From 7e7cc0d8ba1344bf86bcad609f51ea526e4c5866 Mon Sep 17 00:00:00 2001
From: Tim Mulholland <timulhol@microsoft.com>
Date: Mon, 8 Apr 2024 12:28:05 -0700
Subject: [PATCH] Nest OpenIdConnect options under Frontend

---
 src/Aspire.Dashboard/Components/Controls/UserProfile.razor.cs | 4 ++--
 src/Aspire.Dashboard/Configuration/DashboardOptions.cs        | 2 +-
 .../Configuration/ValidateDashboardOptions.cs                 | 2 +-
 src/Aspire.Dashboard/README.md                                | 4 ++--
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/Aspire.Dashboard/Components/Controls/UserProfile.razor.cs b/src/Aspire.Dashboard/Components/Controls/UserProfile.razor.cs
index 5c302c9920c..1a471cbf671 100644
--- a/src/Aspire.Dashboard/Components/Controls/UserProfile.razor.cs
+++ b/src/Aspire.Dashboard/Components/Controls/UserProfile.razor.cs
@@ -48,14 +48,14 @@ protected override async Task OnParametersSetAsync()
             if (claimsIdentity?.IsAuthenticated == true)
             {
                 _showUserProfileMenu = true;
-                _name = claimsIdentity.FindFirst(DashboardOptions.CurrentValue.OpenIdConnect.GetNameClaimTypes());
+                _name = claimsIdentity.FindFirst(DashboardOptions.CurrentValue.Frontend.OpenIdConnect.GetNameClaimTypes());
                 if (string.IsNullOrWhiteSpace(_name))
                 {
                     // Make sure there's always a name, even if that name is a placeholder
                     _name = Loc[nameof(Login.AuthorizedUser)];
                 }
 
-                _username = claimsIdentity.FindFirst(DashboardOptions.CurrentValue.OpenIdConnect.GetUsernameClaimTypes());
+                _username = claimsIdentity.FindFirst(DashboardOptions.CurrentValue.Frontend.OpenIdConnect.GetUsernameClaimTypes());
                 _initials = _name.GetInitials();
             }
             else
diff --git a/src/Aspire.Dashboard/Configuration/DashboardOptions.cs b/src/Aspire.Dashboard/Configuration/DashboardOptions.cs
index 834f39b9a71..5514e114544 100644
--- a/src/Aspire.Dashboard/Configuration/DashboardOptions.cs
+++ b/src/Aspire.Dashboard/Configuration/DashboardOptions.cs
@@ -16,7 +16,6 @@ public sealed class DashboardOptions
     public FrontendOptions Frontend { get; set; } = new FrontendOptions();
     public ResourceServiceClientOptions ResourceServiceClient { get; set; } = new ResourceServiceClientOptions();
     public TelemetryLimitOptions TelemetryLimits { get; set; } = new TelemetryLimitOptions();
-    public OpenIdConnectOptions OpenIdConnect { get; set; } = new OpenIdConnectOptions();
 }
 
 // Don't set values after validating/parsing options.
@@ -115,6 +114,7 @@ public sealed class FrontendOptions
     public string? EndpointUrls { get; set; }
     public FrontendAuthMode? AuthMode { get; set; }
     public string? BrowserToken { get; set; }
+    public OpenIdConnectOptions OpenIdConnect { get; set; } = new OpenIdConnectOptions();
 
     public byte[]? GetBrowserTokenBytes() => _browserTokenBytes;
 
diff --git a/src/Aspire.Dashboard/Configuration/ValidateDashboardOptions.cs b/src/Aspire.Dashboard/Configuration/ValidateDashboardOptions.cs
index e9c719c0ed8..a5b7e3b6434 100644
--- a/src/Aspire.Dashboard/Configuration/ValidateDashboardOptions.cs
+++ b/src/Aspire.Dashboard/Configuration/ValidateDashboardOptions.cs
@@ -100,7 +100,7 @@ public ValidateOptionsResult Validate(string? name, DashboardOptions options)
             }
         }
 
-        if (!options.OpenIdConnect.TryParseOptions(out var messages))
+        if (!options.Frontend.OpenIdConnect.TryParseOptions(out var messages))
         {
             errorMessages.AddRange(messages);
         }
diff --git a/src/Aspire.Dashboard/README.md b/src/Aspire.Dashboard/README.md
index 0a40a6ccd2a..0daad4be3c7 100644
--- a/src/Aspire.Dashboard/README.md
+++ b/src/Aspire.Dashboard/README.md
@@ -57,8 +57,8 @@ Set `Dashboard:Frontend:AuthMode` to `OpenIdConnect`, then add the following con
 - `Authentication:Schemes:OpenIdConnect:ClientId` Identity of the relying party (RP)
 - `Authentication:Schemes:OpenIdConnect:ClientSecret` A secret that only the real RP would know
 - Other properties of [`OpenIdConnectOptions`](https://learn.microsoft.com/dotnet/api/microsoft.aspnetcore.builder.openidconnectoptions) specified in configuration container `Authentication:Schemes:OpenIdConnect:*`
-- `Dashboard:OpenIdConnect:NameClaimType` specifies the claim type(s) that should be used to display the authenticated user's full name. Can be a single claim type or a comma-delimited list of claim types. Defaults to `name`.
-- `Dashboard:OpenIdConnect:UsernameClaimType` specifies the claim type(s) that should be used to display the authenticated user's username. Can be a single claim type or a comma-delimited list of claim types. Defaults to `preferred_username`.
+- `Dashboard:Frontend:OpenIdConnect:NameClaimType` specifies the claim type(s) that should be used to display the authenticated user's full name. Can be a single claim type or a comma-delimited list of claim types. Defaults to `name`.
+- `Dashboard:Frontend:OpenIdConnect:UsernameClaimType` specifies the claim type(s) that should be used to display the authenticated user's username. Can be a single claim type or a comma-delimited list of claim types. Defaults to `preferred_username`.
 
 ### OTLP authentication