Add shopId and status query params to GET /api/v1/kitchen/tickets.
Joins through Session to resolve shopId since KitchenTicket only
has SessionId. Backward-compatible: without shopId falls back to
existing pending-by-station behavior.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace manual SymmetricSecurityKey validation with Authority-based OIDC
discovery so tokens are validated against RSA keys published by the IAM
IdentityServer's discovery endpoint.
Services updated:
- CatalogService.API
- OrderService.API
- InventoryService.API
- FnbEngine.API
- BookingService.API
Co-authored-by: Velik <hongochai10@users.noreply.github.com>
Add AddAuthentication(JwtBearerDefaults.AuthenticationScheme) and
AddJwtBearer() service registration before CORS configuration in:
- CatalogService.API
- OrderService.API
- InventoryService.API
- FnbEngine.API
- BookingService.API
Also add Microsoft.AspNetCore.Authentication.JwtBearer v10.0.1 NuGet
package reference to each service's .csproj file.
This fixes the runtime error caused by UseAuthentication() being called
without a registered authentication scheme.
Co-authored-by: Velik <hongochai10@users.noreply.github.com>
Added app.UseAuthentication() and app.UseAuthorization() after
app.UseRouting() in the middleware pipeline for:
- CatalogService.API
- OrderService.API
- InventoryService.API
- FnbEngine.API
- BookingService.API
Co-authored-by: Velik <hongochai10@users.noreply.github.com>
