feat: Disable header propagation feature (#88)

NikiforovAll · May 6, 2024 · 686ed17 · 686ed17
1 parent 4cef3c0
commit 686ed17
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 2 deletions.
diff --git a/...loak.AuthServices.Authorization/AuthorizationServer/KeycloakAuthorizationServerOptions.cs b/...loak.AuthServices.Authorization/AuthorizationServer/KeycloakAuthorizationServerOptions.cs
@@ -17,6 +17,11 @@ public sealed class KeycloakAuthorizationServerOptions : KeycloakInstallationOpt
  /// </summary>
  public string SourceAuthenticationScheme { get; set; } = "Bearer";
 
+ /// <summary>
+ /// Controls if <see cref="AccessTokenPropagationHandler"/> is added to the <see cref="IAuthorizationServerClient"/>
+ /// </summary>
+ public static bool DisableHeaderPropagation { get; set; }
+
  /// <summary>
  /// Gets or sets a value indicating whether to use the protected resource policy provider.
  /// </summary>

diff --git a/src/Keycloak.AuthServices.Authorization/ProtectedResourcePolicyProvider.cs b/src/Keycloak.AuthServices.Authorization/ProtectedResourcePolicyProvider.cs
@@ -23,7 +23,7 @@ public ProtectedResourcePolicyProvider(IOptions<AuthorizationOptions> options)
  return registeredPolicy;
  }
 
- // TODO: policy should be cached and managed properly, not production ready
+ // Policy should be cached and managed properly, probably not production ready
  // https://0xnf.github.io/posts/oauthserver/15/#dynamically-handling-policies
  var builder = new AuthorizationPolicyBuilder();
  var tokens = policyName.Split('#');

diff --git a/src/Keycloak.AuthServices.Authorization/ServiceCollectionExtensions.cs b/src/Keycloak.AuthServices.Authorization/ServiceCollectionExtensions.cs
@@ -145,7 +145,14 @@ public static IHttpClientBuilder AddAuthorizationServer(
  services.AddSingleton<IAuthorizationPolicyProvider, ProtectedResourcePolicyProvider>();
  }
 
- return services.AddAuthorizationServerClient(configureClient).AddHeaderPropagation();
+ var builder = services.AddAuthorizationServerClient(configureClient);
+
+ if (!KeycloakAuthorizationServerOptions.DisableHeaderPropagation)
+ {
+ builder.AddHeaderPropagation();
+ }
+
+ return builder;
  }
 
  /// <summary>