From 6aa84a6a1cbdd6012cbab559a81ad20bab73b237 Mon Sep 17 00:00:00 2001
From: Erik Dahl <dahlsailrunner@outlook.com>
Date: Thu, 16 Jul 2020 17:16:43 -0500
Subject: [PATCH] updated for integration with demo identity server using
 recommended practices

---
 .../BookClub.API/BookClub.API.csproj          |  3 +-
 .../BookClub.API/Startup.cs                   | 48 ++++----------
 .../BookClub.API/SwaggerConfig.cs             | 66 +++++++++++++++++++
 .../BookClub.API/appsettings.json             |  8 ++-
 .../BookClub.UI/Startup.cs                    |  4 +-
 5 files changed, 89 insertions(+), 40 deletions(-)
 create mode 100644 AspNetCore-Effective-Logging/BookClub.API/SwaggerConfig.cs

diff --git a/AspNetCore-Effective-Logging/BookClub.API/BookClub.API.csproj b/AspNetCore-Effective-Logging/BookClub.API/BookClub.API.csproj
index 173ba4f..ab9d7f6 100644
--- a/AspNetCore-Effective-Logging/BookClub.API/BookClub.API.csproj
+++ b/AspNetCore-Effective-Logging/BookClub.API/BookClub.API.csproj
@@ -5,7 +5,8 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="IdentityServer4.AccessTokenValidation" Version="3.0.1" />
+    <PackageReference Include="IdentityModel" Version="4.3.1" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="3.1.6" />
     <PackageReference Include="NLog.Targets.ElasticSearch" Version="7.3.0" />
     <PackageReference Include="NLog.Web.AspNetCore" Version="4.9.2" />
     <PackageReference Include="Serilog.AspNetCore" Version="3.2.0" />
diff --git a/AspNetCore-Effective-Logging/BookClub.API/Startup.cs b/AspNetCore-Effective-Logging/BookClub.API/Startup.cs
index 7425f9f..bbe86b0 100644
--- a/AspNetCore-Effective-Logging/BookClub.API/Startup.cs
+++ b/AspNetCore-Effective-Logging/BookClub.API/Startup.cs
@@ -1,8 +1,6 @@
 using System;
-using System.Collections.Generic;
 using System.Data;
 using System.Data.SqlClient;
-using System.Linq;
 using BookClub.Infrastructure.Middleware;
 using BookClub.Data;
 using BookClub.Logic;
@@ -12,11 +10,11 @@
 using Microsoft.AspNetCore.Mvc.Authorization;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
-using Swashbuckle.AspNetCore.Swagger;
 using BookClub.Infrastructure.Filters;
 using BookClub.Infrastructure;
 using Microsoft.Extensions.Logging;
-using Microsoft.OpenApi.Models;
+using Microsoft.Extensions.Options;
+using Swashbuckle.AspNetCore.SwaggerGen;
 
 namespace BookClub.API
 {
@@ -40,44 +38,19 @@ public void ConfigureServices(IServiceCollection services)
             services.AddScoped<IDbConnection, SqlConnection>(p =>
                 new SqlConnection(Configuration.GetConnectionString("BookClubDb")));
             services.AddScoped<IBookRepository, BookRepository>();
-            services.AddScoped<IBookLogic, BookLogic>();            
+            services.AddScoped<IBookLogic, BookLogic>();
+            services.AddTransient<IConfigureOptions<SwaggerGenOptions>, SwaggerConfig>();
 
             services.AddAuthentication("Bearer")
-                .AddIdentityServerAuthentication(options =>
+                .AddJwtBearer(options =>
                 {
-                    options.Authority = "https://demo.identityserver.io";
-                    options.ApiName = "api";                    
+                    options.Authority = Configuration.GetValue<string>("Security:Authority");
+                    options.Audience = Configuration.GetValue<string>("Security:Audience");
                 });
 
             services.AddAuthorization();
 
-            services.AddSwaggerGen(c =>
-            {
-                var oauthScopeDic = new Dictionary<string, string> { {"api", "Access to the Book Club API"} };
-                c.SwaggerDoc("v1", new OpenApiInfo { Title = "Book Club API", Version = "v1" });
-                c.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
-                {
-                    Type = SecuritySchemeType.OAuth2,
-                    Flows = new OpenApiOAuthFlows
-                    {
-                        Implicit = new OpenApiOAuthFlow
-                        {
-                            AuthorizationUrl = new Uri("https://demo.identityserver.io/connect/authorize"),
-                            Scopes = oauthScopeDic
-                        }
-                    }
-                });
-                c.AddSecurityRequirement(new OpenApiSecurityRequirement
-                {
-                    {
-                        new OpenApiSecurityScheme
-                        {
-                            Reference = new OpenApiReference {Type = ReferenceType.SecurityScheme, Id = "oauth2"}
-                        },
-                        oauthScopeDic.Keys.ToArray()
-                    }
-                });
-            });
+            services.AddSwaggerGen();  // configured in SwaggerConfig by transient dependency above
 
