Configura authentication and authorization

2025-07-15 14:04:07 -06:00
14 changed files with 121 additions and 343 deletions
--- a/Core.Thalos.BFF.Api/Controllers/AuthenticationController.cs
+++ b/Core.Thalos.BFF.Api/Controllers/AuthenticationController.cs
@@ -3,16 +3,11 @@ using Core.Thalos.Adapters;
 using Core.Thalos.Adapters.Common.Constants;
 using Core.Thalos.Adapters.Contracts;
 using Core.Thalos.Application.UseCases.Users.Input;
-using Core.Thalos.BFF.Api.Services;
+using Core.Thalos.BuildingBlocks.Authentication.Authorization.Google;
 using Core.Thalos.External.Clients.Thalos.Requests.Users;
 using Google.Apis.Auth.OAuth2;
 using LSA.Dashboard.External.Clients.Dashboard;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Graph;
 using Newtonsoft.Json.Linq;
 using System.Reflection;
 using System.Text.Json;
 namespace Core.Thalos.BFF.Api.Controllers
 {
@@ -25,10 +20,10 @@ namespace Core.Thalos.BFF.Api.Controllers
    [Consumes(MimeTypes.ApplicationJson)]
    [ApiController]
    public class AuthenticationController(
-        IThalosServiceClient thalosServiceClient, 
+    IThalosServiceClient thalosServiceClient,
-        ILogger<AuthenticationController> logger, 
+    ILogger<AuthenticationController> logger,
-        ITokenService tokenService,
+    ITokenService tokenService,
-        IGoogleAuthorization googleAuthorization) : BaseController(logger)
+    IGoogleAuthorization googleAuthorization) : BaseController(logger)
    {
        [HttpGet]
        public IActionResult Authorize() => Ok(googleAuthorization.GetAuthorizationUrl());
@@ -38,9 +33,8 @@ namespace Core.Thalos.BFF.Api.Controllers
        {
            var userCredential = await googleAuthorization.ExchangeCodeForToken(code);
-            return Ok(new Token(userCredential!.Token.IdToken));
+            return Ok(new { Token = userCredential!.Token.IdToken });
        }
        /// <summary>
        /// Get token for user.
        /// </summary>
@@ -51,7 +45,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [HttpGet]
        [Route(Routes.GenerateToken)]
        [ProducesResponseType(typeof(UserAdapter), StatusCodes.Status200OK)]
-        [Authorize]
+        [Authorize(AuthenticationSchemes = Schemes.GoogleScheme)]
        public async Task<IActionResult> GenerateTokenService(CancellationToken cancellationToken)
        {
            try
--- a/Core.Thalos.BFF.Api/Controllers/ModuleController.cs
+++ b/Core.Thalos.BFF.Api/Controllers/ModuleController.cs
@@ -2,7 +2,6 @@
 using Core.Thalos.Adapters;
 using Core.Thalos.Adapters.Attributes;
 using Core.Thalos.Adapters.Common.Constants;
 using Core.Thalos.BFF.Api.Services;
 using Core.Thalos.External.Clients.Thalos.Requests.Permissions;
 using Lib.Architecture.BuildingBlocks;
 using LSA.Dashboard.External.Clients.Dashboard;
@@ -20,7 +19,7 @@ namespace Core.Thalos.BFF.Api.Controllers
    [Consumes("application/json")]
    [Produces("application/json")]
    [ApiController]
-    //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
+    [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
    public class ModuleController(IThalosServiceClient thalosServiceClient, ILogger<ModuleController> logger) : BaseController(logger)
    {
        /// <summary>
@@ -33,8 +32,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        [Authorize(AuthenticationSchemes = Constant.Scheme)]
+        [Permission("ModuleManagement.Read, RoleManagement.Read")]
        //[Permission("ModuleManagement.Read, RoleManagement.Read")]
        public async Task<IActionResult> GetAllModulesService(CancellationToken cancellationToken)
        {
            try
@@ -67,8 +65,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(StatusCodes.Status400BadRequest)]
        [ProducesResponseType(StatusCodes.Status401Unauthorized)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        [AllowAnonymous]
