From 59e6624cb543f21e7c6a3a84fde9c23c92e21c28 Mon Sep 17 00:00:00 2001 From: Ole Kristian Losvik Date: Tue, 10 Mar 2026 19:17:47 +0100 Subject: [PATCH] Auth: Extract AuthorizationHandler and simplify auth setup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Move endpoint logic from Ignis.Auth controller into AuthorizationHandler, letting the host wire up a thin controller with constructor injection. Split AddIgnisAuth into AddIgnisAuthServer and AddIgnisClientSync. Remove the Enabled flag — as the consuming project now has control. --- .../Controllers/AuthorizationController.cs | 17 ++++ src/Ignis.Api/Program.cs | 36 ++------ src/Ignis.Api/appsettings.json | 1 - src/Ignis.Auth/AuthSettings.cs | 1 - src/Ignis.Auth/AuthorizationHandler.cs | 76 +++++++++++++++++ .../Controllers/AuthorizationController.cs | 83 ------------------- ...nExtensions.cs => AuthServerExtensions.cs} | 49 ++++++----- .../Extensions/AuthServiceExtensions.cs | 31 +++++++ src/Ignis.Auth/README.md | 8 +- .../Ignis.Api.Tests/AuthConfigurationTests.cs | 47 +---------- .../ClientSyncInitializerTests.cs | 2 - tests/Ignis.Api.Tests/IgnisApiFactory.cs | 8 -- tests/Ignis.Api.Tests/IntegrationFixture.cs | 5 -- 13 files changed, 164 insertions(+), 200 deletions(-) create mode 100644 src/Ignis.Api/Controllers/AuthorizationController.cs create mode 100644 src/Ignis.Auth/AuthorizationHandler.cs delete mode 100644 src/Ignis.Auth/Controllers/AuthorizationController.cs rename src/Ignis.Auth/Extensions/{ServiceCollectionExtensions.cs => AuthServerExtensions.cs} (78%) create mode 100644 src/Ignis.Auth/Extensions/AuthServiceExtensions.cs diff --git a/src/Ignis.Api/Controllers/AuthorizationController.cs b/src/Ignis.Api/Controllers/AuthorizationController.cs new file mode 100644 index 0000000..3b64cbb --- /dev/null +++ b/src/Ignis.Api/Controllers/AuthorizationController.cs @@ -0,0 +1,17 @@ +using Ignis.Auth; + +using Microsoft.AspNetCore.Http; +using Microsoft.AspNetCore.Mvc; + +namespace Ignis.Api.Controllers; + +[ApiController] +public class AuthorizationController(AuthorizationHandler handler) : ControllerBase +{ + /// Exchange credentials for an access token (OAuth 2.0 client_credentials grant). + [HttpPost("~/connect/token")] + [ProducesResponseType(typeof(object), StatusCodes.Status200OK, "application/json")] + [ProducesResponseType(StatusCodes.Status400BadRequest)] + [ProducesResponseType(StatusCodes.Status401Unauthorized)] + public Task Exchange() => handler.ExchangeAsync(HttpContext); +} diff --git a/src/Ignis.Api/Program.cs b/src/Ignis.Api/Program.cs index 3fa3206..9f379d7 100644 --- a/src/Ignis.Api/Program.cs +++ b/src/Ignis.Api/Program.cs @@ -1,6 +1,5 @@ using Ignis.Auth; using Ignis.Auth.Extensions; -using Ignis.Auth.Services; using Spark.Engine; using Spark.Engine.Extensions; @@ -16,14 +15,13 @@ var storeSettings = new StoreSettings(); builder.Configuration.Bind("StoreSettings", storeSettings); -// Bind Auth settings (optional OAuth 2.0 server) +// Bind Auth settings var authSettings = new AuthSettings(); builder.Configuration.Bind("AuthSettings", authSettings); -if (authSettings.Enabled) -{ - builder.Services.AddIgnisAuth(authSettings, builder.Environment.IsDevelopment()); -} +builder.Services + .AddIgnisAuthServer(authSettings, builder.Environment.IsDevelopment()) + .AddIgnisClientSync(); // Set up CORS policy builder.Services.AddCors(options => @@ -49,20 +47,7 @@ // Register Spark FHIR engine (also registers