@@ -14,7 +14,8 @@ namespace Stickerlandia.UserManagement.Auth;
1414
1515public static class AuthServiceExtensions
1616{
17- public static IServiceCollection AddCoreAuthentication ( this IServiceCollection services , Action < OpenIddictCoreBuilder > configuration )
17+ public static IServiceCollection AddCoreAuthentication ( this IServiceCollection services ,
18+ Action < OpenIddictCoreBuilder > configuration , bool enableSsl )
1819 {
1920 services . AddOpenIddict ( )
2021 . AddCore ( configuration )
@@ -34,7 +35,7 @@ public static IServiceCollection AddCoreAuthentication(this IServiceCollection s
3435 . AllowImplicitFlow ( )
3536 . AllowHybridFlow ( )
3637 . AllowRefreshTokenFlow ( ) ;
37-
38+
3839 // Expose all the supported claims in the discovery document.
3940 options . RegisterClaims ( "email" , "issuer" , "preferred_username" , "profile" , "updated_at" ) ;
4041
@@ -46,28 +47,36 @@ public static IServiceCollection AddCoreAuthentication(this IServiceCollection s
4647 . AddEphemeralSigningKey ( ) ;
4748
4849 // Register the ASP.NET Core host and configure the ASP.NET Core options.
49- options . UseAspNetCore ( )
50- . EnableTokenEndpointPassthrough ( ) ;
51-
52- options . AddEventHandler < OpenIddictServerEvents . HandleUserInfoRequestContext > ( options => options . UseInlineHandler ( context =>
53- {
54- if ( context . Principal . HasScope ( OpenIddictConstants . Permissions . Scopes . Profile ) )
55- {
56- context . Profile = context . Principal . GetClaim ( OpenIddictConstants . Claims . Profile ) ;
57- context . PreferredUsername = context . Principal . GetClaim ( OpenIddictConstants . Claims . PreferredUsername ) ;
58- context . Claims [ OpenIddictConstants . Claims . UpdatedAt ] = long . Parse (
59- context . Principal . GetClaim ( OpenIddictConstants . Claims . UpdatedAt ) ! ,
60- NumberStyles . Number , CultureInfo . InvariantCulture ) ;
61- }
62-
63- if ( context . Principal . HasScope ( OpenIddictConstants . Scopes . Email ) )
50+ if ( enableSsl )
51+ options . UseAspNetCore ( )
52+ . EnableTokenEndpointPassthrough ( ) ;
53+ else
54+ options . UseAspNetCore ( )
55+ . DisableTransportSecurityRequirement ( )
56+ . EnableTokenEndpointPassthrough ( ) ;
57+
58+
59+ options . AddEventHandler < OpenIddictServerEvents . HandleUserInfoRequestContext > ( options =>
60+ options . UseInlineHandler ( context =>
6461 {
65- context . Email = context . Principal . GetClaim ( OpenIddictConstants . Claims . Email ) ;
66- context . EmailVerified = false ;
67- }
62+ if ( context . Principal . HasScope ( OpenIddictConstants . Permissions . Scopes . Profile ) )
63+ {
64+ context . Profile = context . Principal . GetClaim ( OpenIddictConstants . Claims . Profile ) ;
65+ context . PreferredUsername =
66+ context . Principal . GetClaim ( OpenIddictConstants . Claims . PreferredUsername ) ;
67+ context . Claims [ OpenIddictConstants . Claims . UpdatedAt ] = long . Parse (
68+ context . Principal . GetClaim ( OpenIddictConstants . Claims . UpdatedAt ) ! ,
69+ NumberStyles . Number , CultureInfo . InvariantCulture ) ;
70+ }
6871
69- return default ;
70- } ) ) ;
72+ if ( context . Principal . HasScope ( OpenIddictConstants . Scopes . Email ) )
73+ {
74+ context . Email = context . Principal . GetClaim ( OpenIddictConstants . Claims . Email ) ;
75+ context . EmailVerified = false ;
76+ }
77+
78+ return default ;
79+ } ) ) ;
7180 } )
7281 . AddValidation ( options =>
7382 {
@@ -81,12 +90,12 @@ public static IServiceCollection AddCoreAuthentication(this IServiceCollection s
8190 // to reject access tokens retrieved from a revoked authorization code.
8291 options . EnableAuthorizationEntryValidation ( ) ;
8392 } ) ;
84-
93+
8594 services . AddAuthentication ( options =>
8695 {
8796 options . DefaultScheme = OpenIddictValidationAspNetCoreDefaults . AuthenticationScheme ;
8897 } ) ;
89-
98+
9099 return services ;
91100 }
92101}
0 commit comments