diff --git a/docs/architecture/bff-identity-boundary.md b/docs/architecture/bff-identity-boundary.md
new file mode 100644
index 0000000..a778e74
--- /dev/null
+++ b/docs/architecture/bff-identity-boundary.md
@@ -0,0 +1,16 @@
+# Thalos BFF Identity Boundary
+
+## Purpose
+Keep thalos-bff as an edge adapter layer that consumes thalos-service and adopted identity capability contracts.
+
+## BFF Responsibilities
+- Edge contract handling
+- Service client adaptation
+- Correlation/tracing propagation
+- Single active edge protocol policy enforcement (`rest`)
+- Provider metadata propagation (`InternalJwt`, `AzureAd`, `Google`)
+
+## Prohibited
+- Direct DAL access
+- Identity policy decision ownership
+- Identity persistence concerns
diff --git a/docs/migration/building-block-identity-adoption-plan.md b/docs/migration/building-block-identity-adoption-plan.md
new file mode 100644
index 0000000..c46e8aa
--- /dev/null
+++ b/docs/migration/building-block-identity-adoption-plan.md
@@ -0,0 +1,13 @@
+# Building Block Identity Adoption Plan
+
+## Goal
+Align BFF contract usage with building-block-identity contract surface without changing behavior.
+
+## Steps
+1. Map current BFF identity contract types to capability contract types.
+2. Keep compatibility bridge active during migration window.
+3. Validate edge payload behavior and service compatibility.
+
+## Guardrails
+- BFF remains service-facing.
+- No identity decision logic moves into BFF.
diff --git a/docs/migration/edge-compatibility-checks.md b/docs/migration/edge-compatibility-checks.md
new file mode 100644
index 0000000..86ef61a
--- /dev/null
+++ b/docs/migration/edge-compatibility-checks.md
@@ -0,0 +1,6 @@
+# Edge Compatibility Checks
+
+## Checks
+- Existing edge request/response behavior remains stable.
+- Correlation and trace metadata pass-through remains stable.
+- Service contract compatibility is preserved after identity contract adoption.
diff --git a/src/Thalos.Bff.Application/Adapters/IIdentityEdgeContractAdapter.cs b/src/Thalos.Bff.Application/Adapters/IIdentityEdgeContractAdapter.cs
index 924a7f9..616e017 100644
--- a/src/Thalos.Bff.Application/Adapters/IIdentityEdgeContractAdapter.cs
+++ b/src/Thalos.Bff.Application/Adapters/IIdentityEdgeContractAdapter.cs
@@ -1,6 +1,6 @@
-using Thalos.Bff.Application.Contracts;
using Thalos.Bff.Contracts.Api;
-using Thalos.Service.Identity.Abstractions.Contracts;
+using BuildingBlock.Identity.Contracts.Requests;
+using BuildingBlock.Identity.Contracts.Responses;
namespace Thalos.Bff.Application.Adapters;
diff --git a/src/Thalos.Bff.Application/Adapters/IThalosServiceClient.cs b/src/Thalos.Bff.Application/Adapters/IThalosServiceClient.cs
index 83e30d5..2e33aa6 100644
--- a/src/Thalos.Bff.Application/Adapters/IThalosServiceClient.cs
+++ b/src/Thalos.Bff.Application/Adapters/IThalosServiceClient.cs
@@ -1,5 +1,5 @@
-using Thalos.Bff.Application.Contracts;
-using Thalos.Service.Identity.Abstractions.Contracts;
+using BuildingBlock.Identity.Contracts.Requests;
+using BuildingBlock.Identity.Contracts.Responses;
namespace Thalos.Bff.Application.Adapters;
diff --git a/src/Thalos.Bff.Application/Adapters/IdentityEdgeContractAdapter.cs b/src/Thalos.Bff.Application/Adapters/IdentityEdgeContractAdapter.cs
new file mode 100644
index 0000000..22259b0
--- /dev/null
+++ b/src/Thalos.Bff.Application/Adapters/IdentityEdgeContractAdapter.cs
@@ -0,0 +1,52 @@
+using Thalos.Bff.Contracts.Api;
+using BuildingBlock.Identity.Contracts.Requests;
+using BuildingBlock.Identity.Contracts.Responses;
+
+namespace Thalos.Bff.Application.Adapters;
+
+///
+/// Default adapter implementation for identity edge API and service contracts.
