public void Load()

in src/Microsoft.Health.Dicom.Api/Modules/SecurityModule.cs [35:97]

• 53 lines of code
• 3 McCabe index (conditional complexity)

        public void Load(IServiceCollection services)
        {
            EnsureArg.IsNotNull(services, nameof(services));

            // Set the token handler to not do auto inbound mapping. (e.g. "roles" -> "http://schemas.microsoft.com/ws/2008/06/identity/claims/role")
            JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();

            if (_securityConfiguration.Enabled)
            {
                string[] validAudiences = GetValidAudiences();
                string challengeAudience = validAudiences?.FirstOrDefault();

                services.AddAuthentication(options =>
                {
                    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
                    options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
                })
                .AddJwtBearer(options =>
                {
                    options.Authority = _securityConfiguration.Authentication.Authority;
                    options.RequireHttpsMetadata = true;
                    options.Challenge = $"Bearer authorization_uri=\"{_securityConfiguration.Authentication.Authority}\", resource_id=\"{challengeAudience}\", realm=\"{challengeAudience}\"";
                    options.TokenValidationParameters = new TokenValidationParameters
                    {
                        ValidAudiences = validAudiences,
                    };
                });

                services.AddControllers(mvcOptions =>
                {
                    var policy = new AuthorizationPolicyBuilder()
                        .RequireAuthenticatedUser()
                        .Build();

                    mvcOptions.Filters.Add(new AuthorizeFilter(policy));
                });

                if (_securityConfiguration.Authorization.Enabled)
                {
                    services.Add<DicomRoleLoader>().Transient().AsImplementedInterfaces();
                    services.AddSingleton(_securityConfiguration.Authorization);

                    services.AddSingleton<IAuthorizationService<DataActions>, RoleBasedAuthorizationService<DataActions, IDicomRequestContext>>();
                }
                else
                {
                    services.AddSingleton<IAuthorizationService<DataActions>, DisabledAuthorizationService<DataActions>>();
                }
            }
            else
            {
                services.AddSingleton<IAuthorizationService<DataActions>, DisabledAuthorizationService<DataActions>>();
            }

            services.Add<DicomRequestContextAccessor>()
                .Singleton()
                .AsSelf()
                .AsService<RequestContextAccessor<IDicomRequestContext>>()
                .AsService<IDicomRequestContextAccessor>();

            services.AddSingleton<IClaimsExtractor, PrincipalClaimsExtractor>();
        }