+        [Permission("ModuleManagement.Read")]
        //[Permission("ModuleManagement.Read")]
        public async Task<IActionResult> GetAllModulesByListAsync([FromBody] GetAllModulesByListRequest request, CancellationToken cancellationToken)
        {
            try
@@ -101,8 +98,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        [AllowAnonymous]
+        [Permission("ModuleManagement.Write")]
        //[Permission("ModuleManagement.Write")]
        public async Task<IActionResult> CreateModuleService(CreateModuleRequest newModule, CancellationToken cancellationToken)
        {
            try
@@ -136,7 +132,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Permission("ModuleManagement.Read")]
+        [Permission("ModuleManagement.Read")]
        public async Task<IActionResult> GetModuleByIdService(GetModuleRequest request, CancellationToken cancellationToken)
        {
            try
@@ -164,7 +160,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Permission("ModuleManagement.Write")]
+        [Permission("ModuleManagement.Write")]
        public async Task<IActionResult> UpdateModuleService(UpdateModuleRequest newModule, CancellationToken cancellationToken)
        {
            try
@@ -200,7 +196,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Permission("ModuleManagement.Write")]
+        [Permission("ModuleManagement.Write")]
        public async Task<IActionResult> ChangeModuleStatusService([FromBody] ChangeModuleStatusRequest request, CancellationToken cancellationToken)
        {
            try
--- a/Core.Thalos.BFF.Api/Controllers/PermissionController.cs
+++ b/Core.Thalos.BFF.Api/Controllers/PermissionController.cs
@@ -20,7 +20,7 @@ namespace Core.Thalos.BFF.Api.Controllers
    [Consumes("application/json")]
    [Produces("application/json")]
    [ApiController]
-    //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
+    [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
    public class PermissionController(IThalosServiceClient thalosServiceClient, ILogger<PermissionController> logger) : BaseController(logger)
    {
        /// <summary>
@@ -33,7 +33,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        ////[Permission("PermissionManagement.Read, RoleManagement.Read")]
+        [Permission("PermissionManagement.Read, RoleManagement.Read")]
        public async Task<IActionResult> GetAllPermissionsService(CancellationToken cancellationToken)
        {
            try
@@ -66,7 +66,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(StatusCodes.Status400BadRequest)]
        [ProducesResponseType(StatusCodes.Status401Unauthorized)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Permission("PermissionManagement.Read")]
+        [Permission("PermissionManagement.Read")]
        public async Task<IActionResult> GetAllPermissionsByListAsync([FromBody] GetAllPermissionsByListRequest request, CancellationToken cancellationToken)
        {
            try
@@ -99,7 +99,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Permission("PermissionManagement.Write")]
+        [Permission("PermissionManagement.Write")]
        public async Task<IActionResult> CreatePermissionService(CreatePermissionRequest newPermission, CancellationToken cancellationToken)
        {
            try
@@ -131,7 +131,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Permission("PermissionManagement.Read")]
+        [Permission("PermissionManagement.Read")]
        public async Task<IActionResult> GetPermissionByIdService(GetPermissionRequest request, CancellationToken cancellationToken)
        {
            try
@@ -159,7 +159,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Permission("PermissionManagement.Write")]
+        [Permission("PermissionManagement.Write")]
        public async Task<IActionResult> UpdatePermissionService(UpdatePermissionRequest newPermission, CancellationToken cancellationToken)
