Feature: Google oauth
This commit is contained in:
Kamigen
@@ -5,7 +5,11 @@ using Hutopy.Infrastructure.Data;
|
||||
using Hutopy.Infrastructure.Services;
|
||||
using Hutopy.Web;
|
||||
using Azure.Identity;
|
||||
using Hutopy.Infrastructure.Identity;
|
||||
using Microsoft.AspNetCore.Authentication.Cookies;
|
||||
using Microsoft.AspNetCore.Authentication.Google;
|
||||
using Microsoft.AspNetCore.HttpOverrides;
|
||||
using Microsoft.AspNetCore.Identity;
|
||||
|
||||
var builder = WebApplication.CreateBuilder(args);
|
||||
|
||||
@@ -49,40 +53,43 @@ builder.Services.AddInfrastructureServices(builder.Configuration);
|
||||
builder.Services.AddWebServices();
|
||||
|
||||
// OAuth
|
||||
builder.Services.AddAuthorization();
|
||||
builder.Services.AddAuthentication(options =>
|
||||
{
|
||||
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
|
||||
options.DefaultChallengeScheme = GoogleDefaults.AuthenticationScheme;
|
||||
})
|
||||
.AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
|
||||
{
|
||||
options.Cookie.Name = "Hutopy";
|
||||
options.Cookie.SecurePolicy =
|
||||
builder.Environment.IsDevelopment() ? CookieSecurePolicy.None : CookieSecurePolicy.Always;
|
||||
options.Cookie.SameSite = SameSiteMode.Strict;
|
||||
options.Cookie.HttpOnly = true;
|
||||
options.Cookie.IsEssential = true;
|
||||
options.Cookie.MaxAge = TimeSpan.FromDays(30);
|
||||
})
|
||||
.AddGoogle(options =>
|
||||
.AddCookie()
|
||||
.AddGoogle(
|
||||
GoogleDefaults.AuthenticationScheme,
|
||||
options =>
|
||||
{
|
||||
options.ClientId = builder.Configuration["Google:ClientId"] ??
|
||||
throw new ArgumentNullException("The Google ClientId is missing.");
|
||||
options.ClientSecret = builder.Configuration["Google:ClientSecret"] ??
|
||||
throw new ArgumentNullException("The Google ClientSecret is missing.");
|
||||
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
|
||||
options.Events.OnRedirectToAuthorizationEndpoint = context =>
|
||||
{
|
||||
context.Response.Redirect(context.RedirectUri + "&prompt=consent");
|
||||
return Task.CompletedTask;
|
||||
};
|
||||
});
|
||||
|
||||
// Password hashing
|
||||
builder.Services.AddIdentity<ApplicationUser, IdentityRole>(options =>
|
||||
{
|
||||
options.Password.RequireDigit = true;
|
||||
options.Password.RequireLowercase = false;
|
||||
options.Password.RequireUppercase = true;
|
||||
options.Password.RequireNonAlphanumeric = true;
|
||||
options.Password.RequiredLength = 8;
|
||||
})
|
||||
.AddEntityFrameworkStores<ApplicationDbContext>()
|
||||
.AddDefaultTokenProviders();
|
||||
|
||||
builder.Services.AddControllers();
|
||||
builder.Services.AddScoped<IUserService, UserService>();
|
||||
|
||||
var app = builder.Build();
|
||||
|
||||
app.UseForwardedHeaders(
|
||||
new ForwardedHeadersOptions { ForwardedHeaders = ForwardedHeaders.XForwardedProto }
|
||||
);
|
||||
|
||||
app.UseAuthentication();
|
||||
app.UseAuthorization();
|
||||
|
||||
|
||||
Reference in New Issue
Block a user