Skip to content

Commit d1841f2

Browse files
committed
feat: add configurable SSL for auth server
1 parent f421ab0 commit d1841f2

3 files changed

Lines changed: 51 additions & 37 deletions

File tree

docker-compose.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -165,6 +165,7 @@ services:
165165
ASPNETCORE_ENVIRONMENT: Development
166166
DRIVING: AGNOSTIC
167167
DRIVEN: AGNOSTIC
168+
DISABLE_SSL: "true"
168169
ConnectionStrings__messaging: "redpanda:9092"
169170
ConnectionStrings__database: "Host=user-management-db;Port=5432;Database=user_management;Username=user_mgmt_user;Password=user_mgmt_password"
170171
KAFKA__BOOTSTRAPSERVERS: "redpanda:9092"

user-management/src/Stickerlandia.UserManagement.Agnostic/ServiceExtensions.cs

Lines changed: 17 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -35,23 +35,23 @@ public static IServiceCollection AddKafkaMessaging(this IServiceCollection servi
3535
BootstrapServers = configuration.GetConnectionString("messaging"),
3636
// Fixed properties
3737
SecurityProtocol = SecurityProtocol.Plaintext,
38-
Acks = Acks.All
38+
Acks = Acks.All
3939
};
40-
40+
4141
var consumerConfig = new ConsumerConfig
4242
{
4343
// User-specific properties that you must set
4444
BootstrapServers = configuration.GetConnectionString("messaging"),
4545
// Fixed properties
4646
SecurityProtocol = SecurityProtocol.Plaintext,
47-
GroupId = "stickerlandia-users",
48-
AutoOffsetReset = AutoOffsetReset.Earliest,
49-
EnableAutoCommit = false,
47+
GroupId = "stickerlandia-users",
48+
AutoOffsetReset = AutoOffsetReset.Earliest,
49+
EnableAutoCommit = false
5050
};
51-
51+
5252
services.AddSingleton(producerConfig);
5353
services.AddSingleton(consumerConfig);
54-
54+
5555
// Register event publisher as singleton
5656
services.AddSingleton<IUserEventPublisher, KafkaEventPublisher>();
5757
services.AddSingleton<IMessagingWorker, KafakStickerClaimedWorker>();
@@ -64,24 +64,28 @@ public static IServiceCollection AddPostgresAuthServices(this IServiceCollection
6464
{
6565
services.AddDbContext<UserManagementDbContext>(options =>
6666
{
67-
options.UseNpgsql(configuration.GetConnectionString("database"),
67+
options.UseNpgsql(configuration.GetConnectionString("database"),
6868
npgsqlOptions => npgsqlOptions.MigrationsAssembly("Stickerlandia.UserManagement.Agnostic"));
6969
options.UseOpenIddict();
7070
});
71-
71+
7272
services.AddIdentityCore<PostgresUserAccount>()
7373
.AddEntityFrameworkStores<UserManagementDbContext>()
7474
.AddDefaultTokenProviders();
7575

76+
var enableSsl = true;
77+
78+
if (configuration.GetValue<bool>("DISABLE_SSL")) enableSsl = false;
79+
7680
services.AddCoreAuthentication(options =>
7781
options.UseEntityFrameworkCore()
78-
.UseDbContext<UserManagementDbContext>());
79-
82+
.UseDbContext<UserManagementDbContext>(), enableSsl);
83+
8084
services.AddScoped<IAuthService, MicrosoftIdentityAuthService>();
81-
85+
8286
services.AddScoped<IUsers, PostgresUserRepository>();
8387
services.AddScoped<IOutbox, PostgresUserRepository>();
8488

8589
return services;
8690
}
87-
}
91+
}

user-management/src/Stickerlandia.UserManagement.Auth/AuthServiceExtensions.cs

Lines changed: 33 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,8 @@ namespace Stickerlandia.UserManagement.Auth;
1414