        {
            try
@@ -193,7 +193,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Permission("PermissionManagement.Write")]
+        [Permission("PermissionManagement.Write")]
        public async Task<IActionResult> ChangePermissionStatusService([FromBody] ChangePermissionStatusRequest request, CancellationToken cancellationToken)
        {
            try
--- a/Core.Thalos.BFF.Api/Controllers/RoleController.cs
+++ b/Core.Thalos.BFF.Api/Controllers/RoleController.cs
@@ -18,7 +18,7 @@ namespace Core.Thalos.BFF.Api.Controllers
    [Consumes("application/json")]
    [Produces("application/json")]
    [ApiController]
-    //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
+    [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
    public class RoleController(IThalosServiceClient thalosServiceClient, ILogger<RoleController> logger) : BaseController(logger)
    {
        /// <summary>
--- a/Core.Thalos.BFF.Api/Controllers/UserController.cs
+++ b/Core.Thalos.BFF.Api/Controllers/UserController.cs
@@ -31,8 +31,8 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
+        [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
-        //[Permission("UserManagement.Read")]
+        [Permission("UserManagement.Read")]
        public async Task<IActionResult> GetAllUsersService(CancellationToken cancellationToken)
        {
            try
@@ -58,8 +58,8 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
+        [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
-        //[Permission("UserManagement.Write")]
+        [Permission("UserManagement.Write")]
        public async Task<IActionResult> CreateUserService(CreateUserRequest newUser, CancellationToken cancellationToken)
        {
            try
@@ -97,8 +97,8 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
+        [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
-        //[Permission("UserManagement.Read")]
+        [Permission("UserManagement.Read")]
        public async Task<IActionResult> GetUserByIdService(GetUserRequest request, CancellationToken cancellationToken)
        {
            try
@@ -126,8 +126,8 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
+        [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
-        //[Permission("UserManagement.Read")]
+        [Permission("UserManagement.Read")]
        public async Task<IActionResult> GetUserByEmailService(GetUserByEmailRequest request, CancellationToken cancellationToken)
        {
            try
@@ -155,8 +155,8 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
+        [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
-        //[Permission("UserManagement.Write")]
+        [Permission("UserManagement.Write")]
        public async Task<IActionResult> UpdateUserService(UpdateUserRequest request, CancellationToken cancellationToken)
        {
            try
@@ -194,7 +194,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Authorize(AuthenticationSchemes = $"{Schemes.AzureScheme}, {Schemes.DefaultScheme}")]
+        [Authorize(AuthenticationSchemes = $"{Schemes.GoogleScheme}, {Schemes.DefaultScheme}")]
        public async Task<IActionResult> LoginUserService([FromBody] LoginUserRequest request, CancellationToken cancellationToken)
        {
            try
@@ -222,7 +222,7 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Authorize(AuthenticationSchemes = $"{Schemes.AzureScheme}, {Schemes.DefaultScheme}")]
+        [Authorize(AuthenticationSchemes = $"{Schemes.GoogleScheme}, {Schemes.DefaultScheme}")]
        public async Task<IActionResult> LogoutUserService([FromBody] LogoutUserRequest request, CancellationToken cancellationToken)
        {
            try
@@ -252,8 +252,8 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
+        [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
-        //[Permission("UserManagement.Write")]
