Fixed some critical bugs

2026-05-02 15:50:03 -05:00
parent 6d1bc2ce2c
commit 71bd88ace9
3 changed files with 7 additions and 5 deletions
@@ -7,7 +7,7 @@ POSTGRES_PASSWORD=changeme

 # Auth
 AUTH__AUTHORITY=https://auth.stwaddle.com
-AUTH__AUDIENCE=budget-api
+AUTH__AUDIENCE=budget_api

 # Client (baked into Vite build)
 VITE_AUTH_AUTHORITY=https://auth.stwaddle.com
@@ -22,11 +22,14 @@ builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    {
        options.Authority = builder.Configuration["AUTH__AUTHORITY"];
        options.Audience = builder.Configuration["AUTH__AUDIENCE"];
+        options.MapInboundClaims = false;
        options.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuer = true,
            ValidateAudience = true,
            ValidateLifetime = true,
+            RoleClaimType = "role",
+            NameClaimType = "sub",
        };
    });

@@ -49,9 +52,8 @@ app.UseDefaultFiles();
 app.UseStaticFiles();

 app.UseAuthentication();
-app.UseAuthorization();
-
 app.UseMiddleware<KnownUserMiddleware>();
+app.UseAuthorization();

 app.MapControllers();
 app.MapHealthChecks("/healthz", new HealthCheckOptions
@@ -62,7 +64,7 @@ app.MapHealthChecks("/healthz", new HealthCheckOptions
        [HealthStatus.Degraded] = StatusCodes.Status200OK,
        [HealthStatus.Unhealthy] = StatusCodes.Status503ServiceUnavailable,
    }
-}).RequireAuthorization();
+});

 app.MapFallbackToFile("index.html");

@@ -5,7 +5,7 @@ export const authConfig: UserManagerSettings = {
  client_id: import.meta.env.VITE_AUTH_CLIENT_ID,
  redirect_uri: import.meta.env.VITE_AUTH_REDIRECT_URI,
  response_type: 'code',
-  scope: 'openid profile email',
+  scope: 'openid profile email offline_access budget_api',
  post_logout_redirect_uri: import.meta.env.VITE_AUTH_REDIRECT_URI?.replace('/callback', ''),
  automaticSilentRenew: true,
 };