string SectionName = "JWT"; - public string Audience { get; set; } = ""; + public string ValidAudience { get; set; } = ""; - public string Authority { get; set; } = ""; - - public string Issuer { get; set; } = ""; + public string MetadataUrl { get; set; } = ""; public string? NameClaimType { get; set; } } @@ -19,13 +17,10 @@ public class JwtOptionsValidator : AbstractValidator { public JwtOptionsValidator() { - RuleFor(x => x.Audience) + RuleFor(x => x.ValidAudience) .NotEmpty(); - RuleFor(x => x.Authority) - .NotEmpty(); - - RuleFor(x => x.Issuer) + RuleFor(x => x.MetadataUrl) .NotEmpty(); } } \ No newline at end of file diff --git a/src/WebApi/Common/DependencyInjectionExtensions.cs b/src/WebApi/Common/DependencyInjectionExtensions.cs index bbcaeee..bab1a0d 100644 --- a/src/WebApi/Common/DependencyInjectionExtensions.cs +++ b/src/WebApi/Common/DependencyInjectionExtensions.cs @@ -125,14 +125,11 @@ public static class DependencyInjectionExtensions services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, o => { - o.Authority = jwtOptions.Value.Authority; + o.MetadataAddress = jwtOptions.Value.MetadataUrl; - o.TokenValidationParameters.ValidAudience = jwtOptions.Value.Audience; + o.TokenValidationParameters.ValidAudience = jwtOptions.Value.ValidAudience; o.TokenValidationParameters.ValidateAudience = true; - o.TokenValidationParameters.ValidIssuer = jwtOptions.Value.Issuer; - o.TokenValidationParameters.ValidateIssuer = true; - if (!string.IsNullOrWhiteSpace(jwtOptions.Value.NameClaimType)) { o.TokenValidationParameters.NameClaimType = jwtOptions.Value.NameClaimType; diff --git a/tests/WebApi.Tests.Integration/WebAppFactory.cs b/tests/WebApi.Tests.Integration/WebAppFactory.cs index 3fb871d..f5abe9f 100644 --- a/tests/WebApi.Tests.Integration/WebAppFactory.cs +++ b/tests/WebApi.Tests.Integration/WebAppFactory.cs @@ -45,9 +45,8 @@ public sealed class WebAppFactory : WebApplicationFactory, IAsync IEnumerable> customConfig = [ new KeyValuePair("ConnectionStrings:Database", _database.GetConnectionString()), - new KeyValuePair("JWT:Authority", "https://localhost"), - new KeyValuePair("JWT:Audience", "https://localhost"), - new KeyValuePair("JWT:Issuer", "https://localhost"), + new KeyValuePair("JWT:ValidAudience", "https://localhost"), + new KeyValuePair("JWT:MetadataUrl", "https://localhost"), new KeyValuePair("JWT:NameClaimType", null), ];