+        [Permission("UserManagement.Write")]
        public async Task<IActionResult> ChangeUserStatusService([FromBody] ChangeUserStatusRequest request, CancellationToken cancellationToken)
        {
            try
@@ -283,8 +283,8 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
+        [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
-        //[Permission("UserManagement.Write")]
+        [Permission("UserManagement.Write")]
        public async Task<IActionResult> AddCompanyToUserService([FromBody] AddCompanyToUserRequest request, CancellationToken cancellationToken)
        {
            try
@@ -315,8 +315,8 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
+        [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
-        //[Permission("UserManagement.Write")]
+        [Permission("UserManagement.Write")]
        public async Task<IActionResult> RemoveCompanyFromUserService([FromBody] RemoveCompanyFromUserRequest request, CancellationToken cancellationToken)
        {
            try
@@ -347,8 +347,8 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
+        [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
-        //[Permission("UserManagement.Write")]
+        [Permission("UserManagement.Write")]
        public async Task<IActionResult> AddProjectToUserService([FromBody] AddProjectToUserRequest request, CancellationToken cancellationToken)
        {
@@ -380,8 +380,8 @@ namespace Core.Thalos.BFF.Api.Controllers
        [ProducesResponseType(typeof(Notification), StatusCodes.Status412PreconditionFailed)]
        [ProducesResponseType(typeof(Notification), StatusCodes.Status422UnprocessableEntity)]
        [ProducesResponseType(StatusCodes.Status500InternalServerError)]
-        //[Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
+        [Authorize(AuthenticationSchemes = Schemes.DefaultScheme)]
-        //[Permission("UserManagement.Write")]
+        [Permission("UserManagement.Write")]
        public async Task<IActionResult> RemoveProjectFromUserService([FromBody] RemoveProjectFromUserRequest request, CancellationToken cancellationToken)
        {
            try
--- a/Core.Thalos.BFF.Api/Core.Thalos.BFF.Api.csproj
+++ b/Core.Thalos.BFF.Api/Core.Thalos.BFF.Api.csproj
@@ -10,12 +10,6 @@
  <ItemGroup>
    <PackageReference Include="Asp.Versioning.Mvc" Version="8.1.0" />
    <PackageReference Include="Core.Blueprint.Logging" Version="1.0.0" />
    <PackageReference Include="Google.Apis.Auth" Version="1.70.0" />
    <PackageReference Include="Google.Apis.Oauth2.v2" Version="1.68.0.1869" />
    <PackageReference Include="Google.Protobuf" Version="3.31.1" />
    <PackageReference Include="Microsoft.AspNetCore.Authentication.Google" Version="8.0.17" />
    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.17" />
    <PackageReference Include="Swashbuckle.AspNetCore" Version="8.1.4" />
  </ItemGroup>
  <ItemGroup>
--- a/Core.Thalos.BFF.Api/Program.cs
+++ b/Core.Thalos.BFF.Api/Program.cs
@@ -1,192 +1,131 @@
 using Asp.Versioning;
 using Azure.Identity;
 using Core.Blueprint.Logging.Configuration;
 using Core.Thalos.Adapters.Contracts;
 using Core.Thalos.Adapters.Extensions;
 using Core.Thalos.Adapters.Services;
-using Core.Thalos.BFF.Api.Services;
+using Core.Thalos.BuildingBlocks.Authentication.Extensions;
 using Core.Thalos.External.ClientConfiguration;
 using Google.Protobuf.WellKnownTypes;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
 using Microsoft.AspNetCore.ResponseCompression;
 using Microsoft.Extensions.Configuration.AzureAppConfiguration;
 using Microsoft.IdentityModel.Tokens;
 using Microsoft.OpenApi.Any;
 using Microsoft.OpenApi.Interfaces;
 using Microsoft.OpenApi.Models;
 using OpenTelemetry.Logs;
 using OpenTelemetry.Resources;
 using Swashbuckle.AspNetCore.SwaggerUI;
 using System.IO.Compression;
 using System.Reflection;