+///
+public sealed class IdentityEdgeContractAdapter : IIdentityEdgeContractAdapter
+{
+ ///
+ public EvaluateIdentityPolicyRequest ToPolicyRequest(IssueTokenApiRequest request, string permissionCode)
+ {
+ return new EvaluateIdentityPolicyRequest(
+ request.SubjectId,
+ request.TenantId,
+ permissionCode,
+ request.Provider);
+ }
+
+ ///
+ public IssueIdentityTokenRequest ToIssueTokenRequest(IssueTokenApiRequest request)
+ {
+ return new IssueIdentityTokenRequest(
+ request.SubjectId,
+ request.TenantId,
+ request.Provider,
+ request.ExternalToken);
+ }
+
+ ///
+ public IssueTokenApiResponse ToIssueTokenApiResponse(IssueIdentityTokenResponse response)
+ {
+ return new IssueTokenApiResponse(response.Token, response.ExpiresInSeconds);
+ }
+
+ ///
+ public RefreshIdentitySessionRequest ToRefreshSessionRequest(RefreshSessionApiRequest request)
+ {
+ return new RefreshIdentitySessionRequest(
+ request.RefreshToken,
+ request.CorrelationId,
+ request.Provider);
+ }
+
+ ///
+ public RefreshSessionApiResponse ToRefreshSessionApiResponse(RefreshIdentitySessionResponse response)
+ {
+ return new RefreshSessionApiResponse(response.Token, response.ExpiresInSeconds);
+ }
+}
diff --git a/src/Thalos.Bff.Application/Adapters/IdentityEdgeGrpcContractAdapter.cs b/src/Thalos.Bff.Application/Adapters/IdentityEdgeGrpcContractAdapter.cs
new file mode 100644
index 0000000..7f2fc4f
--- /dev/null
+++ b/src/Thalos.Bff.Application/Adapters/IdentityEdgeGrpcContractAdapter.cs
@@ -0,0 +1,42 @@
+using Thalos.Bff.Application.Grpc;
+using Thalos.Bff.Contracts.Api;
+
+namespace Thalos.Bff.Application.Adapters;
+
+///
+/// Default adapter implementation for identity edge gRPC contract translation.
+///
+public sealed class IdentityEdgeGrpcContractAdapter : IIdentityEdgeGrpcContractAdapter
+{
+ ///
+ public IssueIdentityTokenGrpcContract ToGrpc(IssueTokenApiRequest request)
+ {
+ return new IssueIdentityTokenGrpcContract(
+ request.SubjectId,
+ request.TenantId,
+ request.CorrelationId,
+ request.Provider.ToString(),
+ request.ExternalToken);
+ }
+
+ ///
+ public IssueTokenApiRequest FromGrpc(IssueIdentityTokenGrpcContract contract)
+ {
+ return new IssueTokenApiRequest(
+ contract.SubjectId,
+ contract.TenantId,
+ contract.CorrelationId,
+ ParseProvider(contract.Provider),
+ contract.ExternalToken);
+ }
+
+ private static BuildingBlock.Identity.Contracts.Conventions.IdentityAuthProvider ParseProvider(string provider)
+ {
+ return Enum.TryParse(
+ provider,
+ true,
+ out var parsedProvider)
+ ? parsedProvider
+ : BuildingBlock.Identity.Contracts.Conventions.IdentityAuthProvider.InternalJwt;
+ }
+}
diff --git a/src/Thalos.Bff.Application/Contracts/RefreshIdentitySessionRequest.cs b/src/Thalos.Bff.Application/Contracts/RefreshIdentitySessionRequest.cs
deleted file mode 100644
index f4bd093..0000000
--- a/src/Thalos.Bff.Application/Contracts/RefreshIdentitySessionRequest.cs
+++ /dev/null
@@ -1,8 +0,0 @@
-namespace Thalos.Bff.Application.Contracts;
-
-///
-/// Transport-neutral internal request contract for refresh session flow.
-///
-/// Refresh token value.
-/// Request correlation identifier.
