diff --git a/backend/LexBoxApi/Auth/AuthKernel.cs b/backend/LexBoxApi/Auth/AuthKernel.cs index 38fae368b..69065a040 100644 --- a/backend/LexBoxApi/Auth/AuthKernel.cs +++ b/backend/LexBoxApi/Auth/AuthKernel.cs @@ -87,9 +87,11 @@ public static void AddLexBoxAuth(IServiceCollection services, context.Request.Headers.Authorization.ToString().StartsWith("Bearer") && context.RequestServices.GetService>()?.Value.Enable == true) { + //todo this breaks CanUseBearerAuth test //fow now this will use oauth return OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme; } + if (context.Request.IsJwtRequest()) { return JwtBearerDefaults.AuthenticationScheme; @@ -100,6 +102,7 @@ public static void AddLexBoxAuth(IServiceCollection services, { return CookieAuthenticationDefaults.AuthenticationScheme; } + if (context.Request.IsJwtOverBasicAuth(out var jwt)) { context.Features.Set(new JwtOverBasicAuthFeature(jwt)); @@ -114,8 +117,23 @@ public static void AddLexBoxAuth(IServiceCollection services, configuration.Bind("Authentication:Cookie", options); options.LoginPath = "/login"; options.Cookie.Name = AuthCookieName; - // options.ForwardChallenge = JwtBearerDefaults.AuthenticationScheme; options.ForwardForbid = JwtBearerDefaults.AuthenticationScheme; + options.Events = new() + { + OnRedirectToLogin = context => + { + if (context.Request.Path.StartsWithSegments("/api/oauth") && + context.Response.StatusCode == StatusCodes.Status200OK) + { + context.Response.Redirect(context.RedirectUri); + } + else + { + context.Response.StatusCode = StatusCodes.Status401Unauthorized; + } + return Task.CompletedTask; + } + }; }) .AddJwtBearer(options => { @@ -157,6 +175,7 @@ public static void AddLexBoxAuth(IServiceCollection services, googleOptions.ClientId = googleConfig.ClientId; googleOptions.ClientSecret = googleConfig.ClientSecret; } + googleOptions.CallbackPath = "/api/login/signin-google"; googleOptions.Events.OnTicketReceived = async context => {