 using System.Security.Claims;
 var builder = WebApplication.CreateBuilder(args);
 builder.Services.ConfigureAuthentication(builder.Configuration);
 builder.Services.AddEndpointsApiExplorer();
 builder.Configuration
    .AddUserSecrets(Assembly.GetExecutingAssembly())
    .AddEnvironmentVariables();
 // 🔑 Google Auth config
 var googleClientId = builder.Configuration["Authentication:Google:ClientId"];
 var googleClientSecret = builder.Configuration["Authentication:Google:ClientSecret"];
 var redirectUri = builder.Configuration["Authentication:Google:RedirectUri"];
 // 🧩 Authentication
 builder.Services.AddAuthentication(options =>
 {
    options.DefaultAuthenticateScheme = Constant.Scheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
 })
 .AddScheme<AuthenticationSchemeOptions,
 GoogleAccessTokenAuthenticationHandler>(Constant.Scheme, null)
 .AddGoogle(options =>
 {
    options.ClientId = googleClientId!;
    options.ClientSecret = googleClientSecret!;
    //options.SaveTokens = true;
    options.CallbackPath = $"/{redirectUri}";
 });
 builder.Services.AddAuthorization();
 builder.Services.AddScoped<IGoogleAuthHelper, GoogleAuthHelperService>();
 builder.Services.AddScoped<IGoogleAuthorization, GoogleAuthorizationService>();
 builder.Services.AddEndpointsApiExplorer();
 // 🧩 Swagger + OAuth2
 builder.Services.AddSwaggerGen(opts =>
 {
    const string schemeName = "oauth2";
    opts.SwaggerDoc("v1",
        new OpenApiInfo { Title = "Core.Thalos.BFF", Version = "v1" });
    opts.AddSecurityDefinition(schemeName, new OpenApiSecurityScheme
    {
        Type = SecuritySchemeType.OAuth2,
        Scheme = "bearer",              // tells Swagger-UI to build an Authorization header
        BearerFormat = "JWT",
        Name = "Authorization",
        In = ParameterLocation.Header,
        /* ⚠️  The key line – tell Swagger-UI to pick id_token instead of access_token */
        Extensions = new Dictionary<string, IOpenApiExtension>
        {
            ["x-tokenName"] = new OpenApiString("id_token")
        },
        Flows = new OpenApiOAuthFlows
        {
            AuthorizationCode = new OpenApiOAuthFlow
            {
                AuthorizationUrl = new Uri("https://accounts.google.com/o/oauth2/v2/auth"),
                TokenUrl = new Uri("https://oauth2.googleapis.com/token"),
                Scopes = new Dictionary<string, string>
                {
                    { "openid",  "OpenID Connect" },
                    { "email",   "Access email"   },
                    { "profile", "Access profile" }
                }
            }
        }
    });
    // every operation requires the scheme
    opts.AddSecurityRequirement(new OpenApiSecurityRequirement
    {
        [new OpenApiSecurityScheme
        {
            Reference = new OpenApiReference
            { Type = ReferenceType.SecurityScheme, Id = schemeName }
        }
        ] = new[] { "openid", "email", "profile" }
    });
 });
 // 🎯 Existing configs (unchanged)
 builder.Services.AddResponseCompression();
 builder.Services.AddProblemDetails();
 builder.Services.AddLogs(builder);
 builder.Services.AddMemoryCache();
-builder.Services.AddResponseCaching(options => { options.UseCaseSensitivePaths = true; });
+builder.Services.AddResponseCaching(configureOptions => { configureOptions.UseCaseSensitivePaths = true; });
-
+builder.Logging.AddOpenTelemetry(options =>
 builder.Logging.AddOpenTelemetry(logging =>
 {
-    logging.IncludeScopes = true;
+    options.IncludeScopes = true;
-    logging.SetResourceBuilder(ResourceBuilder.CreateDefault().AddService("core.thalos.bff.api"))
+    options.SetResourceBuilder(ResourceBuilder.CreateDefault().AddService("core.thalos.bff.api")).AddConsoleExporter();
           .AddConsoleExporter();
 });
 builder.Host.ConfigureServices((context, services) =>
 {
-    services.AddHsts(options =>
+    builder.Services.AddHsts(options =>