controllers + FHIR formatters) builder.Services.AddFhir(sparkSettings); -// The project reference to Ignis.Auth causes auto-discovery of its controllers. -// Remove them when auth is disabled to avoid DI resolution failures. -builder.Services.AddControllers() - .ConfigureApplicationPartManager(manager => - { - if (!authSettings.Enabled) - { - var authAssemblyName = typeof(AuthSettings).Assembly.GetName().Name; - var authPart = manager.ApplicationParts - .FirstOrDefault(p => p.Name == authAssemblyName); - if (authPart != null) - manager.ApplicationParts.Remove(authPart); - } - }); +builder.Services.AddControllers(); // OpenAPI document generation builder.Services.AddEndpointsApiExplorer(); @@ -70,13 +55,6 @@ var app = builder.Build(); -if (authSettings.Enabled) -{ - await using var scope = app.Services.CreateAsyncScope(); - var clientSyncInitializer = scope.ServiceProvider.GetRequiredService(); - await clientSyncInitializer.RunAsync(app.Lifetime.ApplicationStopping); -} - if (app.Environment.IsDevelopment()) { app.MapOpenApi(); @@ -85,6 +63,10 @@ app.UseHttpsRedirection(); app.UseRouting(); app.UseCors(); +app.UseAuthentication(); +app.UseAuthorization(); + +await app.SyncOAuthClientsAsync(); app.MapControllers(); app.MapGet("/healthz", () => Results.Ok("ok")); diff --git a/src/Ignis.Api/appsettings.json b/src/Ignis.Api/appsettings.json index 755ac0a..fe44edb 100644 --- a/src/Ignis.Api/appsettings.json +++ b/src/Ignis.Api/appsettings.json @@ -10,7 +10,6 @@ "ConnectionString": "mongodb://localhost:27017/ignis" }, "AuthSettings": { - "Enabled": false, "ConnectionString": "mongodb://localhost:27017/ignis", "Clients": [ { diff --git a/src/Ignis.Auth/AuthSettings.cs b/src/Ignis.Auth/AuthSettings.cs index 76cc7ee..9e03a78 100644 --- a/src/Ignis.Auth/AuthSettings.cs +++ b/src/Ignis.Auth/AuthSettings.cs @@ -2,7 +2,6 @@ namespace Ignis.Auth; public class AuthSettings { - public bool Enabled { get; set; } public string ConnectionString { get; set; } = ""; public List Clients { get; set; } = []; public AuthEndpointSettings Endpoints { get; set; } = new(); diff --git a/src/Ignis.Auth/AuthorizationHandler.cs b/src/Ignis.Auth/AuthorizationHandler.cs new file mode 100644 index 0000000..aa8e52b --- /dev/null +++ b/src/Ignis.Auth/AuthorizationHandler.cs @@ -0,0 +1,76 @@ +using System.Security.Claims; + +using Microsoft.AspNetCore; +using Microsoft.AspNetCore.Authentication; +using Microsoft.AspNetCore.Http; +using Microsoft.AspNetCore.Mvc; + +using OpenIddict.Abstractions; +using OpenIddict.Server.AspNetCore; + +using static OpenIddict.Abstractions.OpenIddictConstants; + +namespace Ignis.Auth; + +/// +/// Contains the OpenIddict token endpoint logic. +/// Designed to be called from a thin controller in the host application. +/// +public class AuthorizationHandler +{ + private readonly IOpenIddictApplicationManager _applicationManager; + + public AuthorizationHandler(IOpenIddictApplicationManager applicationManager) + { + _applicationManager = applicationManager; + } + + public async Task ExchangeAsync(HttpContext httpContext) + { + var request = httpContext.GetOpenIddictServerRequest() + ?? throw new InvalidOperationException("The OpenID Connect request cannot be retrieved."); + + if (request.IsClientCredentialsGrantType()) + { + return await ExchangeClientCredentialsAsync(request); + } + + return ForbidWithError(Errors.UnsupportedGrantType, "The specified grant type is not