-public sealed record RefreshIdentitySessionRequest(string RefreshToken, string CorrelationId);
diff --git a/src/Thalos.Bff.Application/Contracts/RefreshIdentitySessionResponse.cs b/src/Thalos.Bff.Application/Contracts/RefreshIdentitySessionResponse.cs
deleted file mode 100644
index 5a5267c..0000000
--- a/src/Thalos.Bff.Application/Contracts/RefreshIdentitySessionResponse.cs
+++ /dev/null
@@ -1,8 +0,0 @@
-namespace Thalos.Bff.Application.Contracts;
-
-///
-/// Transport-neutral internal response contract for refresh session flow.
-///
-/// Refreshed token value.
-/// Token expiration in seconds.
-public sealed record RefreshIdentitySessionResponse(string Token, int ExpiresInSeconds);
diff --git a/src/Thalos.Bff.Application/DependencyInjection/ThalosBffApplicationServiceCollectionExtensions.cs b/src/Thalos.Bff.Application/DependencyInjection/ThalosBffApplicationServiceCollectionExtensions.cs
new file mode 100644
index 0000000..49f8db4
--- /dev/null
+++ b/src/Thalos.Bff.Application/DependencyInjection/ThalosBffApplicationServiceCollectionExtensions.cs
@@ -0,0 +1,30 @@
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.DependencyInjection.Extensions;
+using Thalos.Bff.Application.Adapters;
+using Thalos.Bff.Application.Handlers;
+using Thalos.Bff.Application.Security;
+
+namespace Thalos.Bff.Application.DependencyInjection;
+
+///
+/// Registers application-layer runtime wiring for thalos-bff.
+///
+public static class ThalosBffApplicationServiceCollectionExtensions
+{
+ ///
+ /// Adds thalos-bff application handlers and adapter implementations.
+ ///
+ /// Service collection.
+ /// Service collection for fluent chaining.
+ public static IServiceCollection AddThalosBffApplicationRuntime(this IServiceCollection services)
+ {
+ services.TryAddSingleton();
+ services.TryAddSingleton();
+ services.TryAddSingleton();
+
+ services.TryAddScoped();
+ services.TryAddScoped();
+
+ return services;
+ }
+}
diff --git a/src/Thalos.Bff.Application/Grpc/IssueIdentityTokenGrpcContract.cs b/src/Thalos.Bff.Application/Grpc/IssueIdentityTokenGrpcContract.cs
index ac57ab0..e49ccc1 100644
--- a/src/Thalos.Bff.Application/Grpc/IssueIdentityTokenGrpcContract.cs
+++ b/src/Thalos.Bff.Application/Grpc/IssueIdentityTokenGrpcContract.cs
@@ -6,4 +6,11 @@ namespace Thalos.Bff.Application.Grpc;
/// Identity subject identifier.
/// Tenant identifier.
/// Request correlation identifier.
-public sealed record IssueIdentityTokenGrpcContract(string SubjectId, string TenantId, string CorrelationId);
+/// Identity provider.
+/// External provider token when applicable.
+public sealed record IssueIdentityTokenGrpcContract(
+ string SubjectId,
+ string TenantId,
+ string CorrelationId,
+ string Provider = "InternalJwt",
+ string ExternalToken = "");
diff --git a/src/Thalos.Bff.Application/Security/IPermissionGuard.cs b/src/Thalos.Bff.Application/Security/IPermissionGuard.cs
index 15ce8e9..2cec0fb 100644
--- a/src/Thalos.Bff.Application/Security/IPermissionGuard.cs
+++ b/src/Thalos.Bff.Application/Security/IPermissionGuard.cs
@@ -1,4 +1,4 @@
-using Thalos.Service.Identity.Abstractions.Contracts;
+using BuildingBlock.Identity.Contracts.Responses;
namespace Thalos.Bff.Application.Security;
diff --git a/src/Thalos.Bff.Application/Security/IdentityPermissionGuard.cs b/src/Thalos.Bff.Application/Security/IdentityPermissionGuard.cs
new file mode 100644
index 0000000..e05ec49
--- /dev/null
+++ b/src/Thalos.Bff.Application/Security/IdentityPermissionGuard.cs
@@ -0,0 +1,15 @@
+using BuildingBlock.Identity.Contracts.Responses;
+
+namespace Thalos.Bff.Application.Security;
+
+///
+/// Default permission guard backed by thalos-service policy evaluation responses.
