chore: update configuration and Docker setup for JWT and test results

Enhanced the .gitignore to exclude test results and updated the Dockerfile to include a new entrypoint script for improved container initialization. Refactored JWT configuration to support additional parameters for automatic refresh intervals, ensuring better control over token management. Updated the ConfigurationResolver to enforce required environment variables without hardcoded fallbacks, enhancing security and flexibility.

Auth/JwtExtensions.cs

@@ -7,12 +7,16 @@ namespace Azaion.Flights.Auth;
 
 public static class JwtExtensions
 {
-    public const string JwtIssuerEnvVar      = "JWT_ISSUER";
-    public const string JwtIssuerConfigKey   = "Jwt:Issuer";
-    public const string JwtAudienceEnvVar    = "JWT_AUDIENCE";
-    public const string JwtAudienceConfigKey = "Jwt:Audience";
-    public const string JwtJwksUrlEnvVar     = "JWT_JWKS_URL";
-    public const string JwtJwksUrlConfigKey  = "Jwt:JwksUrl";
+    public const string JwtIssuerEnvVar                       = "JWT_ISSUER";
+    public const string JwtIssuerConfigKey                    = "Jwt:Issuer";
+    public const string JwtAudienceEnvVar                     = "JWT_AUDIENCE";
+    public const string JwtAudienceConfigKey                  = "Jwt:Audience";
+    public const string JwtJwksUrlEnvVar                      = "JWT_JWKS_URL";
+    public const string JwtJwksUrlConfigKey                   = "Jwt:JwksUrl";
+    public const string JwtJwksAutoRefreshSecondsEnvVar       = "JWT_JWKS_AUTO_REFRESH_INTERVAL_SECONDS";
+    public const string JwtJwksAutoRefreshSecondsConfigKey    = "Jwt:JwksAutoRefreshIntervalSeconds";
+    public const string JwtJwksRefreshSecondsEnvVar           = "JWT_JWKS_REFRESH_INTERVAL_SECONDS";
+    public const string JwtJwksRefreshSecondsConfigKey        = "Jwt:JwksRefreshIntervalSeconds";
 
     public static IServiceCollection AddJwtAuth(this IServiceCollection services, IConfiguration configuration)
     {
@@ -23,6 +27,17 @@ public static class JwtExtensions
         var audience = ConfigurationResolver.ResolveRequiredOrThrow(configuration, JwtAudienceEnvVar, JwtAudienceConfigKey, "JWT audience");
         var jwksUrl  = ConfigurationResolver.ResolveRequiredOrThrow(configuration, JwtJwksUrlEnvVar,  JwtJwksUrlConfigKey,  "JWKS URL");
 
+        // Optional interval overrides. Production leaves both unset and inherits
+        // the library defaults (AutomaticRefreshInterval = 12h, RefreshInterval =
+        // 5min). Tests set them to small values so JWKS rotation can be observed
+        // inside the CI wall-clock budget.
+        var autoRefreshSeconds = ConfigurationResolver.ResolveOptionalPositiveIntOrThrow(
+            configuration, JwtJwksAutoRefreshSecondsEnvVar, JwtJwksAutoRefreshSecondsConfigKey,
+            "JWKS automatic refresh interval (seconds)");
+        var refreshSeconds = ConfigurationResolver.ResolveOptionalPositiveIntOrThrow(
+            configuration, JwtJwksRefreshSecondsEnvVar, JwtJwksRefreshSecondsConfigKey,
+            "JWKS refresh interval (seconds)");
+
         // JwtBearer's stock ConfigurationManager targets the full OIDC discovery
         // document; admin only exposes JWKS, so we wire a JWKS-only retriever.
         // The manager caches the document and refreshes on the default schedule
@@ -32,6 +47,11 @@ public static class JwtExtensions
             new JwksRetriever(),
             new HttpDocumentRetriever { RequireHttps = true });
 
+        if (autoRefreshSeconds is int autoSec)
+            jwksConfigManager.AutomaticRefreshInterval = TimeSpan.FromSeconds(autoSec);
+        if (refreshSeconds is int refreshSec)
+            jwksConfigManager.RefreshInterval = TimeSpan.FromSeconds(refreshSec);
+
         services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
             .AddJwtBearer(options =>
             {