From 8e7c98802bd1a14e7cc7fe5b676a33c6859d24ad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christoph=20B=C3=BChler?= <buehler@users.noreply.github.com>
Date: Wed, 8 Sep 2021 10:25:10 +0200
Subject: [PATCH] feat: add application as option key for API auth (#91)

---
 .../Authentication/Options/ZitadelApiOptions.cs      |  7 +++++++
 .../Authentication/Validation/ZitadelApiValidator.cs | 12 +++++++-----
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/src/Zitadel/Authentication/Options/ZitadelApiOptions.cs b/src/Zitadel/Authentication/Options/ZitadelApiOptions.cs
index 7774cc03..2c21cb68 100644
--- a/src/Zitadel/Authentication/Options/ZitadelApiOptions.cs
+++ b/src/Zitadel/Authentication/Options/ZitadelApiOptions.cs
@@ -29,6 +29,13 @@ public class ZitadelApiOptions
         /// </summary>
         public BasicAuthentication? BasicAuthCredentials { get; set; }
 
+        /// <summary>
+        /// Correlates with <see cref="JwtProfileKey"/>. If the API application uses
+        /// a private key JWT (recommended), this property can be set to pass the
+        /// application object itself instead of a key path or key content.
+        /// </summary>
+        public Application? JwtProfile { get; set; }
+
         /// <summary>
         /// If the API application uses a private key JWT (recommended) to authenticate
         /// itself against the IAM API, use this property to provide the key information.
diff --git a/src/Zitadel/Authentication/Validation/ZitadelApiValidator.cs b/src/Zitadel/Authentication/Validation/ZitadelApiValidator.cs
index e12349f2..16131b0f 100644
--- a/src/Zitadel/Authentication/Validation/ZitadelApiValidator.cs
+++ b/src/Zitadel/Authentication/Validation/ZitadelApiValidator.cs
@@ -14,6 +14,7 @@
 
 #if NET5_0_OR_GREATER
 using System.Net.Http.Json;
+
 #elif NETCOREAPP3_1_OR_GREATER
 using System.Text.Json;
 #endif
@@ -148,17 +149,18 @@ public override ClaimsPrincipal ValidateToken(
         private Func<string, HttpRequestMessage> RequestConstructor()
         {
             _oidcConfiguration ??= _configuration.GetConfigurationAsync().Result;
-            if (_options.BasicAuthCredentials == null && _options.JwtProfileKey == null)
+            if (_options.BasicAuthCredentials == null && _options.JwtProfileKey == null && _options.JwtProfile == null)
             {
                 throw new ApplicationException(
                     "Neither BasicAuth nor JwtPrivateKey credentials configured in Zitadel API authentication.");
             }
 
-            if (_options.JwtProfileKey != null)
+            if (_options.JwtProfileKey != null || _options.JwtProfile != null)
             {
-                var app = _options.JwtProfileKey.Content != null
-                    ? Application.LoadFromJsonString(_options.JwtProfileKey.Content)
-                    : Application.LoadFromJsonFile(_options.JwtProfileKey.Path ?? string.Empty);
+                var app = _options.JwtProfile ??
+                          (_options.JwtProfileKey?.Content != null
+                              ? Application.LoadFromJsonString(_options.JwtProfileKey.Content)
+                              : Application.LoadFromJsonFile(_options.JwtProfileKey?.Path ?? string.Empty));
 
                 string? jwt = null;