fix: switch JWT Bearer auth from symmetric key to OIDC discovery in 5 microservices

Replace manual SymmetricSecurityKey validation with Authority-based OIDC
discovery so tokens are validated against RSA keys published by the IAM
IdentityServer's discovery endpoint.

Services updated:
- CatalogService.API
- OrderService.API
- InventoryService.API
- FnbEngine.API
- BookingService.API

Co-authored-by: Velik <hongochai10@users.noreply.github.com>

services/booking-service-net/src/BookingService.API/Program.cs

@@ -85,22 +85,19 @@ try
             name: "postgresql",
             tags: ["db", "postgresql"]);
 
-    // EN: Add JWT Bearer authentication / VI: Thêm JWT Bearer authentication
+    // EN: Add JWT Bearer authentication via IAM IdentityServer OIDC discovery
+    // VI: Thêm JWT Bearer authentication qua IAM IdentityServer OIDC discovery
     var jwtAuthority = builder.Configuration["Jwt:Authority"] ?? "http://localhost:5001";
-    var jwtSecret = builder.Configuration["Jwt:Secret"] ?? "";
     builder.Services.AddAuthentication(Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerDefaults.AuthenticationScheme)
         .AddJwtBearer(options =>
         {
+            options.Authority = jwtAuthority;
             options.RequireHttpsMetadata = false;
             options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
             {
                 ValidateIssuer = false,
                 ValidateAudience = false,
                 ValidateLifetime = true,
-                ValidateIssuerSigningKey = !string.IsNullOrEmpty(jwtSecret),
-                IssuerSigningKey = !string.IsNullOrEmpty(jwtSecret)
-                    ? new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(jwtSecret))
-                    : null,
             };
         });
     builder.Services.AddAuthorization();

services/catalog-service-net/src/CatalogService.API/Program.cs

@@ -85,22 +85,19 @@ try
             name: "postgresql",
             tags: ["db", "postgresql"]);
 
-    // EN: Add JWT Bearer authentication / VI: Thêm JWT Bearer authentication
+    // EN: Add JWT Bearer authentication via IAM IdentityServer OIDC discovery
+    // VI: Thêm JWT Bearer authentication qua IAM IdentityServer OIDC discovery
     var jwtAuthority = builder.Configuration["Jwt:Authority"] ?? "http://localhost:5001";
-    var jwtSecret = builder.Configuration["Jwt:Secret"] ?? "";
     builder.Services.AddAuthentication(Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerDefaults.AuthenticationScheme)
         .AddJwtBearer(options =>
         {
+            options.Authority = jwtAuthority;
             options.RequireHttpsMetadata = false;
             options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
             {
                 ValidateIssuer = false,
                 ValidateAudience = false,
                 ValidateLifetime = true,
-                ValidateIssuerSigningKey = !string.IsNullOrEmpty(jwtSecret),
-                IssuerSigningKey = !string.IsNullOrEmpty(jwtSecret)
-                    ? new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(jwtSecret))
-                    : null,
             };
         });
     builder.Services.AddAuthorization();

services/fnb-engine-net/src/FnbEngine.API/Program.cs

@@ -85,22 +85,19 @@ try
             name: "postgresql",
             tags: ["db", "postgresql"]);
 
-    // EN: Add JWT Bearer authentication / VI: Thêm JWT Bearer authentication
+    // EN: Add JWT Bearer authentication via IAM IdentityServer OIDC discovery
+    // VI: Thêm JWT Bearer authentication qua IAM IdentityServer OIDC discovery
     var jwtAuthority = builder.Configuration["Jwt:Authority"] ?? "http://localhost:5001";
-    var jwtSecret = builder.Configuration["Jwt:Secret"] ?? "";
     builder.Services.AddAuthentication(Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerDefaults.AuthenticationScheme)
         .AddJwtBearer(options =>
         {
+            options.Authority = jwtAuthority;
             options.RequireHttpsMetadata = false;
             options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
             {
                 ValidateIssuer = false,
                 ValidateAudience = false,
                 ValidateLifetime = true,
-                ValidateIssuerSigningKey = !string.IsNullOrEmpty(jwtSecret),
-                IssuerSigningKey = !string.IsNullOrEmpty(jwtSecret)
-                    ? new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(jwtSecret))
-                    : null,
             };
         });
     builder.Services.AddAuthorization();

services/inventory-service-net/src/InventoryService.API/Program.cs

@@ -88,22 +88,19 @@ try
             name: "postgresql",
             tags: ["db", "postgresql"]);
 
-    // EN: Add JWT Bearer authentication / VI: Thêm JWT Bearer authentication
+    // EN: Add JWT Bearer authentication via IAM IdentityServer OIDC discovery
+    // VI: Thêm JWT Bearer authentication qua IAM IdentityServer OIDC discovery
     var jwtAuthority = builder.Configuration["Jwt:Authority"] ?? "http://localhost:5001";
-    var jwtSecret = builder.Configuration["Jwt:Secret"] ?? "";
     builder.Services.AddAuthentication(Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerDefaults.AuthenticationScheme)
         .AddJwtBearer(options =>
         {
+            options.Authority = jwtAuthority;
             options.RequireHttpsMetadata = false;
             options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
             {
                 ValidateIssuer = false,
                 ValidateAudience = false,
                 ValidateLifetime = true,
-                ValidateIssuerSigningKey = !string.IsNullOrEmpty(jwtSecret),
-                IssuerSigningKey = !string.IsNullOrEmpty(jwtSecret)
-                    ? new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(jwtSecret))
-                    : null,
             };
         });
     builder.Services.AddAuthorization();

services/order-service-net/src/OrderService.API/Program.cs

@@ -148,22 +148,19 @@ try
             name: "postgresql",
             tags: ["db", "postgresql"]);
 
-    // EN: Add JWT Bearer authentication / VI: Thêm JWT Bearer authentication
+    // EN: Add JWT Bearer authentication via IAM IdentityServer OIDC discovery
+    // VI: Thêm JWT Bearer authentication qua IAM IdentityServer OIDC discovery
     var jwtAuthority = builder.Configuration["Jwt:Authority"] ?? "http://localhost:5001";
-    var jwtSecret = builder.Configuration["Jwt:Secret"] ?? "";
     builder.Services.AddAuthentication(Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerDefaults.AuthenticationScheme)
         .AddJwtBearer(options =>
         {
+            options.Authority = jwtAuthority;
             options.RequireHttpsMetadata = false;
             options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
             {
                 ValidateIssuer = false,
                 ValidateAudience = false,
                 ValidateLifetime = true,
-                ValidateIssuerSigningKey = !string.IsNullOrEmpty(jwtSecret),
-                IssuerSigningKey = !string.IsNullOrEmpty(jwtSecret)
-                    ? new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(jwtSecret))
-                    : null,
             };
         });
     builder.Services.AddAuthorization();