-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathStartup.cs
77 lines (66 loc) · 3.02 KB
/
Startup.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
using System.IO;
using System.Net.Http;
using System.Threading.Tasks;
using Microsoft.Azure.Functions.Extensions.DependencyInjection;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Options;
using Microsoft.Identity.Client;
using Microsoft.Graph;
[assembly: FunctionsStartup(typeof(B2CAuthZ.Runtime.FuncHost.Startup))]
namespace B2CAuthZ.Runtime.FuncHost
{
public class Startup : FunctionsStartup
{
public override void ConfigureAppConfiguration(IFunctionsConfigurationBuilder builder)
{
FunctionsHostBuilderContext context = builder.GetContext();
var config = builder.ConfigurationBuilder
.AddJsonFile(Path.Combine(context.ApplicationRootPath, "appsettings.json"), optional: true, reloadOnChange: false)
.AddJsonFile(Path.Combine(context.ApplicationRootPath, $"appsettings.{context.EnvironmentName}.json"), optional: true, reloadOnChange: false)
.AddEnvironmentVariables()
.Build();
config.GetSection("AzureAd");
}
public override void Configure(IFunctionsHostBuilder builder)
{
builder.Services.AddLogging();
builder.Services.AddOptions<MsalTokenProviderConfiguration>()
.Configure<IConfiguration>((options, configuration) =>
{
configuration.GetSection("AzureAd").Bind(options);
});
builder.Services.AddSingleton<IAuthenticationProvider, MsalTokenProvider>();
// todo: you gotta be kidding me
builder.Services.AddSingleton<string>("https://graph.microsoft.com/v1.0/");
builder.Services.AddSingleton<GraphServiceClient>();
}
}
public class MsalTokenProviderConfiguration
{
public string ClientId { get; set; }
public string ClientSecret { get; set; }
public string TenantName { get; set; }
public string Authority { get; set; }
public string Scopes { get; set; }
}
public class MsalTokenProvider : Microsoft.Graph.IAuthenticationProvider
{
private readonly MsalTokenProviderConfiguration _config;
public readonly IConfidentialClientApplication _client;
public MsalTokenProvider(IOptions<MsalTokenProviderConfiguration> opts)
{
_config = opts.Value;
_client = ConfidentialClientApplicationBuilder
.Create(_config.ClientId)
.WithClientSecret(_config.ClientSecret)
.WithAuthority(_config.Authority ?? $"https://login.microsoftonline.com/{_config.TenantName}/v2.0")
.Build();
}
public async Task AuthenticateRequestAsync(HttpRequestMessage request)
{
var token = await _client.AcquireTokenForClient(_config.Scopes.Split(',')).ExecuteAsync();
request.Headers.Authorization = new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", token.AccessToken);
}
}
}