Adding RequiredScopesConfigurationKey in RequiredScopeExtensions.cs (RequireScope) and RequiredScopeOrAppPermissionExtensions.cs (RequireScopeOrAppPermission)

[habex-ch]

Is your feature request related to a problem? Please describe.

Adding the required scope from configuration key while using the RequiredScopeAttribute is possible like [RequiredScope(RequiredScopesConfigurationKey = "AzureAd:Scopes")]

Adding the required scope while using the RequiredScopeExtensions.cs or RequiredScopeOrAppPermissionExtensions.cs is not possible. There is no option to set the RequiredScopesConfigurationKey property in both classes

Describe the solution you'd like Add requiredScopesConfigurationKey as parameters in both methods or add to separate methods where this property can be set. Here a possible solution for RequiredScopeExtensions.cs.

public static TBuilder RequireScopeFromConfiguration<TBuilder>(this TBuilder endpointConventionBuilder, string requiredScopesConfigurationKey)
    where TBuilder : IEndpointConventionBuilder
{
    return endpointConventionBuilder.WithMetadata(new RequiredScopeMetadata(requiredScopesConfigurationKey));
}

Extending the already existing class RequiredScopeMetadata with a new constructor.

private sealed class RequiredScopeMetadata : IAuthRequiredScopeMetadata
{
    ...
    public RequiredScopeMetadata(string requiredScopesConfigurationKey)
    {
        RequiredScopesConfigurationKey = requiredScopesConfigurationKey;
    }
    ...
}

Describe alternatives you've considered As a workaround, I can read the scope from the config beforehand like string scopes = builder.Configuration.GetSection("AzureAd:Scopes")?.Value; and use it then by like .RequireScope(scope: scopes)

Additional context While using Minimal API adding the scope with RequireScope or RequireScopeOrAppPermission methods is the way to go.

[habex-ch]

There are also other extensions where this is missing like PolicyBuilderExtensions.cs