supported."); + } + + private async Task ExchangeClientCredentialsAsync(OpenIddictRequest request) + { + if (string.IsNullOrEmpty(request.ClientId)) + { + return ForbidWithError(Errors.InvalidClient, "The client identifier is missing."); + } + + var application = await _applicationManager.FindByClientIdAsync(request.ClientId); + if (application is null) + { + return ForbidWithError(Errors.InvalidClient, "The specified client application was not found."); + } + + var identity = new ClaimsIdentity( + OpenIddictServerAspNetCoreDefaults.AuthenticationScheme, + Claims.Name, Claims.Role); + + identity.SetClaim(Claims.Subject, await _applicationManager.GetClientIdAsync(application)); + identity.SetClaim(Claims.Name, await _applicationManager.GetDisplayNameAsync(application)); + + identity.SetScopes(request.GetScopes()); + identity.SetDestinations(static claim => [Destinations.AccessToken]); + + return new SignInResult( + OpenIddictServerAspNetCoreDefaults.AuthenticationScheme, + new ClaimsPrincipal(identity)); + } + + private static ForbidResult ForbidWithError(string error, string description) => + new([OpenIddictServerAspNetCoreDefaults.AuthenticationScheme], + new AuthenticationProperties(new Dictionary + { + [OpenIddictServerAspNetCoreConstants.Properties.Error] = error, + [OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] = description, + })); +} diff --git a/src/Ignis.Auth/Controllers/AuthorizationController.cs b/src/Ignis.Auth/Controllers/AuthorizationController.cs deleted file mode 100644 index 8728042..0000000 --- a/src/Ignis.Auth/Controllers/AuthorizationController.cs +++ /dev/null @@ -1,83 +0,0 @@ -using System.Security.Claims; - -using Microsoft.AspNetCore; -using Microsoft.AspNetCore.Http; -using Microsoft.AspNetCore.Mvc; - -using OpenIddict.Abstractions; -using OpenIddict.Server.AspNetCore; - -using static OpenIddict.Abstractions.OpenIddictConstants; - -namespace Ignis.Auth.Controllers; - -[ApiController] -public class AuthorizationController : ControllerBase -{ - private readonly IOpenIddictApplicationManager _applicationManager; - - public AuthorizationController(IOpenIddictApplicationManager applicationManager) - { - _applicationManager = applicationManager; - } - - [HttpPost("~/connect/token")] - [EndpointDescription("Exchange client credentials for an access token (OAuth 2.0 client_credentials grant).")] - [ProducesResponseType(typeof(object), StatusCodes.Status200OK, "application/json")] - [ProducesResponseType(StatusCodes.Status400BadRequest)] - [ProducesResponseType(StatusCodes.Status401Unauthorized)] - public async Task Exchange() - { - var request = HttpContext.GetOpenIddictServerRequest() - ?? throw new InvalidOperationException("The OpenID Connect request cannot be retrieved."); - - if (!request.IsClientCredentialsGrantType()) - { - return Forbid( - authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme, - properties: new(new Dictionary - { - [OpenIddictServerAspNetCoreConstants.Properties.Error] = Errors.UnsupportedGrantType, - [OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] = - "The specified grant type is not supported.", - })); - } - - if (string.IsNullOrEmpty(request.ClientId)) - { - return Forbid( - authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme, - properties: new(new Dictionary - { - [OpenIddictServerAspNetCoreConstants.Properties.Error] = Errors.InvalidClient, - [OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] = - "The