centralize AddIdentityAuthenticationServices

src/Api/Api.csproj

@@ -16,7 +16,6 @@
     <PackageReference Include="jsreport.Binary" Version="1.10.0" />
     <PackageReference Include="jsreport.Local" Version="1.1.2" />
     <PackageReference Include="Microsoft.AspNetCore.App" Version="2.1.2" />
-    <PackageReference Include="IdentityServer4.AccessTokenValidation" Version="2.6.0" />
     <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv" Version="2.1.2" />
   </ItemGroup>
 

src/Api/Startup.cs

@@ -1,6 +1,4 @@
-using System;
+using Microsoft.AspNetCore.Builder;
-using System.Security.Claims;
-using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
@@ -15,9 +13,7 @@ using Serilog.Events;
 using Stripe;
 using Bit.Core.Utilities;
 using IdentityModel;
-using IdentityServer4.AccessTokenValidation;
 using jsreport.AspNetCore;
-using Bit.Core.IdentityServer;
 using Microsoft.AspNetCore.HttpOverrides;
 
 namespace Bit.Api
@@ -73,20 +69,7 @@ namespace Bit.Api
 
             // Identity
             services.AddCustomIdentityServices(globalSettings);
-
+            services.AddIdentityAuthenticationServices(globalSettings, Environment, config =>
-            services
-                .AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
-                .AddIdentityServerAuthentication(options =>
-                {
-                    options.Authority = globalSettings.BaseServiceUri.InternalIdentity;
-                    options.RequireHttpsMetadata = !Environment.IsDevelopment() &&
-                        globalSettings.BaseServiceUri.InternalIdentity.StartsWith("https");
-                    options.TokenRetriever = TokenRetrieval.FromAuthorizationHeaderOrQueryString();
-                    options.NameClaimType = ClaimTypes.Email;
-                    options.SupportedTokens = SupportedTokens.Jwt;
-                });
-
-            services.AddAuthorization(config =>
             {
                 config.AddPolicy("Application", policy =>
                 {
@@ -159,7 +142,7 @@ namespace Bit.Api
                 }
 
                 if(e.Level == LogEventLevel.Information &&
-                    (context.Contains(typeof(IpRateLimitMiddleware).FullName) || 
+                    (context.Contains(typeof(IpRateLimitMiddleware).FullName) ||
                     context.StartsWith("\"Bit.Api.Jobs") || context.StartsWith("\"Bit.Core.Jobs")))
                 {
                     return true;

src/Core/Core.csproj

@@ -13,6 +13,7 @@
 
   <ItemGroup>
     <PackageReference Include="Handlebars.Net" Version="1.9.5" />
+    <PackageReference Include="IdentityServer4.AccessTokenValidation" Version="2.6.0" />
     <PackageReference Include="Microsoft.AspNetCore.DataProtection.AzureStorage" Version="2.1.1" />
     <PackageReference Include="Microsoft.AspNetCore.HttpOverrides" Version="2.1.1" />
     <PackageReference Include="Microsoft.AspNetCore.Identity" Version="2.1.2" />

src/Core/Utilities/ServiceCollectionExtensions.cs

@@ -22,6 +22,9 @@ using SqlServerRepos = Bit.Core.Repositories.SqlServer;
 using System.Threading.Tasks;
 using TableStorageRepos = Bit.Core.Repositories.TableStorage;
 using Microsoft.Extensions.DependencyInjection.Extensions;
+using IdentityServer4.AccessTokenValidation;
+using System.Security.Claims;
+using Microsoft.AspNetCore.Authorization;
 
 namespace Bit.Core.Utilities
 {
@@ -229,6 +232,39 @@ namespace Bit.Core.Utilities
             return identityBuilder;
         }
 
