Correctly set scopes for AuthorizeCheckOperationFilter

2023-05-08 11:23:08 -07:00 · 2023-05-08 11:23:08 -07:00 · 9c2b972cc9
commit 9c2b972cc9
parent 3858d7ccf7
1 changed files with 7 additions and 2 deletions
--- a/src/Services/Services.Common/AuthorizeCheckOperationFilter.cs
+++ b/src/Services/Services.Common/AuthorizeCheckOperationFilter.cs
@ -6,9 +6,11 @@ using Swashbuckle.AspNetCore.SwaggerGen;
 namespace Services.Common;
 internal class AuthorizeCheckOperationFilter : IOperationFilter
 {
+    private readonly IConfiguration _configuration;
+
    public AuthorizeCheckOperationFilter(IConfiguration configuration)
    {
-
+        _configuration = configuration;
    }

    public void Apply(OpenApiOperation operation, OperationFilterContext context)
@ -27,11 +29,14 @@ internal class AuthorizeCheckOperationFilter : IOperationFilter
            Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "oauth2" }
        };

+        var identitySection = _configuration.GetSection("Identity");
+        var scopes = identitySection.GetRequiredSection("Scopes").GetChildren().Select(r => r.Key).ToArray();
+
        operation.Security = new List<OpenApiSecurityRequirement>
            {
                new()
                {
-                    [ oAuthScheme ] = new [] { "basketapi" }
+                    [ oAuthScheme ] = scopes
                }
            };
    }