client identifier is missing.", - })); - } - - var application = await _applicationManager.FindByClientIdAsync(request.ClientId); - if (application is null) - { - return Forbid( - authenticationSchemes: OpenIddictServerAspNetCoreDefaults.AuthenticationScheme, - properties: new(new Dictionary - { - [OpenIddictServerAspNetCoreConstants.Properties.Error] = Errors.InvalidClient, - [OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] = - "The specified client application was not found.", - })); - } - - var identity = new ClaimsIdentity( - OpenIddictServerAspNetCoreDefaults.AuthenticationScheme, - Claims.Name, Claims.Role); - - identity.SetClaim(Claims.Subject, await _applicationManager.GetClientIdAsync(application)); - identity.SetClaim(Claims.Name, await _applicationManager.GetDisplayNameAsync(application)); - - identity.SetScopes(request.GetScopes()); - identity.SetDestinations(static claim => [Destinations.AccessToken]); - - return SignIn(new ClaimsPrincipal(identity), OpenIddictServerAspNetCoreDefaults.AuthenticationScheme); - } -} diff --git a/src/Ignis.Auth/Extensions/ServiceCollectionExtensions.cs b/src/Ignis.Auth/Extensions/AuthServerExtensions.cs similarity index 78% rename from src/Ignis.Auth/Extensions/ServiceCollectionExtensions.cs rename to src/Ignis.Auth/Extensions/AuthServerExtensions.cs index c41179c..7986bf8 100644 --- a/src/Ignis.Auth/Extensions/ServiceCollectionExtensions.cs +++ b/src/Ignis.Auth/Extensions/AuthServerExtensions.cs @@ -1,7 +1,5 @@ using System.Security.Cryptography.X509Certificates; -using Ignis.Auth.Services; - using Microsoft.Extensions.DependencyInjection; using MongoDB.Driver; @@ -10,26 +8,46 @@ namespace Ignis.Auth.Extensions; -public static class ServiceCollectionExtensions +public static class AuthServerExtensions { - public static IServiceCollection AddIgnisAuth( + /// + /// Registers the OpenIddict authorization server and certificates. + /// Use this when the application acts as an authorization server. + /// + public static IServiceCollection AddIgnisAuthServer( this IServiceCollection services, AuthSettings settings, bool useDevelopmentCertificates) { ArgumentNullException.ThrowIfNull(settings); - ArgumentNullException.ThrowIfNull(settings.ConnectionString, "AuthSettings:ConnectionString is required when auth is enabled."); - ArgumentNullException.ThrowIfNull(settings.Endpoints?.TokenEndpointPath, "AuthSettings:Endpoints:TokenEndpointPath is required when auth is enabled."); + ArgumentException.ThrowIfNullOrWhiteSpace(settings.ConnectionString); services.Configure(options => { - options.Enabled = settings.Enabled; options.ConnectionString = settings.ConnectionString; options.Clients = settings.Clients; options.Endpoints = settings.Endpoints; options.Certificates = settings.Certificates; }); + services.AddOpenIddictServer(settings, useDevelopmentCertificates); + services.AddOpenIddict() + .AddValidation(options => + { + options.UseLocalServer(); + options.UseAspNetCore(); + }); + + services.AddTransient(); + + return services; + } + + private static void AddOpenIddictServer( + this IServiceCollection services, + AuthSettings settings, + bool useDevelopmentCertificates) + { services.AddOpenIddict() .AddCore(options => { @@ -43,31 +61,20 @@ public static IServiceCollection AddIgnisAuth( .SetTokenEndpointUris(settings.Endpoints.TokenEndpointPath) .AllowClientCredentialsFlow(); - ConfigureCertificates(options, settings, useDevelopmentCertificates); + ConfigureCertificates(options, settings.Certificates, useDevelopmentCertificates); var