cmatskas/FeatherHttpAuthentication.cs

## FeatherHttpAuthentication.cs
using System.Collections.Concurrent;
using System.Net.Http.Headers;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Identity.Web;
using Microsoft.Identity.Web.Resource;
using Microsoft.Identity.Web.TokenCacheProviders.InMemory;

namespace SecureFeatherHttpApi
{
    class Program
    {
        private static ConcurrentBag<TodoItem> todoItemCollection;
        static async Task Main(string[] args)
        {
            var builder = Microsoft.AspNetCore.Builder.WebApplication.CreateBuilder(args);
            builder.Services.AddMicrosoftWebApiAuthentication(builder.Configuration);

            builder.Services.AddAuthorization();
            var app = builder.Build();

            app.UseAuthentication();
            app.UseAuthorization();

            app.MapGet("/api/todos", GetTodos).RequireAuthorization();
            app.MapPost("api/todos", CreateTodo).RequireAuthorization();

            todoItemCollection = new ConcurrentBag<TodoItem>();

            await app.RunAsync();
        }

        static async Task CreateTodo(HttpContext http)
        {
            http.VerifyUserHasAnyAcceptedScope(new string[] {"access_as_user"});

            var todo = await http.Request.ReadJsonAsync<TodoItem>();
            todoItemCollection.Add(todo);
            http.Response.StatusCode = 204;
        }

        static async Task GetTodos(HttpContext http)
        {
            http.VerifyUserHasAnyAcceptedScope(new string[] {"access_as_user"});

            if(todoItemCollection.Count == 0)
            {
                todoItemCollection.Add( new TodoItem{Id = 1, Name = "test", IsComplete = false});
                todoItemCollection.Add(new TodoItem{Id=2, Name="hello", IsComplete=true});
            }

            await http.Response.WriteJsonAsync(todoItemCollection);
        }
    }
}
	using System.Collections.Concurrent;
	using System.Net.Http.Headers;
	using System.Threading.Tasks;
	using Microsoft.AspNetCore.Builder;
	using Microsoft.AspNetCore.Http;
	using Microsoft.Extensions.DependencyInjection;
	using Microsoft.Identity.Web;
	using Microsoft.Identity.Web.Resource;
	using Microsoft.Identity.Web.TokenCacheProviders.InMemory;

	namespace SecureFeatherHttpApi
	{
	class Program
	{
	private static ConcurrentBag<TodoItem> todoItemCollection;
	static async Task Main(string[] args)
	{
	var builder = Microsoft.AspNetCore.Builder.WebApplication.CreateBuilder(args);
	builder.Services.AddMicrosoftWebApiAuthentication(builder.Configuration);

	builder.Services.AddAuthorization();
	var app = builder.Build();

	app.UseAuthentication();
	app.UseAuthorization();

	app.MapGet("/api/todos", GetTodos).RequireAuthorization();
	app.MapPost("api/todos", CreateTodo).RequireAuthorization();

	todoItemCollection = new ConcurrentBag<TodoItem>();

	await app.RunAsync();
	}

	static async Task CreateTodo(HttpContext http)
	{
	http.VerifyUserHasAnyAcceptedScope(new string[] {"access_as_user"});

	var todo = await http.Request.ReadJsonAsync<TodoItem>();
	todoItemCollection.Add(todo);
	http.Response.StatusCode = 204;
	}

	static async Task GetTodos(HttpContext http)
	{
	http.VerifyUserHasAnyAcceptedScope(new string[] {"access_as_user"});

	if(todoItemCollection.Count == 0)
	{
	todoItemCollection.Add( new TodoItem{Id = 1, Name = "test", IsComplete = false});
	todoItemCollection.Add(new TodoItem{Id=2, Name="hello", IsComplete=true});
	}

	await http.Response.WriteJsonAsync(todoItemCollection);
	}
	}
	}