+///
+public sealed class IdentityPermissionGuard : IPermissionGuard
+{
+ ///
+ public bool CanAccess(EvaluateIdentityPolicyResponse policyResponse)
+ {
+ return policyResponse.IsAllowed;
+ }
+}
diff --git a/src/Thalos.Bff.Application/Thalos.Bff.Application.csproj b/src/Thalos.Bff.Application/Thalos.Bff.Application.csproj
index 8edcb4b..76aa9d2 100644
--- a/src/Thalos.Bff.Application/Thalos.Bff.Application.csproj
+++ b/src/Thalos.Bff.Application/Thalos.Bff.Application.csproj
@@ -5,7 +5,8 @@
enable
+
-
+
diff --git a/src/Thalos.Bff.Contracts/Api/IssueTokenApiRequest.cs b/src/Thalos.Bff.Contracts/Api/IssueTokenApiRequest.cs
index 7014cc6..aea9771 100644
--- a/src/Thalos.Bff.Contracts/Api/IssueTokenApiRequest.cs
+++ b/src/Thalos.Bff.Contracts/Api/IssueTokenApiRequest.cs
@@ -1,3 +1,5 @@
+using BuildingBlock.Identity.Contracts.Conventions;
+
namespace Thalos.Bff.Contracts.Api;
///
@@ -6,4 +8,11 @@ namespace Thalos.Bff.Contracts.Api;
/// Identity subject identifier.
/// Tenant identifier.
/// Request correlation identifier.
-public sealed record IssueTokenApiRequest(string SubjectId, string TenantId, string CorrelationId = "");
+/// Identity auth provider.
+/// External provider token when applicable.
+public sealed record IssueTokenApiRequest(
+ string SubjectId,
+ string TenantId,
+ string CorrelationId = "",
+ IdentityAuthProvider Provider = IdentityAuthProvider.InternalJwt,
+ string ExternalToken = "");
diff --git a/src/Thalos.Bff.Contracts/Api/RefreshSessionApiRequest.cs b/src/Thalos.Bff.Contracts/Api/RefreshSessionApiRequest.cs
index a1765d3..43980d3 100644
--- a/src/Thalos.Bff.Contracts/Api/RefreshSessionApiRequest.cs
+++ b/src/Thalos.Bff.Contracts/Api/RefreshSessionApiRequest.cs
@@ -1,3 +1,5 @@
+using BuildingBlock.Identity.Contracts.Conventions;
+
namespace Thalos.Bff.Contracts.Api;
///
@@ -5,4 +7,8 @@ namespace Thalos.Bff.Contracts.Api;
///
/// Refresh token value.
/// Request correlation identifier.
-public sealed record RefreshSessionApiRequest(string RefreshToken, string CorrelationId = "");
+/// Identity auth provider.
+public sealed record RefreshSessionApiRequest(
+ string RefreshToken,
+ string CorrelationId = "",
+ IdentityAuthProvider Provider = IdentityAuthProvider.InternalJwt);
diff --git a/src/Thalos.Bff.Contracts/Conventions/ThalosBffPackageContract.cs b/src/Thalos.Bff.Contracts/Conventions/ThalosBffPackageContract.cs
index 0cc1e4c..213b7aa 100644
--- a/src/Thalos.Bff.Contracts/Conventions/ThalosBffPackageContract.cs
+++ b/src/Thalos.Bff.Contracts/Conventions/ThalosBffPackageContract.cs
@@ -11,5 +11,5 @@ public sealed class ThalosBffPackageContract : IBlueprintPackageContract
public BlueprintPackageDescriptor Descriptor { get; } = new(
"Thalos.Bff.Contracts",
PackageVersionPolicy.Minor,
- ["Core.Blueprint.Common", "Thalos.Service.Identity.Abstractions"]);
+ ["Core.Blueprint.Common", "BuildingBlock.Identity.Contracts"]);
}
diff --git a/src/Thalos.Bff.Contracts/Thalos.Bff.Contracts.csproj b/src/Thalos.Bff.Contracts/Thalos.Bff.Contracts.csproj
index 04a4bbc..9a5109e 100644
--- a/src/Thalos.Bff.Contracts/Thalos.Bff.Contracts.csproj
+++ b/src/Thalos.Bff.Contracts/Thalos.Bff.Contracts.csproj
@@ -6,5 +6,6 @@
+
diff --git a/src/Thalos.Bff.Rest/Adapters/ThalosServiceGrpcClientAdapter.cs b/src/Thalos.Bff.Rest/Adapters/ThalosServiceGrpcClientAdapter.cs
new file mode 100644
index 0000000..01f3724
--- /dev/null
+++ b/src/Thalos.Bff.Rest/Adapters/ThalosServiceGrpcClientAdapter.cs
@@ -0,0 +1,111 @@
+using Grpc.Core;
+using Microsoft.Extensions.Primitives;
+using Thalos.Bff.Application.Adapters;
+using Thalos.Service.Grpc;
+using BuildingBlock.Identity.Contracts.Requests;
+using BuildingBlock.Identity.Contracts.Responses;
+
+namespace Thalos.Bff.Rest.Adapters;
+
+///
+/// gRPC-backed adapter for downstream thalos-service calls.