aspNetCoreBuilder = options .UseAspNetCore() .EnableTokenEndpointPassthrough(); if (useDevelopmentCertificates) - { aspNetCoreBuilder.DisableTransportSecurityRequirement(); - } - }) - .AddValidation(options => - { - options.UseLocalServer(); - options.UseAspNetCore(); }); - - services.AddTransient(); - - return services; } private static void ConfigureCertificates( OpenIddictServerBuilder options, - AuthSettings settings, + AuthCertificateSettings certs, bool useDevelopmentCertificates) { if (useDevelopmentCertificates) @@ -78,8 +85,6 @@ private static void ConfigureCertificates( return; } - var certs = settings.Certificates; - options .AddSigningCertificate(LoadCertificate( certs.SigningCertificatePath, diff --git a/src/Ignis.Auth/Extensions/AuthServiceExtensions.cs b/src/Ignis.Auth/Extensions/AuthServiceExtensions.cs new file mode 100644 index 0000000..faaefef --- /dev/null +++ b/src/Ignis.Auth/Extensions/AuthServiceExtensions.cs @@ -0,0 +1,31 @@ +using Ignis.Auth.Services; + +using Microsoft.AspNetCore.Builder; +using Microsoft.Extensions.DependencyInjection; + +namespace Ignis.Auth.Extensions; + +public static class AuthServiceExtensions +{ + /// + /// Registers for syncing configured OAuth clients to MongoDB. + /// Call on the built to run it on startup. + /// + public static IServiceCollection AddIgnisClientSync( + this IServiceCollection services) + { + services.AddTransient(); + return services; + } + + /// + /// Runs the OAuth client sync on startup, ensuring configured clients exist in MongoDB. + /// Requires to have been called during service registration. + /// + public static async Task SyncOAuthClientsAsync(this WebApplication app) + { + await using var scope = app.Services.CreateAsyncScope(); + var initializer = scope.ServiceProvider.GetRequiredService(); + await initializer.RunAsync(app.Lifetime.ApplicationStopping); + } +} diff --git a/src/Ignis.Auth/README.md b/src/Ignis.Auth/README.md index 1a19bc4..27761ed 100644 --- a/src/Ignis.Auth/README.md +++ b/src/Ignis.Auth/README.md @@ -2,7 +2,7 @@ OAuth 2.0 token service for Ignis, built on [OpenIddict](https://documentation.openiddict.com/) with MongoDB storage. -Currently supports the `client_credentials` grant type. +The library provides an `AuthorizationHandler` containing the token endpoint logic, while the host application supplies a thin controller that delegates to it. Currently supports the `client_credentials` grant type. ## Configuration @@ -15,12 +15,10 @@ Currently supports the `client_credentials` grant type. { "ClientId": "my-client", "ClientSecret": "my-secret", - "DisplayName": "My Client" + "DisplayName": "My Client", + "AllowedGrantTypes": ["client_credentials"] } ], - "Endpoints": { - "TokenEndpointPath": "connect/token" - }, "Certificates": { "SigningCertificatePath": "certs/signing.pfx", "SigningCertificatePassword": "", diff --git a/tests/Ignis.Api.Tests/AuthConfigurationTests.cs b/tests/Ignis.Api.Tests/AuthConfigurationTests.cs index c36dbf9..0c5aaeb 100644 --- a/tests/Ignis.Api.Tests/AuthConfigurationTests.cs +++ b/tests/Ignis.Api.Tests/AuthConfigurationTests.cs @@ -75,50 +75,10 @@ private static string CreateTempCertificate(string subject, string password) } [Fact] - public async Task TokenEndpoint_NotAvailable_WhenAuthDisabled() + public async Task TokenEndpoint_ReturnsAccessToken() { var