stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity

compose and authority fixes. finish sprints.

Browse Source
This commit is contained in:
master
2026-02-17 21:59:47 +02:00
parent fb46a927ad
commit 49cdebe2f1
187 changed files with 23189 additions and 1439 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/Authority/StellaOps.Authority/StellaOps.Authority/Program.cs
View File

@@ -293,8 +293,6 @@ builder.Services.AddSingleton(pluginRegistrationSummary);
builder.Services.AddStellaOpsCors(builder.Environment, builder.Configuration);
builder.Services.AddRouting(options => options.LowercaseUrls = true);
builder.Services.AddProblemDetails();
builder.Services.AddStellaOpsResourceServerAuthentication(builder.Configuration, configurationSection: null);
builder.Services.AddAuthorization();
// The Authority validates its own tokens for admin endpoints. Configure the JWKS
// backchannel to accept the Authority's self-signed certificate (self-referential).
@@ -357,7 +355,8 @@ builder.Services.AddOpenIddict()
var aspNetCoreBuilder = options.UseAspNetCore()
.EnableAuthorizationEndpointPassthrough();
if (builder.Environment.IsDevelopment())
if (builder.Environment.IsDevelopment()
|| string.Equals(Environment.GetEnvironmentVariable("STELLAOPS_DISABLE_TRANSPORT_SECURITY"), "true", StringComparison.OrdinalIgnoreCase))
{
aspNetCoreBuilder.DisableTransportSecurityRequirement();
}
@@ -441,6 +440,11 @@ builder.Services.Configure<OpenIddictServerOptions>(options =>
options.DisableRollingRefreshTokens = false;
});
// Register StellaOpsBearer JWT authentication AFTER OpenIddict to ensure the scheme
// is not overwritten by OpenIddict's authentication provider registration.
builder.Services.AddStellaOpsResourceServerAuthentication(builder.Configuration, configurationSection: null);
builder.Services.AddAuthorization();
builder.TryAddStellaOpsLocalBinding("authority");
var app = builder.Build();
app.LogStellaOpsLocalHostname("authority");