diff --git a/backend/LexBoxApi/Auth/AuthKernel.cs b/backend/LexBoxApi/Auth/AuthKernel.cs index 957c1a028..038da232b 100644 --- a/backend/LexBoxApi/Auth/AuthKernel.cs +++ b/backend/LexBoxApi/Auth/AuthKernel.cs @@ -7,12 +7,17 @@ using LexBoxApi.Controllers; using LexCore.Auth; using LexData; +using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authentication.Cookies; using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.AspNetCore.Authorization; using Microsoft.Extensions.Options; using Microsoft.IdentityModel.Logging; using Microsoft.OpenApi.Models; +using OpenIddict.Core; +using OpenIddict.Server; +using OpenIddict.Server.AspNetCore; +using OpenIddict.Validation; using OpenIddict.Validation.AspNetCore; namespace LexBoxApi.Auth; @@ -219,6 +224,7 @@ public static void AddLexBoxAuth(IServiceCollection services, var openIdOptions = configuration.GetSection("Authentication:OpenId").Get(); if (openIdOptions?.Enable == true) AddOpenId(services, environment); + services.AddOptions().ValidateOnStart(); } private static void AddOpenId(IServiceCollection services, IWebHostEnvironment environment) @@ -287,6 +293,11 @@ private static void AddOpenId(IServiceCollection services, IWebHostEnvironment e options.AddAudiences(Enum.GetValues().Where(a => a != LexboxAudience.Unknown).Select(a => a.ToString()).ToArray()); options.EnableAuthorizationEntryValidation(); }); + //ensure that validation happens on startup, not on the first request which requires authentication + services.AddOptions().ValidateOnStart(); + services.AddOptions().ValidateOnStart(); + services.AddOptions().ValidateOnStart(); + services.AddOptions().ValidateOnStart(); } public static AuthorizationPolicyBuilder RequireDefaultLexboxAuth(this AuthorizationPolicyBuilder builder)