update

afedyanin · May 24, 2024 · c7edf4e · c7edf4e
1 parent c5df94d
commit c7edf4e
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 90 deletions.
diff --git a/src/BlazorSampleApp/AuthRegistrar.cs b/src/BlazorSampleApp/AuthRegistrar.cs
@@ -3,14 +3,13 @@
 using BlazorSampleApp.Client;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.AspNetCore.Components.Authorization;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace BlazorSampleApp;
 
 public static class AuthRegistrar
 {
- // private const string MS_OIDC_SCHEME = "MicrosoftOidc";
-
  internal static void AddOidcAuthentication(this IServiceCollection services, IConfiguration configuration)
  {
  var config = new OidcConfiguration();
@@ -30,16 +29,32 @@ internal static void AddOidcAuthentication(this IServiceCollection services, ICo
 
  oidcOptions.Authority = config.Authority;
  oidcOptions.MetadataAddress = config.MetadataUrl;
+ // oidcOptions.CallbackPath = new PathString("/signin-oidc");
+ // oidcOptions.SignedOutCallbackPath = new PathString("/signout-callback-oidc");
+ // oidcOptions.RemoteSignOutPath = new PathString("/signout-oidc");
+
  oidcOptions.RequireHttpsMetadata = false;
 
  oidcOptions.ClientId = config.ClientId;
  oidcOptions.ClientSecret = config.ClientSecret;
 
  oidcOptions.ResponseType = OpenIdConnectResponseType.Code;
+ oidcOptions.ResponseMode = OpenIdConnectResponseMode.Query;
+
  oidcOptions.MapInboundClaims = false;
  oidcOptions.TokenValidationParameters.NameClaimType = JwtRegisteredClaimNames.Name;
  oidcOptions.TokenValidationParameters.RoleClaimType = "role";
 
+ oidcOptions.Scope.Add("profile");
+ oidcOptions.Scope.Add("roles");
+ oidcOptions.Scope.Add(OpenIdConnectScope.OfflineAccess);
+ oidcOptions.Scope.Add(OpenIdConnectScope.OpenIdProfile);
+
+ oidcOptions.SaveTokens = true;
+
+ // oidcOptions.UsePkce = true;
+ // oidcOptions.GetClaimsFromUserInfoEndpoint = true;
+
  oidcOptions.Events = new OpenIdConnectEvents
  {
  OnTokenValidated = OnTokenValidated,
@@ -61,80 +76,19 @@ internal static void AddOidcAuthentication(this IServiceCollection services, ICo
  //options.Cookie.SameSite = SameSiteMode.Strict;
  });
 
- /*
- services
- .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
- {
- options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
- options.Authority = config.Authority;
- options.ClientId = config.ClientId;
- options.ClientSecret = config.ClientSecret;
- options.MetadataAddress = config.MetadataUrl;
- options.RequireHttpsMetadata = false;
-
- options.MapInboundClaims = false;
- options.ResponseType = OpenIdConnectResponseType.Code;
-
- options.TokenValidationParameters.NameClaimType = JwtRegisteredClaimNames.Name;
- options.TokenValidationParameters.RoleClaimType = "role";
- })
- .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
- {
- // set session lifetime
- options.ExpireTimeSpan = TimeSpan.FromHours(8);
-
- // sliding or absolute
- options.SlidingExpiration = false;
-
- // host prefixed cookie name
- options.Cookie.Name = "__Host-spa";
-
- // strict SameSite handling
- options.Cookie.SameSite = SameSiteMode.Strict;
- });
-
-
- .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
- {
- options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-
- options.Authority = config.Authority;
- options.ClientId = config.ClientId;
- options.ClientSecret = config.ClientSecret;
- options.MetadataAddress = config.MetadataUrl;
-
- //options.CallbackPath = config.CallbackPath;
- options.ResponseType = OpenIdConnectResponseType.Code;
- options.ResponseMode = OpenIdConnectResponseMode.Query;
- options.MapInboundClaims = false;
- options.GetClaimsFromUserInfoEndpoint = true;
-
- // save tokens into authentication session
- // to enable automatic token management
- options.SaveTokens = true;
-
- options.Scope.Add("profile");
- options.Scope.Add("roles");
- options.Scope.Add(OpenIdConnectScope.OfflineAccess);
- options.Scope.Add(OpenIdConnectScope.OpenIdProfile);
+ services.AddScoped<AuthenticationStateProvider, PersistingAuthenticationStateProvider>();
 
- options.UsePkce = true;
- options.RequireHttpsMetadata = false;
- options.GetClaimsFromUserInfoEndpoint = true;
-
- // options.MapInboundClaims = false;
- options.TokenValidationParameters.NameClaimType = JwtRegisteredClaimNames.Name;
- options.TokenValidationParameters.RoleClaimType = "role";
-
- options.Events = new OpenIdConnectEvents
- {
- OnTokenValidated = OnTokenValidated,
- };
- });
- */
+ services.ConfigureCookieOidcRefresh(
+ CookieAuthenticationDefaults.AuthenticationScheme,
+ OpenIdConnectDefaults.AuthenticationScheme);
  }
 
- public static IServiceCollection ConfigureCookieOidcRefresh(this IServiceCollection services, string cookieScheme, string oidcScheme)
+ // ConfigureCookieOidcRefresh attaches a cookie OnValidatePrincipal callback to get
+ // a new access token when the current one expires, and reissue a cookie with the
+ // new access token saved inside. If the refresh fails, the user will be signed
+ // out. OIDC connect options are set for saving tokens and the offline access
+ // scope.
+ private static IServiceCollection ConfigureCookieOidcRefresh(this IServiceCollection services, string cookieScheme, string oidcScheme)
  {
  services.AddSingleton<CookieOidcRefresher>();
  services.AddOptions<CookieAuthenticationOptions>(cookieScheme).Configure<CookieOidcRefresher>((cookieOptions, refresher) =>
@@ -187,8 +141,6 @@ private static Task OnTokenValidated(TokenValidatedContext context)
  context.Principal.AddIdentity(new ClaimsIdentity(claims));
  }
 
-
-
  return Task.CompletedTask;
  }
 

diff --git a/src/BlazorSampleApp/Program.cs b/src/BlazorSampleApp/Program.cs
@@ -1,9 +1,6 @@
-using Microsoft.AspNetCore.Components.Authorization;
 using BlazorSampleApp;
 using BlazorSampleApp.Client.Weather;
 using BlazorSampleApp.Components;
-using Microsoft.AspNetCore.Authentication.Cookies;
-using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 
 var builder = WebApplication.CreateBuilder(args);
 
@@ -15,18 +12,6 @@
  .AddInteractiveServerComponents()
  .AddInteractiveWebAssemblyComponents();
 
-builder.Services.AddScoped<AuthenticationStateProvider, PersistingAuthenticationStateProvider>();
-
-// ConfigureCookieOidcRefresh attaches a cookie OnValidatePrincipal callback to get
-// a new access token when the current one expires, and reissue a cookie with the
-// new access token saved inside. If the refresh fails, the user will be signed
-// out. OIDC connect options are set for saving tokens and the offline access
-// scope.
-
-builder.Services.ConfigureCookieOidcRefresh(
- CookieAuthenticationDefaults.AuthenticationScheme,
- OpenIdConnectDefaults.AuthenticationScheme);
-
 builder.Services.AddHttpContextAccessor();
 
 builder.Services.AddHttpClient<IWeatherForecaster, ServerWeatherForecaster>(httpClient =>