             services.AddMvc(options =>
             {
@@ -101,7 +74,10 @@ public void Configure(IApplicationBuilder app)
             app.UseSwaggerUI(options =>
             {
                 options.SwaggerEndpoint("/swagger/v1/swagger.json", "Book Club API");
-                options.OAuthClientId("implicit");  // should represent the swagger UI
+                options.OAuthClientId(Configuration.GetValue<string>("Security:ClientId"));  
+                options.OAuthClientSecret(Configuration.GetValue<string>("Security:ClientSecret"));
+                options.OAuthAppName("Book Club API");
+                options.OAuthUsePkce();
             });
             app.UseAuthentication();
 
diff --git a/AspNetCore-Effective-Logging/BookClub.API/SwaggerConfig.cs b/AspNetCore-Effective-Logging/BookClub.API/SwaggerConfig.cs
new file mode 100644
index 0000000..d657053
--- /dev/null
+++ b/AspNetCore-Effective-Logging/BookClub.API/SwaggerConfig.cs
@@ -0,0 +1,66 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net.Http;
+using IdentityModel.Client;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Options;
+using Microsoft.OpenApi.Models;
+using Swashbuckle.AspNetCore.SwaggerGen;
+
+namespace BookClub.API
+{
+    public class SwaggerConfig : IConfigureOptions<SwaggerGenOptions>
+    {
+        private readonly IConfiguration _config;
+
+        public SwaggerConfig(IConfiguration config)
+        {
+            _config = config;
+        }
+        public void Configure(SwaggerGenOptions options)
+        {
+            var disco = GetDiscoveryDocument();
+            var oauthScopeDic = new Dictionary<string, string> { { "api", "Access to the Book Club API" } };
+
+            //options.OperationFilter<AuthorizeOperationFilter>();
+            options.DescribeAllParametersInCamelCase();
+            options.CustomSchemaIds(x => x.FullName);
+            options.SwaggerDoc("v1", new OpenApiInfo { Title = "Book Club API", Version = "v1" });
+
+            options.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
+            {
+                Type = SecuritySchemeType.OAuth2,
+                Flows = new OpenApiOAuthFlows
+                {
+                    AuthorizationCode = new OpenApiOAuthFlow
+                    {
+                        AuthorizationUrl = new Uri(disco.AuthorizeEndpoint),
+                        TokenUrl = new Uri(disco.TokenEndpoint),
+                        Scopes = oauthScopeDic
+                    }
+                }
+            });
+            options.AddSecurityRequirement(new OpenApiSecurityRequirement
+            {
+                {
+                    new OpenApiSecurityScheme
+                    {
+                        Reference = new OpenApiReference {Type = ReferenceType.SecurityScheme, Id = "oauth2"}
+                    },
+                    oauthScopeDic.Keys.ToArray()
+                }
+            });
+        }
+
+        private DiscoveryDocumentResponse GetDiscoveryDocument()
+        {
+            var client = new HttpClient();
+            var authority = _config.GetValue<string>("Security:Authority");
+            return client.GetDiscoveryDocumentAsync(authority)
+                .GetAwaiter()
+                .GetResult();
+        }
+    }
+}
diff --git a/AspNetCore-Effective-Logging/BookClub.API/appsettings.json b/AspNetCore-Effective-Logging/BookClub.API/appsettings.json
index d6ca2f1..cf4aa5c 100644
--- a/AspNetCore-Effective-Logging/BookClub.API/appsettings.json
+++ b/AspNetCore-Effective-Logging/BookClub.API/appsettings.json
@@ -9,5 +9,11 @@
   "AllowedHosts": "*",
   "ConnectionStrings": {
     "BookClubDb": "Server=.\\sqlexpress;Database=BookClub;Trusted_Connection=True;"
-  }
+  },
+  "Security": {
+    "Authority": "https://demo.identityserver.io",
+    "ClientId": "interactive.confidential",
+    "ClientSecret": "secret", 
+    "Audience":  "api" 
+  } 
 }
diff --git a/AspNetCore-Effective-Logging/BookClub.UI/Startup.cs b/AspNetCore-Effective-Logging/BookClub.UI/Startup.cs
index 1318916..ee4cba0 100644
--- a/AspNetCore-Effective-Logging/BookClub.UI/Startup.cs
+++ b/AspNetCore-Effective-Logging/BookClub.UI/Startup.cs
@@ -45,9 +45,9 @@ public void ConfigureServices(IServiceCollection services)
                     options.SignInScheme = "Cookies";
                     options.Authority = "https://demo.identityserver.io";
 
-                    options.ClientId = "server.hybrid";
+                    options.ClientId = "interactive.confidential";
                     options.ClientSecret = "secret";
-                    options.ResponseType = "code id_token";
+                    options.ResponseType = "code";
                     options.Scope.Add("email");
                     options.Scope.Add("api");
                     options.Scope.Add("offline_access");