129 lines
6.2 KiB
C#
129 lines
6.2 KiB
C#
using Azure.Identity;
|
|
using Core.Blueprint.KeyVault;
|
|
using Microsoft.AspNetCore.Builder;
|
|
using Microsoft.Extensions.Configuration;
|
|
using Microsoft.Extensions.Configuration.AzureAppConfiguration;
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
using Microsoft.Extensions.Logging;
|
|
|
|
namespace Core.Thalos.BuildingBlocks
|
|
{
|
|
public static class AuthHelper
|
|
{
|
|
private static readonly ILogger logger = LoggerFactory.Create(builder =>
|
|
{
|
|
builder.AddConsole();
|
|
}).CreateLogger("AuthHelper");
|
|
|
|
|
|
public static async Task<AuthSettings> GetAuthSettings(this IServiceCollection services, WebApplicationBuilder builder, string appConfigLabel)
|
|
{
|
|
var environment = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT") ?? string.Empty;
|
|
var authSettings = new AuthSettings();
|
|
|
|
var identityProviders = new IdentityProviders();
|
|
builder.Configuration.GetSection("IdentityProviders").Bind(identityProviders);
|
|
|
|
using var serviceProvider = services.BuildServiceProvider();
|
|
var keyVaultProvider = serviceProvider.GetRequiredService<IKeyVaultProvider>();
|
|
|
|
if (environment != "Local")
|
|
{
|
|
builder.Configuration.AddAzureAppConfiguration(options =>
|
|
{
|
|
var endpoint = builder.Configuration.GetSection("Endpoints:AppConfigurationURI").Value;
|
|
|
|
if (string.IsNullOrEmpty(endpoint))
|
|
throw new ArgumentException("The app configuration is missing");
|
|
|
|
options.Connect(new Uri(endpoint), new DefaultAzureCredential())
|
|
.Select(KeyFilter.Any, "thalos_common")
|
|
.Select(KeyFilter.Any, appConfigLabel);
|
|
|
|
options.ConfigureKeyVault(keyVaultOptions =>
|
|
{
|
|
keyVaultOptions.SetCredential(new DefaultAzureCredential());
|
|
});
|
|
});
|
|
}
|
|
|
|
if (identityProviders.Google)
|
|
authSettings.Google = await GetGoogleSettings(keyVaultProvider, builder);
|
|
|
|
if (identityProviders.Azure)
|
|
authSettings.Azure = GetAzureSettings(builder);
|
|
|
|
authSettings.Token = await GetTokenSettings(keyVaultProvider, builder);
|
|
|
|
return authSettings;
|
|
}
|
|
|
|
private async static ValueTask<TokenAuthSettings> GetTokenSettings(IKeyVaultProvider keyVaultProvider, WebApplicationBuilder builder)
|
|
{
|
|
var environment = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT") ?? string.Empty;
|
|
|
|
var tokenSettings = new TokenAuthSettings();
|
|
|
|
if (environment == "Local")
|
|
{
|
|
tokenSettings.PublicKey = (await keyVaultProvider.GetSecretAsync(Secrets.PublicKey, new CancellationToken { })).Secret.Value;
|
|
tokenSettings.PrivateKey = (await keyVaultProvider.GetSecretAsync(Secrets.PrivateKey, new CancellationToken { })).Secret.Value;
|
|
tokenSettings.Issuer = (await keyVaultProvider.GetSecretAsync(Secrets.Issuer, new CancellationToken { })).Secret.Value;
|
|
tokenSettings.Audience = (await keyVaultProvider.GetSecretAsync(Secrets.Audience, new CancellationToken { })).Secret.Value;
|
|
}
|
|
else
|
|
{
|
|
tokenSettings.PrivateKey = builder.Configuration.GetSection(Secrets.PrivateKey).Value;
|
|
tokenSettings.PublicKey = builder.Configuration.GetSection(Secrets.PublicKey).Value;
|
|
tokenSettings.Issuer = builder.Configuration.GetSection(Secrets.Issuer).Value;
|
|
tokenSettings.Audience = builder.Configuration.GetSection(Secrets.Audience).Value;
|
|
}
|
|
|
|
if (string.IsNullOrEmpty(tokenSettings.PrivateKey) || string.IsNullOrEmpty(tokenSettings.PublicKey))
|
|
{
|
|
logger.LogError("Settings for token creation are missing or incorrectly formatted.");
|
|
throw new InvalidOperationException("Invalid public or private key.");
|
|
}
|
|
|
|
return tokenSettings;
|
|
}
|
|
|
|
private static AzureAuthSettings GetAzureSettings(WebApplicationBuilder builder)
|
|
{
|
|
return new AzureAuthSettings
|
|
{
|
|
Instance = builder.Configuration.GetSection(Secrets.AzureADInstance).Value,
|
|
TenantId = builder.Configuration.GetSection(Secrets.AzureADTenantId).Value,
|
|
ClientId = builder.Configuration.GetSection(Secrets.AzureADClientId).Value,
|
|
ClientSecret = builder.Configuration.GetSection(Secrets.AzureADClientSecret).Value,
|
|
ThalosAppAuthorizationUrl = builder.Configuration.GetSection(Secrets.ThalosAppAuthorizationUrl).Value,
|
|
ThalosAppTokenUrl = builder.Configuration.GetSection(Secrets.ThalosAppTokenUrl).Value,
|
|
ThalosAppClientId = builder.Configuration.GetSection(Secrets.ThalosAppClientId).Value,
|
|
ThalosAppScope = builder.Configuration.GetSection(Secrets.ThalosAppScope).Value,
|
|
};
|
|
}
|
|
|
|
private static async ValueTask<GoogleAuthSettings> GetGoogleSettings(IKeyVaultProvider keyVaultProvider, WebApplicationBuilder builder)
|
|
{
|
|
var environment = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT");
|
|
var googleSettings = new GoogleAuthSettings();
|
|
|
|
if (environment == "Local")
|
|
{
|
|
googleSettings.ClientId = (await keyVaultProvider.GetSecretAsync(Secrets.GoogleClientId, new CancellationToken { })).Secret.Value; ;
|
|
googleSettings.ClientSecret = (await keyVaultProvider.GetSecretAsync(Secrets.GoogleClientSecret, new CancellationToken { })).Secret.Value;
|
|
googleSettings.RedirectUri = (await keyVaultProvider.GetSecretAsync(Secrets.GoogleRedirectUri, new CancellationToken { })).Secret.Value;
|
|
}
|
|
else
|
|
{
|
|
googleSettings.ClientId = builder.Configuration.GetSection(Secrets.GoogleClientId).Value;
|
|
googleSettings.ClientSecret = builder.Configuration.GetSection(Secrets.GoogleClientSecret).Value;
|
|
googleSettings.RedirectUri = builder.Configuration.GetSection(Secrets.GoogleRedirectUri).Value;
|
|
}
|
|
|
|
return googleSettings;
|
|
}
|
|
}
|
|
}
|
|
|