+///
+public sealed class ThalosServiceGrpcClientAdapter(
+ IdentityRuntime.IdentityRuntimeClient grpcClient,
+ IHttpContextAccessor httpContextAccessor,
+ IConfiguration configuration) : IThalosServiceClient
+{
+ private const string CorrelationHeaderName = "x-correlation-id";
+ private readonly string refreshTenantId = configuration["ThalosService:RefreshTenantId"] ?? "refresh";
+
+ ///
+ public async Task IssueTokenAsync(IssueIdentityTokenRequest request)
+ {
+ var correlationId = ResolveCorrelationId();
+ var grpcRequest = new IssueIdentityTokenGrpcRequest
+ {
+ SubjectId = request.SubjectId,
+ TenantId = request.TenantId,
+ Provider = request.Provider.ToString(),
+ ExternalToken = request.ExternalToken
+ };
+
+ var grpcResponse = await grpcClient.IssueIdentityTokenAsync(
+ grpcRequest,
+ headers: CreateHeaders(correlationId));
+
+ return new IssueIdentityTokenResponse(grpcResponse.Token, grpcResponse.ExpiresInSeconds);
+ }
+
+ ///
+ public async Task EvaluatePolicyAsync(EvaluateIdentityPolicyRequest request)
+ {
+ var correlationId = ResolveCorrelationId();
+ var grpcRequest = new EvaluateIdentityPolicyGrpcRequest
+ {
+ SubjectId = request.SubjectId,
+ TenantId = request.TenantId,
+ PermissionCode = request.PermissionCode,
+ Provider = request.Provider.ToString()
+ };
+
+ var grpcResponse = await grpcClient.EvaluateIdentityPolicyAsync(
+ grpcRequest,
+ headers: CreateHeaders(correlationId));
+
+ return new EvaluateIdentityPolicyResponse(
+ grpcResponse.SubjectId,
+ grpcResponse.PermissionCode,
+ grpcResponse.IsAllowed);
+ }
+
+ ///
+ public async Task RefreshSessionAsync(RefreshIdentitySessionRequest request)
+ {
+ var correlationId = ResolveCorrelationId(request.CorrelationId);
+ var grpcRequest = new IssueIdentityTokenGrpcRequest
+ {
+ SubjectId = request.RefreshToken,
+ TenantId = refreshTenantId,
+ Provider = request.Provider.ToString()
+ };
+
+ var grpcResponse = await grpcClient.IssueIdentityTokenAsync(
+ grpcRequest,
+ headers: CreateHeaders(correlationId));
+
+ return new RefreshIdentitySessionResponse(grpcResponse.Token, grpcResponse.ExpiresInSeconds);
+ }
+
+ private string ResolveCorrelationId(string? preferred = null)
+ {
+ if (!string.IsNullOrWhiteSpace(preferred))
+ {
+ return preferred;
+ }
+
+ var context = httpContextAccessor.HttpContext;
+ if (context?.Items.TryGetValue(CorrelationHeaderName, out var itemValue) == true &&
+ itemValue is string itemCorrelationId &&
+ !string.IsNullOrWhiteSpace(itemCorrelationId))
+ {
+ return itemCorrelationId;
+ }
+
+ if (context?.Request.Headers.TryGetValue(CorrelationHeaderName, out var headerValue) == true &&
+ !StringValues.IsNullOrEmpty(headerValue))
+ {
+ return headerValue.ToString();
+ }
+
+ return context?.TraceIdentifier ?? $"corr-{Guid.NewGuid():N}";
+ }
+
+ private static Metadata CreateHeaders(string correlationId)
+ {
+ return new Metadata
+ {
+ { CorrelationHeaderName, correlationId }
+ };
+ }
+}
diff --git a/src/Thalos.Bff.Rest/Program.cs b/src/Thalos.Bff.Rest/Program.cs
index df15eb4..0c31b59 100644
--- a/src/Thalos.Bff.Rest/Program.cs
+++ b/src/Thalos.Bff.Rest/Program.cs
@@ -1,18 +1,99 @@
+using Core.Blueprint.Common.DependencyInjection;
+using Microsoft.Extensions.Primitives;