envVars = new Dictionary { - ["AuthSettings__Enabled"] = "false", - ["AuthSettings__ConnectionString"] = _connectionString, - ["StoreSettings__ConnectionString"] = _connectionString, - }; - SetEnvVars(envVars); - try - { - await using var factory = CreateFactory(new Dictionary - { - ["StoreSettings:ConnectionString"] = _connectionString, - ["SparkSettings:Endpoint"] = "https://localhost/fhir", - ["SparkSettings:FhirRelease"] = "R4", - ["SparkSettings:UseAsynchronousIO"] = "true", - ["AuthSettings:Enabled"] = "false", - ["AuthSettings:ConnectionString"] = _connectionString, - }); - using var client = factory.CreateClient(); - - var response = await client.PostAsync("/connect/token", - new FormUrlEncodedContent(new Dictionary - { - ["grant_type"] = "client_credentials", - ["client_id"] = "test-client", - ["client_secret"] = "test-secret", - }), CT); - - response.StatusCode.Should().Be(HttpStatusCode.NotFound); - } - finally - { - ClearEnvVars(envVars); - } - } - - [Fact] - public async Task TokenEndpoint_Available_WhenAuthEnabled() - { - var envVars = new Dictionary - { - ["AuthSettings__Enabled"] = "true", ["AuthSettings__ConnectionString"] = _connectionString, ["AuthSettings__Clients__0__ClientId"] = "config-client", ["AuthSettings__Clients__0__ClientSecret"] = "config-secret", @@ -135,7 +95,6 @@ public async Task TokenEndpoint_Available_WhenAuthEnabled() ["SparkSettings:Endpoint"] = "https://localhost/fhir", ["SparkSettings:FhirRelease"] = "R4", ["SparkSettings:UseAsynchronousIO"] = "true", - ["AuthSettings:Enabled"] = "true", ["AuthSettings:ConnectionString"] = _connectionString, ["AuthSettings:Clients:0:ClientId"] = "config-client", ["AuthSettings:Clients:0:ClientSecret"] = "config-secret", @@ -171,7 +130,6 @@ public async Task TokenEndpoint_Works_WithCertificatesInProduction() { var envVars = new Dictionary { - ["AuthSettings__Enabled"] = "true", ["AuthSettings__ConnectionString"] = _connectionString, ["AuthSettings__Clients__0__ClientId"] = "cert-client", ["AuthSettings__Clients__0__ClientSecret"] = "cert-secret", @@ -192,7 +150,6 @@ public async Task TokenEndpoint_Works_WithCertificatesInProduction() ["SparkSettings:Endpoint"] = "https://localhost/fhir", ["SparkSettings:FhirRelease"] = "R4", ["SparkSettings:UseAsynchronousIO"] = "true", - ["AuthSettings:Enabled"] = "true", ["AuthSettings:ConnectionString"] = _connectionString, ["AuthSettings:Clients:0:ClientId"] = "cert-client", ["AuthSettings:Clients:0:ClientSecret"] = "cert-secret", @@ -235,7 +192,6 @@ public void Startup_Fails_WhenCertificatesMissing_InProduction() { var envVars = new Dictionary { - ["AuthSettings__Enabled"] = "true", ["AuthSettings__ConnectionString"] = _connectionString, ["AuthSettings__Clients__0__ClientId"] = "cert-client", ["AuthSettings__Clients__0__ClientSecret"] = "cert-secret", @@ -253,7 +209,6 @@ public void Startup_Fails_WhenCertificatesMissing_InProduction() ["SparkSettings:Endpoint"] = "https://localhost/fhir", ["SparkSettings:FhirRelease"] = "R4", ["SparkSettings:UseAsynchronousIO"] = "true", - ["AuthSettings:Enabled"] = "true", ["AuthSettings:ConnectionString"] = _connectionString, ["AuthSettings:Clients:0:ClientId"] = "cert-client", ["AuthSettings:Clients:0:ClientSecret"] = "cert-secret", diff --git a/tests/Ignis.Api.Tests/ClientSyncInitializerTests.cs b/tests/Ignis.Api.Tests/ClientSyncInitializerTests.cs index 8953da2..9353273 100644 --- a/tests/Ignis.Api.Tests/ClientSyncInitializerTests.cs +++ b/tests/Ignis.Api.Tests/ClientSyncInitializerTests.cs @@ -47,14 +47,12 @@ public async ValueTask DisposeAsync() ["SparkSettings:Endpoint"] = "https://localhost/fhir", ["SparkSettings:FhirRelease"] = "R4", ["SparkSettings:UseAsynchronousIO"] = "true", - ["AuthSettings:Enabled"] = "true", ["AuthSettings:ConnectionString"] = _connectionString, }; var envVars = new Dictionary { ["StoreSettings__ConnectionString"] = _connectionString, - ["AuthSettings__Enabled"] = "true", ["AuthSettings__ConnectionString"] = _connectionString, }; diff --git a/tests/Ignis.Api.Tests/IgnisApiFactory.cs b/tests/Ignis.Api.Tests/IgnisApiFactory.cs index 5eadc9e..833ce8c 100644 --- a/tests/Ignis.Api.Tests/IgnisApiFactory.cs +++ b/tests/Ignis.Api.Tests/IgnisApiFactory.cs @@ -1,7 +1,6 @@ using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Mvc.Testing; using Microsoft.Extensions.Configuration; -using Microsoft.Extensions.DependencyInjection; namespace Ignis.Api.Tests; @@ -24,21 +23,14 @@ protected override void ConfigureWebHost(IWebHostBuilder builder) ["SparkSettings:Endpoint"] = "https://localhost/fhir", ["SparkSettings:FhirRelease"] = "R4", ["SparkSettings:UseAsynchronousIO"] = "true", - ["AuthSettings:Enabled"] = "true", ["AuthSettings:ConnectionString"] = _connectionString, ["AuthSettings:Clients:0:ClientId"] = "test-client", ["AuthSettings:Clients:0:ClientSecret"] = "test-secret", ["AuthSettings:Clients:0:DisplayName"] = "Test Client", ["AuthSettings:Clients:0:AllowedGrantTypes:0"] = "client_credentials", - ["AuthSettings:Clients:0:RedirectUris:0"] = "http://localhost/callback", }); }); - builder.ConfigureServices(services => - { - services.AddSingleton(); - }); - builder.UseEnvironment("Development"); } } diff --git a/tests/Ignis.Api.Tests/IntegrationFixture.cs b/tests/Ignis.Api.Tests/IntegrationFixture.cs index 0367bb6..a498b1a 100644 --- a/tests/Ignis.Api.Tests/IntegrationFixture.cs +++ b/tests/Ignis.Api.Tests/IntegrationFixture.cs @@ -33,14 +33,11 @@ private static string BuildConnectionString(string raw) private static readonly string[] EnvVarKeys = [ "StoreSettings__ConnectionString", - "AuthSettings__Enabled", "AuthSettings__ConnectionString", "AuthSettings__Clients__0__ClientId", "AuthSettings__Clients__0__ClientSecret", "AuthSettings__Clients__0__DisplayName", "AuthSettings__Clients__0__AllowedGrantTypes__0", - "AuthSettings__Clients__0__AllowedGrantTypes__1", - "AuthSettings__Clients__0__RedirectUris__0", ]; public async ValueTask InitializeAsync() @@ -49,13 +46,11 @@ public async ValueTask InitializeAsync() var connectionString = BuildConnectionString(_mongo.GetConnectionString()); Environment.SetEnvironmentVariable("StoreSettings__ConnectionString", connectionString); - Environment.SetEnvironmentVariable("AuthSettings__Enabled", "true"); Environment.SetEnvironmentVariable("AuthSettings__ConnectionString", connectionString); Environment.SetEnvironmentVariable("AuthSettings__Clients__0__ClientId", "test-client"); Environment.SetEnvironmentVariable("AuthSettings__Clients__0__ClientSecret", "test-secret"); Environment.SetEnvironmentVariable("AuthSettings__Clients__0__DisplayName", "Test Client"); Environment.SetEnvironmentVariable("AuthSettings__Clients__0__AllowedGrantTypes__0", "client_credentials"); - Environment.SetEnvironmentVariable("AuthSettings__Clients__0__RedirectUris__0", "http://localhost/callback"); Factory = new IgnisApiFactory(connectionString); }