Update auth

Author: MWClayson-NHS

application/CohortManager/src/Functions/Shared/Common/Authentication/JwtAuthentication.cs

@@ -3,7 +3,6 @@ namespace Common;
 using Microsoft.IdentityModel.Protocols;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.Extensions.Options;
-using HttpRequestData = Microsoft.Azure.Functions.Worker.Http.HttpRequestData; // Alias to avoid confusion with Microsoft.IdentityModel.Protocols
 using Microsoft.IdentityModel.Tokens;
 using System.IdentityModel.Tokens.Jwt;
 using Microsoft.Extensions.Logging;
@@ -28,18 +27,37 @@ public JWTAuthentication(IOptions<AuthConfig> authConfig, ILogger<JWTAuthenticat
 
     public async Task<bool> ValidateTokenAsync(string token)
     {
+        if (string.IsNullOrWhiteSpace(token))
+        {
+            _logger.LogWarning("Token is missing");
+            return false;
+        }
+
         try
         {
+            var handler = new JwtSecurityTokenHandler();
+            if (!handler.CanReadToken(token))
+            {
+                _logger.LogWarning("Token is not a valid JWT format");
+                return false;
+            }
+
             var oidcConfig = await _configurationManager.GetConfigurationAsync();
             var validatorParam = new TokenValidationParameters
             {
+                ValidateIssuer = true,
                 ValidIssuer = oidcConfig.Issuer,
+                ValidateAudience = true,
                 ValidAudience = _authConfig.ClientId,
-                IssuerSigningKeys = oidcConfig.SigningKeys
+                ValidateIssuerSigningKey = true,
+                IssuerSigningKeys = oidcConfig.SigningKeys,
+                ValidateLifetime = true,
+                RequireExpirationTime = true,
+                RequireSignedTokens = true,
+                ClockSkew = TimeSpan.FromMinutes(1)
             };
 
-            var handler = new JwtSecurityTokenHandler();
-            handler.ValidateToken(token, validatorParam, out var validatedToken);
+            _ = handler.ValidateToken(token, validatorParam, out _);
             return true;
 
         }

application/CohortManager/src/Functions/Shared/Common/Extensions/AuthenticationExtension.cs

@@ -15,8 +15,7 @@ public static IHostBuilder AddAuthentication(this IHostBuilder hostBuilder)
         });
         hostBuilder.ConfigureServices((context, services) =>
         {
-
-            //services.AddSingleton<IAuthenticationService, JWTAuthentication>();
+            services.AddSingleton<IAuthenticationService, JWTAuthentication>();
         });
         return hostBuilder;
      }

application/CohortManager/src/Functions/screeningDataServices/GetValidationExceptions/Program.cs

@@ -10,21 +10,13 @@
 
 var host = new HostBuilder()
     .AddConfiguration<GetValidationExceptionsConfig>(out GetValidationExceptionsConfig config)
-    .AddConfiguration<AuthConfig>()
-    .ConfigureFunctionsWorkerDefaults(
-            workerOptions =>
-            {
-                workerOptions.UseMiddleware<CIS2AuthMiddleware>();
-            }
-    )
+    .AddAuthentication()
     .AddDataServicesHandler()
     .AddDataService<ExceptionManagement>(config.ExceptionManagementDataServiceURL)
     .AddDataService<ParticipantDemographic>(config.DemographicDataServiceURL)
     .Build()
-    //.AddAuthentication()
     .ConfigureServices(services =>
     {
-        services.AddSingleton<IAuthenticationService, JWTAuthentication>();
         services.AddTransient<IValidationExceptionData, ValidationExceptionData>();
         services.AddSingleton<ICreateResponse, CreateResponse>();
         services.AddSingleton<IHttpParserHelper, HttpParserHelper>();