    {
        options.Preload = true;
        options.IncludeSubDomains = true;
        options.MaxAge = TimeSpan.FromDays(60);
    });
    builder.Services.AddResponseCaching(configureOptions =>
    {
        configureOptions.UseCaseSensitivePaths = true;
        configureOptions.MaximumBodySize = 2048;
    });
    builder.Services.AddHttpsRedirection(options =>
    {
        options.RedirectStatusCode = 308;
    });
-    services.AddHttpsRedirection(options => { options.RedirectStatusCode = 308; });
+    services.AddHttpLogging(http =>
    {
        http.CombineLogs = true;
    });
    services.AddAntiforgery();
    services.AddHttpLogging(http => http.CombineLogs = true);
    services.AddCors(options => options.AddPolicy("AllowAll", policy => policy.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod()));
-    services.AddMvc().AddJsonOptions(opt =>
+    services.AddCors(options =>
    {
-        opt.JsonSerializerOptions.WriteIndented = true;
+        options.AddPolicy("AllowAll", policyBuilder =>
-        opt.JsonSerializerOptions.MaxDepth = 20;
+            policyBuilder.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod());
        opt.JsonSerializerOptions.NumberHandling = System.Text.Json.Serialization.JsonNumberHandling.AllowNamedFloatingPointLiterals;
    });
-
+    services.AddMvc().AddJsonOptions(options =>
    services.Configure<BrotliCompressionProviderOptions>(opt => opt.Level = CompressionLevel.SmallestSize);
    services.Configure<GzipCompressionProviderOptions>(opt => opt.Level = CompressionLevel.SmallestSize);
    services.AddResponseCompression(opt =>
    {
-        opt.EnableForHttps = true;
+        options.JsonSerializerOptions.WriteIndented = true;
-        opt.Providers.Add<BrotliCompressionProvider>();
+        options.JsonSerializerOptions.MaxDepth = 20;
-        opt.Providers.Add<GzipCompressionProvider>();
+        options.JsonSerializerOptions.NumberHandling = System.Text.Json.Serialization.JsonNumberHandling.AllowNamedFloatingPointLiterals;
    });
-
+    services.Configure<BrotliCompressionProviderOptions>(options =>
    {
        options.Level = CompressionLevel.SmallestSize;
    });
    services.Configure<GzipCompressionProviderOptions>(options =>
    {
        options.Level = CompressionLevel.SmallestSize;
    });
    services.AddResponseCompression(options =>
    {
        options.EnableForHttps = true;
        options.Providers.Add<BrotliCompressionProvider>();
        options.Providers.Add<GzipCompressionProvider>();
    });
    services.AddResponseCaching();
    services.AddControllers();
    services.AddEndpointsApiExplorer();
    services.AddSwaggerGen(builder.Configuration);
    services.AddLogging();
    services.AddProblemDetails();
    services.AddHttpContextAccessor();
-    services.AddTransient<TrackingMechanismExtension>();
+    services.AddTransient<TrackingMechanismExtension>(); // Register the TrackingIdHandler
    services.RegisterExternalLayer(builder.Configuration);
    services.AddApiVersioning(options => options.ReportApiVersions = true)
-           .AddApiExplorer(opt =>
+                   .AddApiExplorer(options =>
-           {
+                   {
-               opt.GroupNameFormat = "'v'VVV";
+                       options.GroupNameFormat = "'v'VVV";
-               opt.SubstituteApiVersionInUrl = true;
+                       options.SubstituteApiVersionInUrl = true;
-           });
+                   });
 });
 builder.Services.AddCors(options =>
 {
    options.AddDefaultPolicy(
        builder =>
        {
            builder.AllowAnyOrigin()
                                .AllowAnyHeader()
                                .AllowAnyMethod();
        });
 });
 builder.Services.AddScoped<ITokenService, TokenService>();
 //*************************************************************************//
 var app = builder.Build();
