Beispiel #1
0
        public static void AddJwtBearerTokenAuthentication(
            this IServiceCollection services,
            JwtBearerAuthenticationConfiguration jwtBearerAuthenticationConfiguration)
        {
            if (jwtBearerAuthenticationConfiguration.IsDisabled())
            {
                return;
            }

            services
            .AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme    = JwtBearerDefaults.AuthenticationScheme;
            })
            .AddJwtBearer(options =>
            {
                options.Authority = jwtBearerAuthenticationConfiguration.Authority;
                options.Audience  = jwtBearerAuthenticationConfiguration.Audience;

                if (jwtBearerAuthenticationConfiguration.UseStubbedBackchannelHandler)
                {
                    options.BackchannelHttpHandler = new StubJwtBearerAuthenticationHttpMessageHandler();
                }

                options.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateAudience = true,
                    ValidateIssuer   = true,
                    ValidateLifetime = !jwtBearerAuthenticationConfiguration.AllowExpiredTokens
                };
            });
        }
        public static void ConfigureForJwtBearerAuthentication(
            this SwaggerGenOptions options,
            JwtBearerAuthenticationConfiguration jwtBearerAuthenticationConfiguration)
        {
            if (!jwtBearerAuthenticationConfiguration.HasOpenApiClient())
            {
                return;
            }

            options.AddSecurityDefinition(OpenApiSecurityDefinitions.OAuth2, new OpenApiSecurityScheme
            {
                Type  = SecuritySchemeType.OAuth2,
                Flows = new OpenApiOAuthFlows
                {
                    // Recommended flow (Authorization Code with PKCE - https://tools.ietf.org/html/draft-ietf-oauth-browser-based-apps-00)
                    AuthorizationCode = new OpenApiOAuthFlow
                    {
                        AuthorizationUrl = new Uri(jwtBearerAuthenticationConfiguration.OpenApi.AuthorizationUrl),
                        TokenUrl         = new Uri(jwtBearerAuthenticationConfiguration.OpenApi.TokenUrl)
                    },
                    // Not recommended flow
                    Implicit = new OpenApiOAuthFlow
                    {
                        AuthorizationUrl = new Uri(jwtBearerAuthenticationConfiguration.OpenApi.AuthorizationUrl)
                    }
                }
            });

            options.AddSecurityDefinition(OpenApiSecurityDefinitions.Bearer, new OpenApiSecurityScheme
            {
                Description = "Standard Authorization header using the Bearer scheme. Example: \"bearer {token}\"",
                In          = ParameterLocation.Header,
                Name        = "Authorization",
                Type        = SecuritySchemeType.ApiKey
            });

            options.OperationFilter <JwtBearerAuthenticationOperationFilter>();
        }