+using Thalos.Bff.Application.Adapters;
+using Thalos.Bff.Application.DependencyInjection;
+using Thalos.Bff.Application.Handlers;
using Thalos.Bff.Contracts.Api;
+using Thalos.Bff.Rest.Adapters;
+using Thalos.Bff.Rest.Endpoints;
+using Thalos.Service.Grpc;
+
+const string CorrelationHeaderName = "x-correlation-id";
var builder = WebApplication.CreateBuilder(args);
+var edgeProtocol = builder.Configuration["ThalosBff:EdgeProtocol"] ?? "rest";
+if (!string.Equals(edgeProtocol, "rest", StringComparison.OrdinalIgnoreCase))
+{
+ throw new InvalidOperationException(
+ $"Thalos BFF supports one active edge protocol per deployment. Configured: '{edgeProtocol}'. Expected: 'rest'.");
+}
+
+builder.Services.AddHttpContextAccessor();
+builder.Services.AddHealthChecks();
+builder.Services.AddBlueprintRuntimeCore();
+builder.Services.AddThalosBffApplicationRuntime();
+builder.Services.AddScoped();
+builder.Services.AddGrpcClient(options =>
+{
+ var serviceAddress = builder.Configuration["ThalosService:GrpcAddress"] ?? "http://localhost:5251";
+ options.Address = new Uri(serviceAddress);
+});
-// Stage 3 skeleton: single active external protocol for this deployment is REST.
var app = builder.Build();
-app.MapPost("/api/identity/token", (IssueTokenApiRequest request) =>
+app.Use(async (context, next) =>
{
- return Results.Ok(new IssueTokenApiResponse("", 0));
+ var correlationId = ResolveCorrelationId(context);
+ context.Items[CorrelationHeaderName] = correlationId;
+ context.Request.Headers[CorrelationHeaderName] = correlationId;
+ context.Response.Headers[CorrelationHeaderName] = correlationId;
+ await next();
});
-app.MapPost("/api/identity/session/refresh", (RefreshSessionApiRequest request) =>
+app.MapPost($"{EndpointConventions.ApiPrefix}/token", async (
+ IssueTokenApiRequest request,
+ HttpContext context,
+ IIssueTokenHandler handler) =>
{
- return Results.Ok(new RefreshSessionApiResponse("", 0));
+ var normalizedRequest = request with { CorrelationId = ResolveCorrelationId(context, request.CorrelationId) };
+
+ try
+ {
+ var response = await handler.HandleAsync(normalizedRequest);
+ return Results.Ok(response);
+ }
+ catch (UnauthorizedAccessException)
+ {
+ return Results.Unauthorized();
+ }
});
+app.MapPost($"{EndpointConventions.ApiPrefix}/session/refresh", async (
+ RefreshSessionApiRequest request,
+ HttpContext context,
+ IRefreshSessionHandler handler) =>
+{
+ var normalizedRequest = request with { CorrelationId = ResolveCorrelationId(context, request.CorrelationId) };
+ var response = await handler.HandleAsync(normalizedRequest);
+ return Results.Ok(response);
+});
+
+app.MapHealthChecks("/healthz");
+
app.Run();
+
+string ResolveCorrelationId(HttpContext context, string? preferred = null)
+{
+ if (!string.IsNullOrWhiteSpace(preferred))
+ {
+ context.Items[CorrelationHeaderName] = preferred;
+ context.Request.Headers[CorrelationHeaderName] = preferred;
+ context.Response.Headers[CorrelationHeaderName] = preferred;
+ return preferred;
+ }
+
+ if (context.Items.TryGetValue(CorrelationHeaderName, out var itemValue) &&
+ itemValue is string itemCorrelationId &&
+ !string.IsNullOrWhiteSpace(itemCorrelationId))
+ {
+ return itemCorrelationId;
+ }
+