 app.UseDeveloperExceptionPage();
 app.UseCors(options => options.AllowAnyHeader().AllowAnyMethod().AllowAnyOrigin());
 app.UseSwagger();
 app.UseCors(options => options.AllowAnyOrigin().AllowAnyHeader().AllowAnyMethod().WithOrigins("https://localhost:7239"));
 app.UseSwaggerUI(options =>
 {
-    foreach (var version in app.DescribeApiVersions().Select(v => v.GroupName))
+    foreach (var version in app.DescribeApiVersions().Select(version => version.GroupName))
        options.SwaggerEndpoint($"/swagger/{version}/swagger.json", version);
    options.DisplayRequestDuration();
    options.EnableTryItOutByDefault();
    options.DocExpansion(DocExpansion.None);
    options.OAuthClientId(googleClientId);
    options.OAuthClientSecret(googleClientSecret);
    options.OAuthUsePkce();
    options.OAuthScopes("openid", "email", "profile");
 });
 app.UseResponseCompression();
 app.UseResponseCaching();
 app.UseHttpsRedirection();
@@ -197,4 +136,5 @@ app.MapControllers();
 app.UseHsts();
 app.UseAntiforgery();
 app.UseLogging(builder.Configuration);
-app.Run();
+
 app.Run();
--- a/Core.Thalos.BFF.Api/Services/Constant.cs
+++ b/Core.Thalos.BFF.Api/Services/Constant.cs
@@ -1,7 +0,0 @@
 namespace Core.Thalos.BFF.Api.Services
 {
    public static class Constant
    {
        public const string Scheme = "GoogleAccessToken";
    }
 }
--- a/Core.Thalos.BFF.Api/Services/GoogleAccessTokenAuthenticationHandler.cs
+++ b/Core.Thalos.BFF.Api/Services/GoogleAccessTokenAuthenticationHandler.cs
@@ -1,61 +0,0 @@
 using Google.Apis.Auth;
 using Google.Apis.Auth.OAuth2.Flows;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.Extensions.Options;
 using System.Security.Claims;
 using System.Text.Encodings.Web;
 namespace Core.Thalos.BFF.Api.Services
 {
    public class GoogleAccessTokenAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options,
         ILoggerFactory logger,
         UrlEncoder encoder,
         IConfiguration config) : AuthenticationHandler<AuthenticationSchemeOptions>(options, logger, encoder)
    {
        protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
        {
            if (!Request.Headers.ContainsKey("Authorization"))
                return AuthenticateResult.Fail("Missing Authorization header");
            var authHeader = Request.Headers.Authorization.ToString();
            if (!authHeader.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
                return AuthenticateResult.Fail("Invalid Authorization header");
            var idToken = authHeader["Bearer ".Length..].Trim();
            GoogleJsonWebSignature.Payload payload;
            try
            {
                payload = await GoogleJsonWebSignature.ValidateAsync(
                    idToken,
                    new GoogleJsonWebSignature.ValidationSettings
                    {
                        Audience = new[] { config["Authentication:Google:ClientId"]! }
                    });
            }
            catch (InvalidJwtException)
            {
                return AuthenticateResult.Fail("Invalid Google token");
            }
            var claims = new List<Claim>
            {
                new Claim(ClaimTypes.NameIdentifier, payload.Subject),
                new Claim(ClaimTypes.Email,          payload.Email),
                new Claim(ClaimTypes.Name,           payload.Name ?? "")
            };
            var identity = new ClaimsIdentity(claims, Constant.Scheme);
            var principal = new ClaimsPrincipal(identity);
            var userEmail = principal.FindFirst(ClaimTypes.Email)?.Value;
            if (string.IsNullOrEmpty(userEmail) || 
                !userEmail.EndsWith("@agilewebs.com", StringComparison.OrdinalIgnoreCase))
                return AuthenticateResult.Fail("Unauthorized Access");
            var ticket = new AuthenticationTicket(principal, Constant.Scheme);
