-
Notifications
You must be signed in to change notification settings - Fork 393
Expand file tree
/
Copy pathExtensions.cs
More file actions
115 lines (94 loc) · 3.75 KB
/
Extensions.cs
File metadata and controls
115 lines (94 loc) · 3.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
// Copyright (c) Duende Software. All rights reserved.
// See LICENSE in the project root for license information.
using Duende.Bff;
using Duende.Bff.AccessTokenManagement;
using Duende.Bff.EntityFramework;
using Duende.Bff.Yarp;
using Microsoft.AspNetCore.DataProtection;
using Microsoft.EntityFrameworkCore;
using UserSessionDb.Migrations.UserSessions;
namespace Bff.EF;
internal static class Extensions
{
public static WebApplication ConfigureServices(this WebApplicationBuilder builder)
{
var services = builder.Services;
var configuration = builder.Configuration;
services.AddDataProtection()
.SetApplicationName("JS-EF-Sample");
// Add BFF services to DI - also add server-side session management
var cn = configuration.GetConnectionString("db");
services.AddBff(options =>
{
options.BackchannelLogoutAllUserSessions = true;
options.EnableSessionCleanup = true;
})
.AddRemoteApis()
.AddEntityFrameworkServerSideSessions(options =>
{
//options.UseSqlServer(cn);
options.UseSqlite(cn, opt => opt.MigrationsAssembly(typeof(UserSessions).Assembly.FullName));
});
// local APIs
services.AddControllers();
// cookie options
services.AddAuthentication(options =>
{
options.DefaultScheme = "cookie";
options.DefaultChallengeScheme = "oidc";
options.DefaultSignOutScheme = "oidc";
})
.AddCookie("cookie", options =>
{
// host prefixed cookie name
options.Cookie.Name = "__Host-spa-ef";
// strict SameSite handling
options.Cookie.SameSite = SameSiteMode.Strict;
})
.AddOpenIdConnect("oidc", options =>
{
options.Authority = "https://localhost:5001";
// confidential client using code flow + PKCE
options.ClientId = "bff.ef";
options.ClientSecret = "secret";
options.ResponseType = "code";
options.ResponseMode = "query";
options.MapInboundClaims = false;
options.GetClaimsFromUserInfoEndpoint = true;
options.SaveTokens = true;
// request scopes + refresh tokens
options.Scope.Clear();
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("api");
options.Scope.Add("offline_access");
});
return builder.Build();
}
public static WebApplication ConfigurePipeline(this WebApplication app)
{
app.UseHttpLogging();
app.UseDeveloperExceptionPage();
app.UseDefaultFiles();
app.UseStaticFiles();
app.UseAuthentication();
app.UseRouting();
// adds antiforgery protection for local APIs
app.UseBff();
// adds authorization for local and remote API endpoints
app.UseAuthorization();
// local APIs
app.MapControllers()
.RequireAuthorization()
.AsBffApiEndpoint();
// login, logout, user, backchannel logout...
app.MapBffManagementEndpoints();
// proxy endpoint for cross-site APIs
// all calls to /api/* will be forwarded to the remote API
// user or client access token will be attached in API call
// user access token will be managed automatically using the refresh token
app.MapRemoteBffApiEndpoint("/api", "https://localhost:5010")
.WithAccessToken(RequiredTokenType.UserOrClient);
return app;
}
}