1515
public static class AuthServiceExtensions
1616
{
17-
public static IServiceCollection AddCoreAuthentication(this IServiceCollection services, Action<OpenIddictCoreBuilder> configuration)
17+
public static IServiceCollection AddCoreAuthentication(this IServiceCollection services,
18+
Action<OpenIddictCoreBuilder> configuration, bool enableSsl)
1819
{
1920
services.AddOpenIddict()
2021
.AddCore(configuration)
@@ -34,7 +35,7 @@ public static IServiceCollection AddCoreAuthentication(this IServiceCollection s
3435
.AllowImplicitFlow()
3536
.AllowHybridFlow()
3637
.AllowRefreshTokenFlow();
37-
38+
3839
// Expose all the supported claims in the discovery document.
3940
options.RegisterClaims("email", "issuer", "preferred_username", "profile", "updated_at");
4041

@@ -46,28 +47,36 @@ public static IServiceCollection AddCoreAuthentication(this IServiceCollection s
4647
.AddEphemeralSigningKey();
4748

4849
// Register the ASP.NET Core host and configure the ASP.NET Core options.
49-
options.UseAspNetCore()
50-
.EnableTokenEndpointPassthrough();
51-
52-
options.AddEventHandler<OpenIddictServerEvents.HandleUserInfoRequestContext>(options => options.UseInlineHandler(context =>
53-
{
54-
if (context.Principal.HasScope(OpenIddictConstants.Permissions.Scopes.Profile))
55-
{
56-
context.Profile = context.Principal.GetClaim(OpenIddictConstants.Claims.Profile);
57-
context.PreferredUsername = context.Principal.GetClaim(OpenIddictConstants.Claims.PreferredUsername);
58-
context.Claims[OpenIddictConstants.Claims.UpdatedAt] = long.Parse(
59-
context.Principal.GetClaim(OpenIddictConstants.Claims.UpdatedAt)!,
60-
NumberStyles.Number, CultureInfo.InvariantCulture);
61-
}
62-
63-
if (context.Principal.HasScope(OpenIddictConstants.Scopes.Email))
50+
if (enableSsl)
51+
options.UseAspNetCore()
52+
.EnableTokenEndpointPassthrough();
53+
else
54+
options.UseAspNetCore()
55+
.DisableTransportSecurityRequirement()
56+
.EnableTokenEndpointPassthrough();
57+
58+
59+
options.AddEventHandler<OpenIddictServerEvents.HandleUserInfoRequestContext>(options =>
60+
options.UseInlineHandler(context =>
6461
{
65-
context.Email = context.Principal.GetClaim(OpenIddictConstants.Claims.Email);
66-
context.EmailVerified = false;
67-
}
62+
if (context.Principal.HasScope(OpenIddictConstants.Permissions.Scopes.Profile))
63+
{
64+
context.Profile = context.Principal.GetClaim(OpenIddictConstants.Claims.Profile);
65+
context.PreferredUsername =
66+
context.Principal.GetClaim(OpenIddictConstants.Claims.PreferredUsername);
67+
context.Claims[OpenIddictConstants.Claims.UpdatedAt] = long.Parse(
68+
context.Principal.GetClaim(OpenIddictConstants.Claims.UpdatedAt)!,
69+
NumberStyles.Number, CultureInfo.InvariantCulture);
70+
}
6871

69-
return default;
70-
}));
72+
if (context.Principal.HasScope(OpenIddictConstants.Scopes.Email))
73+
{
74+
context.Email = context.Principal.GetClaim(OpenIddictConstants.Claims.Email);
75+
context.EmailVerified = false;
76+
}
77+
78+
return default;
79+
}));
7180
})
7281
.AddValidation(options =>
7382
{
@@ -81,12 +90,12 @@ public static IServiceCollection AddCoreAuthentication(this IServiceCollection s
8190
// to reject access tokens retrieved from a revoked authorization code.
8291
options.EnableAuthorizationEntryValidation();
8392
});
84-
93+
8594
services.AddAuthentication(options =>
8695
{
8796
options.DefaultScheme = OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme;
8897
});
89-
98+
9099
return services;
91100
}
92101
}

0 commit comments

Comments
 (0)