public static void AddJwtBearerTokenAuthentication(
this IServiceCollection services,
JwtBearerAuthenticationConfiguration jwtBearerAuthenticationConfiguration)
{
if (jwtBearerAuthenticationConfiguration.IsDisabled())
{
return;
}
services
.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.Authority = jwtBearerAuthenticationConfiguration.Authority;
options.Audience = jwtBearerAuthenticationConfiguration.Audience;
if (jwtBearerAuthenticationConfiguration.UseStubbedBackchannelHandler)
{
options.BackchannelHttpHandler = new StubJwtBearerAuthenticationHttpMessageHandler();
}
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateAudience = true,
ValidateIssuer = true,
ValidateLifetime = !jwtBearerAuthenticationConfiguration.AllowExpiredTokens
};
});
}
public static void ConfigureForJwtBearerAuthentication(
this SwaggerGenOptions options,
JwtBearerAuthenticationConfiguration jwtBearerAuthenticationConfiguration)
{
if (!jwtBearerAuthenticationConfiguration.HasOpenApiClient())
{
return;
}
options.AddSecurityDefinition(OpenApiSecurityDefinitions.OAuth2, new OpenApiSecurityScheme
{
Type = SecuritySchemeType.OAuth2,
Flows = new OpenApiOAuthFlows
{
// Recommended flow (Authorization Code with PKCE - https://tools.ietf.org/html/draft-ietf-oauth-browser-based-apps-00)
AuthorizationCode = new OpenApiOAuthFlow
{
AuthorizationUrl = new Uri(jwtBearerAuthenticationConfiguration.OpenApi.AuthorizationUrl),
TokenUrl = new Uri(jwtBearerAuthenticationConfiguration.OpenApi.TokenUrl)
},
// Not recommended flow
Implicit = new OpenApiOAuthFlow
{
AuthorizationUrl = new Uri(jwtBearerAuthenticationConfiguration.OpenApi.AuthorizationUrl)
}
}
});
options.AddSecurityDefinition(OpenApiSecurityDefinitions.Bearer, new OpenApiSecurityScheme
{
Description = "Standard Authorization header using the Bearer scheme. Example: \"bearer {token}\"",
In = ParameterLocation.Header,
Name = "Authorization",
Type = SecuritySchemeType.ApiKey
});
options.OperationFilter <JwtBearerAuthenticationOperationFilter>();
}