            return AuthenticateResult.Success(ticket);
        }
    }
 }
--- a/Core.Thalos.BFF.Api/Services/IGoogleAuthHelper.cs
+++ b/Core.Thalos.BFF.Api/Services/IGoogleAuthHelper.cs
@@ -1,37 +0,0 @@
 using Google.Apis.Auth.OAuth2;
 using Google.Apis.Oauth2.v2;
 namespace Core.Thalos.BFF.Api.Services
 {
    public interface IGoogleAuthHelper
    {
        string[] GetScopes();
        string ScopeToString();
        ClientSecrets GetClientSecrets();
    }
    public class GoogleAuthHelperService(IConfiguration config) : IGoogleAuthHelper
    {
        public ClientSecrets GetClientSecrets()
        {
            string clientId = config["Authentication:Google:ClientId"]!;
            string clientSecret = config["Authentication:Google:ClientSecret"]!;
            return new() { ClientId = clientId, ClientSecret = clientSecret };
        }
        public string[] GetScopes()
        {
            var scopes = new[]
            {
                Oauth2Service.Scope.Openid,
                Oauth2Service.Scope.UserinfoEmail,
                Oauth2Service.Scope.UserinfoProfile
            };
            return scopes;
        }
        public string ScopeToString() => string.Join(", ", GetScopes());
    }
 }
--- a/Core.Thalos.BFF.Api/Services/IGoogleAuthorization.cs
+++ b/Core.Thalos.BFF.Api/Services/IGoogleAuthorization.cs
@@ -1,42 +0,0 @@
 using Google.Apis.Auth.OAuth2;
 using Google.Apis.Auth.OAuth2.Flows;
 namespace Core.Thalos.BFF.Api.Services
 {
    public interface IGoogleAuthorization
    {
        string GetAuthorizationUrl();
        Task<UserCredential> ExchangeCodeForToken(string code);
    }
    public class GoogleAuthorizationService(
        IGoogleAuthHelper googleHelper, IConfiguration config) : IGoogleAuthorization
    {
        private string RedirectUrl = config["Authentication:Google:RedirectUri"]!;
        public async Task<UserCredential> ExchangeCodeForToken(string code)
        {
            var flow = new GoogleAuthorizationCodeFlow(
                new GoogleAuthorizationCodeFlow.Initializer
                {
                    ClientSecrets = googleHelper.GetClientSecrets(),
                    Scopes = googleHelper.GetScopes()
                });
            var token = await flow.ExchangeCodeForTokenAsync(
                "user", code, RedirectUrl, CancellationToken.None);
            return new UserCredential(flow, "user", token);
        }
        public string GetAuthorizationUrl() =>
            new GoogleAuthorizationCodeFlow(
                new GoogleAuthorizationCodeFlow.Initializer
                {
                    ClientSecrets = googleHelper.GetClientSecrets(),
                    Scopes = googleHelper.GetScopes(),
                    Prompt = "consent"
                }).CreateAuthorizationCodeRequest(RedirectUrl).Build().ToString();
    }
 }
--- a/Core.Thalos.BFF.Api/Services/Token.cs
+++ b/Core.Thalos.BFF.Api/Services/Token.cs
@@ -1,4 +0,0 @@
 namespace Core.Thalos.BFF.Api.Services
 {
    public record Token(string IdToken);
 }
--- a/Core.Thalos.BFF.Api/appsettings.Local.json
+++ b/Core.Thalos.BFF.Api/appsettings.Local.json
@@ -15,6 +15,11 @@
      "ApplicationName": "Thalos",
      "RedirectUri": "https://localhost:7239/api/v1/Authentication/callback"
    }
-  }
+  },
  "JwtIssuerOptions": {
    "Audience": "https://localhost:7239/",
    "Issuer": "webApi"
  },
  "SecretKey": "iNivDmHLpUA223sqsfhqGbMRdRj1PVkH1"
 }
--- a/Core.Thalos.External/Core.Thalos.External.csproj
+++ b/Core.Thalos.External/Core.Thalos.External.csproj
@@ -7,7 +7,7 @@
  </PropertyGroup>
  <ItemGroup>
-    <PackageReference Include="Core.Thalos.BuildingBlocks" Version="1.0.2" />
+    <PackageReference Include="Core.Thalos.BuildingBlocks" Version="1.0.5" />
    <PackageReference Include="Lib.Architecture.BuildingBlocks" Version="1.0.0" />
    <PackageReference Include="Refit" Version="8.0.0" />
  </ItemGroup>