(#100) Swagger Authentication

Author: phongnguyend

src/ModularMonolith/ClassifiedAds.Modules.Auth/IdServerPersistenceExtensions.cs

@@ -57,6 +57,34 @@ public static void MigrateIdServerDb(this IApplicationBuilder app)
                 context.Database.Migrate();
 
                 var clients = new List<Client>();
+
+                if (!context.Clients.Any(x => x.ClientId == "Swagger"))
+                {
+                    clients.Add(new Client
+                    {
+                        ClientId = "Swagger",
+                        ClientName = "Swagger",
+                        AllowedGrantTypes = GrantTypes.Code,
+                        RequirePkce = true,
+                        RedirectUris =
+                        {
+                            "https://localhost:44312/oauth2-redirect.html",
+                            "http://host.docker.internal:9002/oauth2-redirect.html",
+                        },
+                        AllowedScopes =
+                        {
+                            IdentityServerConstants.StandardScopes.OpenId,
+                            IdentityServerConstants.StandardScopes.Profile,
+                            "ClassifiedAds.WebAPI",
+                        },
+                        ClientSecrets =
+                        {
+                            new Secret("secret".Sha256()),
+                        },
+                        RequireConsent = false,
+                    });
+                }
+
                 if (!context.Clients.Any(x => x.ClientId == "ClassifiedAds.WebMVC"))
                 {
                     clients.Add(new Client

src/ModularMonolith/ClassifiedAds.WebAPI/Startup.cs

@@ -169,14 +169,33 @@ public void ConfigureServices(IServiceCollection services)
                         },
                     });
 
-                setupAction.AddSecurityDefinition("bearer", new OpenApiSecurityScheme()
+                setupAction.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme()
                 {
                     Type = SecuritySchemeType.Http,
-                    Scheme = "bearer",
+                    Scheme = "Bearer",
                     BearerFormat = "JWT",
                     Description = "Input your Bearer token to access this API",
                 });
 
+                setupAction.AddSecurityDefinition("Oidc", new OpenApiSecurityScheme
+                {
+                    Type = SecuritySchemeType.OAuth2,
+                    Flows = new OpenApiOAuthFlows
+                    {
+                        AuthorizationCode = new OpenApiOAuthFlow
+                        {
+                            TokenUrl = new Uri(AppSettings.IdentityServerAuthentication.Authority + "/connect/token", UriKind.Absolute),
+                            AuthorizationUrl = new Uri(AppSettings.IdentityServerAuthentication.Authority + "/connect/authorize", UriKind.Absolute),
+                            Scopes = new Dictionary<string, string>
+                            {
+                                { "openid", "OpenId" },
+                                { "profile", "Profile" },
+                                { "ClassifiedAds.WebAPI", "ClassifiedAds WebAPI" },
+                            },
+                        },
+                    },
+                });
+
                 setupAction.AddSecurityRequirement(new OpenApiSecurityRequirement
                 {
                     {
@@ -185,7 +204,17 @@ public void ConfigureServices(IServiceCollection services)
                             Reference = new OpenApiReference
                             {
                                 Type = ReferenceType.SecurityScheme,
-                                Id = "bearer",
+                                Id = "Oidc",
+                            },
+                        }, new List<string>()
+                    },
+                    {
+                        new OpenApiSecurityScheme
+                        {
+                            Reference = new OpenApiReference
+                            {
+                                Type = ReferenceType.SecurityScheme,
+                                Id = "Bearer",
                             },
                         }, new List<string>()
                     },
@@ -214,6 +243,10 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
 
             app.UseSwaggerUI(setupAction =>
             {
+                setupAction.OAuthClientId("Swagger");
+                setupAction.OAuthClientSecret("secret");
+                setupAction.OAuthUsePkce();
+
                 setupAction.SwaggerEndpoint(
                     "/swagger/ClassifiedAds/swagger.json",
                     "ClassifiedAds API");

src/Monolith/ClassifiedAds.Persistence/IdServerPersistenceExtensions.cs

@@ -81,7 +81,6 @@ public static void MigrateIdServerDb(this IApplicationBuilder app)
                         {
                             new Secret("secret".Sha256()),
                         },
-                        AllowOfflineAccess = true,
                         RequireConsent = false,
                     });
                 }

src/Monolith/ClassifiedAds.WebAPI/Startup.cs

@@ -136,7 +136,6 @@ public void ConfigureServices(IServiceCollection services)
                                 { "openid", "OpenId" },
                                 { "profile", "Profile" },
                                 { "ClassifiedAds.WebAPI", "ClassifiedAds WebAPI" },
-                                { "offline_access", "Offline Access" },
                             },
                         },
                     },