#585 #2316 Authentication global configuration

[raman-m]

Closes #2316

• Dynamic routing global configuration #585
• #585 Dynamic routes are unable to utilize AuthenticationOptions for global authentication #2316

Proposed Changes

• Refactored the AuthenticationMiddleware: first, removed the checker from the AuthenticateAsync method that ensured all keys were empty, which felt awkward due to filtering out empty keys—and honestly, we already have an auth validator. Second, while the validator doesn’t check for empty keys, I believe the IsSupportedAuthenticationProviders method handles this by validating against supported schemes. As a follow-up action, we could implement empty key checking in the validator to prevent Ocelot from starting.
• Cleaned up unnecessary code in the AuthenticationOptionsBuilder, RouteOptionsBuilder, RouteOptionsCreator, and RouteOptions classes. As a result, the IRouteOptionsCreator service was removed from the DI container. The RouteOptionsCreator service used to analyze configuration in File models and create a RouteOptions model to pass certain flags to the DownstreamRoute business model, where relevant boolean properties were set. Interestingly, those flags can already be accessed from existing options models, so a few small helper properties were added directly to the DownstreamRoute model.
• ⚠️ Feature update❗The AuthenticationOptions business model has been redesigned as the final step in merging the entire configuration. This model has no uninitialized aggregations, preventing runtime ArgumentNullException objects to be thrown.
• ⚠️ Feature update❗The AuthenticationOptionsCreator service class is at the heart of the feature. It combines all configurations and produces the final AuthenticationOptions business model for the middleware and custom services. The merging process takes route groups into account for global application.
• ⚠️ Feature update❗Reviewed the file models to support global auth configuration for dynamic routes, and we’ll be deprecating the AuthenticationProviderKey option in version 25.0.
• ⚠️ Feature update❗Creator classes now support auth options for dynamic routing, including ConfigurationCreator and DynamicRoutesCreator. Plus, trash code has been cleaned up from StaticRoutesCreator.
• ⚠️ Feature update❗The AuthenticationOptions model is mainly used by DiscoveryDownstreamRouteFinder, which sets up the AuthenticationOptions property of DownstreamRoute so it can be read by middleware that works independently of the routing mode, whether static or dynamic.
• Reviewed the FileAuthenticationOptionsValidator class, but it could be further developed in the future since our AuthenticationOptions include more features now.
• Removed the IRouteOptionsCreator service from DI after moving its functionality to DownstreamRoute, opting instead for custom business micro-helpers. As a result, a lot of trash code was cleaned up from the codebase, with the final step prepared in a few recent pull requests merged during this milestone.
• Unit tests. To be added
• Acceptance tests. To be added
• Docs. To be reviewed

[coveralls]

coverage: 93.195% (+0.3%) from 92.938%
when pulling a5f9521 on feature/2316-auth-opts
into 1fdf6c2 on develop.

[ggnaegi]

just a few bits and bobs

[raman-m]

@ggnaegi reviewed on November 12

Thanks for the review! As a team member, you’re welcome to push your suggestions directly as a commit to this feature branch.

[ggnaegi]

@raman-m ok for me, but make sure that the acceptance tests are written ;-)