+        public static void AddIdentityAuthenticationServices(
+            this IServiceCollection services, GlobalSettings globalSettings, IHostingEnvironment environment,
+            Action<AuthorizationOptions> addAuthorization = null)
+        {
+            services
+                .AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
+                .AddIdentityServerAuthentication(options =>
+                {
+                    options.Authority = globalSettings.BaseServiceUri.InternalIdentity;
+                    options.RequireHttpsMetadata = !environment.IsDevelopment() &&
+                        globalSettings.BaseServiceUri.InternalIdentity.StartsWith("https");
+                    options.TokenRetriever = TokenRetrieval.FromAuthorizationHeaderOrQueryString();
+                    options.NameClaimType = ClaimTypes.Email;
+                    options.SupportedTokens = SupportedTokens.Jwt;
+                });
+
+            services.AddAuthorization(config =>
+            {
+                if(addAuthorization != null)
+                {
+                    addAuthorization?.Invoke(config);
+                }
+                else
+                {
+                    config.AddPolicy("Application", policy =>
+                    {
+                        policy.RequireAuthenticatedUser();
+                        policy.RequireClaim(JwtClaimTypes.AuthenticationMethod, "Application");
+                    });
+                }
+            });
+        }
+
         public static IIdentityServerBuilder AddCustomIdentityServerServices(
             this IServiceCollection services, IHostingEnvironment env, GlobalSettings globalSettings)
         {

src/Events/Events.csproj

@@ -9,7 +9,6 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="IdentityServer4.AccessTokenValidation" Version="2.6.0" />
     <PackageReference Include="Microsoft.AspNetCore.App" Version="2.1.2" />
     <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv" Version="2.1.2" />
   </ItemGroup>

src/Events/Startup.cs

@@ -1,9 +1,6 @@
-using System.Security.Claims;
+using Bit.Core;
-using Bit.Core;
 using Bit.Core.Services;
 using Bit.Core.Utilities;
-using IdentityModel;
-using IdentityServer4.AccessTokenValidation;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.Extensions.Configuration;
@@ -39,25 +36,7 @@ namespace Bit.Events
             services.AddScoped<CurrentContext>();
 
             // Identity
-            services
+            services.AddIdentityAuthenticationServices(globalSettings, Environment);
-                .AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
-                .AddIdentityServerAuthentication(options =>
-                {
-                    options.Authority = globalSettings.BaseServiceUri.InternalIdentity;
-                    options.RequireHttpsMetadata = !Environment.IsDevelopment() &&
-                        globalSettings.BaseServiceUri.InternalIdentity.StartsWith("https");
-                    options.NameClaimType = ClaimTypes.Email;
-                    options.SupportedTokens = SupportedTokens.Jwt;
-                });
-
-            services.AddAuthorization(config =>
-            {
-                config.AddPolicy("Application", policy =>
-                {
-                    policy.RequireAuthenticatedUser();
-                    policy.RequireClaim(JwtClaimTypes.AuthenticationMethod, "Application");
-                });
-            });
 
             // Services
             services.AddScoped<IEventService, EventService>();

src/Hub/Hub.csproj

@@ -8,7 +8,6 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="IdentityServer4.AccessTokenValidation" Version="2.6.0" />
     <PackageReference Include="Microsoft.AspNetCore.App" Version="2.1.2" />
     <PackageReference Include="Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv" Version="2.1.2" />
   </ItemGroup>

src/Hub/Startup.cs

@@ -1,9 +1,5 @@
-using System.Security.Claims;
+using Bit.Core;
-using Bit.Core;
-using Bit.Core.IdentityServer;
 using Bit.Core.Utilities;
-using IdentityModel;
-using IdentityServer4.AccessTokenValidation;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.SignalR;
@@ -41,26 +37,7 @@ namespace Bit.Hub
             services.AddScoped<CurrentContext>();
 
             // Identity
-            services
+            services.AddIdentityAuthenticationServices(globalSettings, Environment);
-                .AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
-                .AddIdentityServerAuthentication(options =>
-                {
-                    options.Authority = globalSettings.BaseServiceUri.InternalIdentity;
-                    options.RequireHttpsMetadata = !Environment.IsDevelopment() &&
-                        globalSettings.BaseServiceUri.InternalIdentity.StartsWith("https");
-                    options.TokenRetriever = TokenRetrieval.FromAuthorizationHeaderOrQueryString();
-                    options.NameClaimType = ClaimTypes.Email;
-                    options.SupportedTokens = SupportedTokens.Jwt;
-                });
-
-            services.AddAuthorization(config =>
-            {
-                config.AddPolicy("Application", policy =>
-                {
-                    policy.RequireAuthenticatedUser();
-                    policy.RequireClaim(JwtClaimTypes.AuthenticationMethod, "Application");
-                });
-            });
 
             // SignalR
             services.AddSignalR();