AgileWebs/Core.Thalos.BuildingBlocks
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revise authentication logic

Browse Source
This commit is contained in:
Sergio Matías
2025-07-25 23:44:07 -06:00
parent 0f7567ec67
commit cbeeebd5a6
49 changed files with 351 additions and 361 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
Core.Thalos.BuildingBlocks/Helpers/AuthHelper.cs
View File

@@ -1,11 +1,12 @@
using Azure.Identity;
using Core.Thalos.Adapters.Common.Constants;
using Core.Blueprint.KeyVault;
using Microsoft.AspNetCore.Builder;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Configuration.AzureAppConfiguration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
namespace Core.Thalos.Adapters.Helpers
namespace Core.Thalos.BuildingBlocks
{
public static class AuthHelper
{
@@ -15,9 +16,16 @@ namespace Core.Thalos.Adapters.Helpers
}).CreateLogger("AuthHelper");
public static AuthSettings GetAuthSettings(WebApplicationBuilder builder, string appConfigLabel)
public static async Task<AuthSettings> GetAuthSettings(this IServiceCollection services, WebApplicationBuilder builder, string appConfigLabel)
{
var environment = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT") ?? string.Empty;
var authSettings = new AuthSettings();
var identityProviders = new IdentityProviders();
builder.Configuration.GetSection("IdentityProviders").Bind(identityProviders);
using var serviceProvider = services.BuildServiceProvider();
var keyVaultProvider = serviceProvider.GetRequiredService<IKeyVaultProvider>();
if (environment != "Local")
{
@@ -39,19 +47,82 @@ namespace Core.Thalos.Adapters.Helpers
});
}
return new AuthSettings
if (identityProviders.Google)
authSettings.Google = await GetGoogleSettings(keyVaultProvider, builder);
if (identityProviders.Azure)
authSettings.Azure = GetAzureSettings(builder);
authSettings.Token = await GetTokenSettings(keyVaultProvider, builder);
return authSettings;
}
private async static ValueTask<TokenAuthSettings> GetTokenSettings(IKeyVaultProvider keyVaultProvider, WebApplicationBuilder builder)
{
var environment = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT") ?? string.Empty;
var tokenSettings = new TokenAuthSettings();
if (environment == "Local")
{
AzureADInstance = builder.Configuration.GetSection(Secrets.AzureADInstance).Value,
AzureADTenantId = builder.Configuration.GetSection(Secrets.AzureADTenantId).Value,
AzureADClientId = builder.Configuration.GetSection(Secrets.AzureADClientId).Value,
AzureADClientSecret = builder.Configuration.GetSection(Secrets.AzureADClientSecret).Value,
tokenSettings.PublicKey = (await keyVaultProvider.GetSecretAsync(Secrets.PublicKey, new CancellationToken { })).Secret.Value;
tokenSettings.PrivateKey = (await keyVaultProvider.GetSecretAsync(Secrets.PrivateKey, new CancellationToken { })).Secret.Value;
tokenSettings.Issuer = (await keyVaultProvider.GetSecretAsync(Secrets.Issuer, new CancellationToken { })).Secret.Value;
tokenSettings.Audience = (await keyVaultProvider.GetSecretAsync(Secrets.Audience, new CancellationToken { })).Secret.Value;
}
else
{
tokenSettings.PrivateKey = builder.Configuration.GetSection(Secrets.PrivateKey).Value;
tokenSettings.PublicKey = builder.Configuration.GetSection(Secrets.PublicKey).Value;
tokenSettings.Issuer = builder.Configuration.GetSection(Secrets.Issuer).Value;
tokenSettings.Audience = builder.Configuration.GetSection(Secrets.Audience).Value;
}
if (string.IsNullOrEmpty(tokenSettings.PrivateKey) || string.IsNullOrEmpty(tokenSettings.PublicKey))
{
logger.LogError("Settings for token creation are missing or incorrectly formatted.");
throw new InvalidOperationException("Invalid public or private key.");
}
return tokenSettings;
}
private static AzureAuthSettings GetAzureSettings(WebApplicationBuilder builder)
{
return new AzureAuthSettings
{
Instance = builder.Configuration.GetSection(Secrets.AzureADInstance).Value,
TenantId = builder.Configuration.GetSection(Secrets.AzureADTenantId).Value,
ClientId = builder.Configuration.GetSection(Secrets.AzureADClientId).Value,
ClientSecret = builder.Configuration.GetSection(Secrets.AzureADClientSecret).Value,
ThalosAppAuthorizationUrl = builder.Configuration.GetSection(Secrets.ThalosAppAuthorizationUrl).Value,
ThalosAppTokenUrl = builder.Configuration.GetSection(Secrets.ThalosAppTokenUrl).Value,
ThalosAppClientId = builder.Configuration.GetSection(Secrets.ThalosAppClientId).Value,
ThalosAppScope = builder.Configuration.GetSection(Secrets.ThalosAppScope).Value,
PrivateKey = builder.Configuration.GetSection(Secrets.PrivateKey).Value,
PublicKey = builder.Configuration.GetSection(Secrets.PublicKey).Value,
};
}
private static async ValueTask<GoogleAuthSettings> GetGoogleSettings(IKeyVaultProvider keyVaultProvider, WebApplicationBuilder builder)
{
var environment = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT");
var googleSettings = new GoogleAuthSettings();
if (environment == "Local")
{
googleSettings.ClientId = (await keyVaultProvider.GetSecretAsync(Secrets.GoogleClientId, new CancellationToken { })).Secret.Value; ;
googleSettings.ClientSecret = (await keyVaultProvider.GetSecretAsync(Secrets.GoogleClientSecret, new CancellationToken { })).Secret.Value;
googleSettings.RedirectUri = (await keyVaultProvider.GetSecretAsync(Secrets.GoogleRedirectUri, new CancellationToken { })).Secret.Value;
}
else
{
googleSettings.ClientId = builder.Configuration.GetSection(Secrets.GoogleClientId).Value;
googleSettings.ClientSecret = builder.Configuration.GetSection(Secrets.GoogleClientSecret).Value;
googleSettings.RedirectUri = builder.Configuration.GetSection(Secrets.GoogleRedirectUri).Value;
}
return googleSettings;
}
}
}