diff --git a/services/merchant-service-net/src/MerchantService.API/MerchantService.API.csproj b/services/merchant-service-net/src/MerchantService.API/MerchantService.API.csproj
index ec80d8e8..477bee67 100644
--- a/services/merchant-service-net/src/MerchantService.API/MerchantService.API.csproj
+++ b/services/merchant-service-net/src/MerchantService.API/MerchantService.API.csproj
@@ -14,6 +14,7 @@
+
runtime; build; native; contentfiles; analyzers; buildtransitive
all
diff --git a/services/merchant-service-net/src/MerchantService.API/Program.cs b/services/merchant-service-net/src/MerchantService.API/Program.cs
index f373080d..21e1e4e6 100644
--- a/services/merchant-service-net/src/MerchantService.API/Program.cs
+++ b/services/merchant-service-net/src/MerchantService.API/Program.cs
@@ -89,6 +89,23 @@ try
name: "postgresql",
tags: ["db", "postgresql"]);
+ // EN: Add JWT Bearer authentication via IAM IdentityServer OIDC discovery
+ // VI: Thêm JWT Bearer authentication qua IAM IdentityServer OIDC discovery
+ var jwtAuthority = builder.Configuration["Jwt:Authority"] ?? "http://localhost:5001";
+ builder.Services.AddAuthentication(Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerDefaults.AuthenticationScheme)
+ .AddJwtBearer(options =>
+ {
+ options.Authority = jwtAuthority;
+ options.RequireHttpsMetadata = false;
+ options.TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
+ {
+ ValidateIssuer = false,
+ ValidateAudience = false,
+ ValidateLifetime = true,
+ };
+ });
+ builder.Services.AddAuthorization();
+
// EN: Add CORS / VI: Thêm CORS
builder.Services.AddCors(options =>
{
@@ -118,6 +135,8 @@ try
app.UseCors();
app.UseRouting();
+ app.UseAuthentication();
+ app.UseAuthorization();
// EN: Map health check endpoints / VI: Map health check endpoints
app.MapHealthChecks("/health");