+ if (context.Request.Headers.TryGetValue(CorrelationHeaderName, out var headerValue) &&
+ !StringValues.IsNullOrEmpty(headerValue))
+ {
+ return headerValue.ToString();
+ }
+
+ return context.TraceIdentifier;
+}
diff --git a/src/Thalos.Bff.Rest/Thalos.Bff.Rest.csproj b/src/Thalos.Bff.Rest/Thalos.Bff.Rest.csproj
index 256722a..5188257 100644
--- a/src/Thalos.Bff.Rest/Thalos.Bff.Rest.csproj
+++ b/src/Thalos.Bff.Rest/Thalos.Bff.Rest.csproj
@@ -4,8 +4,22 @@
enable
enable
+
+
+
+
+
+
+ all
+ runtime; build; native; contentfiles; analyzers; buildtransitive
+
+
+
+
+
+
diff --git a/tests/Thalos.Bff.Application.UnitTests/ContractShapeTests.cs b/tests/Thalos.Bff.Application.UnitTests/ContractShapeTests.cs
index 1df0d38..99f4d1c 100644
--- a/tests/Thalos.Bff.Application.UnitTests/ContractShapeTests.cs
+++ b/tests/Thalos.Bff.Application.UnitTests/ContractShapeTests.cs
@@ -1,4 +1,5 @@
using Core.Blueprint.Common.Contracts;
+using BuildingBlock.Identity.Contracts.Conventions;
using Thalos.Bff.Contracts.Api;
using Thalos.Bff.Contracts.Conventions;
@@ -14,6 +15,7 @@ public class ContractShapeTests
Assert.Equal("user-1", request.SubjectId);
Assert.Equal("tenant-1", request.TenantId);
Assert.Equal("corr-123", request.CorrelationId);
+ Assert.Equal(IdentityAuthProvider.InternalJwt, request.Provider);
}
[Fact]
@@ -24,6 +26,6 @@ public class ContractShapeTests
Assert.Equal("Thalos.Bff.Contracts", contract.Descriptor.PackageId);
Assert.Equal(PackageVersionPolicy.Minor, contract.Descriptor.VersionPolicy);
Assert.Contains("Core.Blueprint.Common", contract.Descriptor.DependencyPackageIds);
- Assert.Contains("Thalos.Service.Identity.Abstractions", contract.Descriptor.DependencyPackageIds);
+ Assert.Contains("BuildingBlock.Identity.Contracts", contract.Descriptor.DependencyPackageIds);
}
}
diff --git a/tests/Thalos.Bff.Application.UnitTests/IssueTokenHandlerTests.cs b/tests/Thalos.Bff.Application.UnitTests/IssueTokenHandlerTests.cs
index ffbcf0f..c14f71f 100644
--- a/tests/Thalos.Bff.Application.UnitTests/IssueTokenHandlerTests.cs
+++ b/tests/Thalos.Bff.Application.UnitTests/IssueTokenHandlerTests.cs
@@ -1,9 +1,9 @@
-using Thalos.Bff.Application.Contracts;
using Thalos.Bff.Application.Adapters;
using Thalos.Bff.Application.Handlers;
using Thalos.Bff.Application.Security;
using Thalos.Bff.Contracts.Api;
-using Thalos.Service.Identity.Abstractions.Contracts;
+using BuildingBlock.Identity.Contracts.Requests;
+using BuildingBlock.Identity.Contracts.Responses;
namespace Thalos.Bff.Application.UnitTests;
diff --git a/tests/Thalos.Bff.Application.UnitTests/RefreshSessionHandlerTests.cs b/tests/Thalos.Bff.Application.UnitTests/RefreshSessionHandlerTests.cs
index aa494ac..b805764 100644
--- a/tests/Thalos.Bff.Application.UnitTests/RefreshSessionHandlerTests.cs
+++ b/tests/Thalos.Bff.Application.UnitTests/RefreshSessionHandlerTests.cs
@@ -1,8 +1,8 @@
using Thalos.Bff.Application.Adapters;
-using Thalos.Bff.Application.Contracts;
using Thalos.Bff.Application.Handlers;
using Thalos.Bff.Contracts.Api;
-using Thalos.Service.Identity.Abstractions.Contracts;
+using BuildingBlock.Identity.Contracts.Requests;
+using BuildingBlock.Identity.Contracts.Responses;
namespace Thalos.Bff.Application.UnitTests;