private static IConveyBuilder AddJwt(this IConveyBuilder builder, JwtOptions options)
{
if (!builder.TryRegister(RegistryName))
{
return(builder);
}
builder.Services.AddSingleton(options);
builder.Services.AddSingleton <IJwtHandler, JwtHandler>();
builder.Services.AddSingleton <IAccessTokenService, InMemoryAccessTokenService>();
builder.Services.AddTransient <AccessTokenValidatorMiddleware>();
var tokenValidationParameters = new TokenValidationParameters
{
RequireAudience = options.RequireAudience,
ValidIssuer = options.ValidIssuer,
ValidIssuers = options.ValidIssuers,
ValidateActor = options.ValidateActor,
ValidAudience = options.ValidAudience,
ValidAudiences = options.ValidAudiences,
ValidateAudience = options.ValidateAudience,
ValidateIssuer = options.ValidateIssuer,
ValidateLifetime = options.ValidateLifetime,
ValidateTokenReplay = options.ValidateTokenReplay,
ValidateIssuerSigningKey = options.ValidateIssuerSigningKey,
SaveSigninToken = options.SaveSigninToken,
RequireExpirationTime = options.RequireExpirationTime,
RequireSignedTokens = options.RequireSignedTokens,
ClockSkew = TimeSpan.Zero
};
if (!string.IsNullOrWhiteSpace(options.AuthenticationType))
{
tokenValidationParameters.AuthenticationType = options.AuthenticationType;
}
if (!string.IsNullOrWhiteSpace(options.IssuerSigningKey))
{
tokenValidationParameters.IssuerSigningKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(options.IssuerSigningKey));
}
if (!string.IsNullOrWhiteSpace(options.NameClaimType))
{
tokenValidationParameters.NameClaimType = options.NameClaimType;
}
if (!string.IsNullOrWhiteSpace(options.RoleClaimType))
{
tokenValidationParameters.RoleClaimType = options.RoleClaimType;
}
builder.Services.AddSingleton(tokenValidationParameters);
builder.Services
.AddAuthentication(o =>
{
o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(o =>
{
o.Authority = options.Authority;
o.Audience = options.Audience;
o.MetadataAddress = options.MetadataAddress;
o.SaveToken = options.SaveToken;
o.RefreshOnIssuerKeyNotFound = options.RefreshOnIssuerKeyNotFound;
o.RequireHttpsMetadata = options.RequireHttpsMetadata;
o.IncludeErrorDetails = options.IncludeErrorDetails;
o.TokenValidationParameters = tokenValidationParameters;
if (!string.IsNullOrWhiteSpace(options.Challenge))
{
o.Challenge = options.Challenge;
}
});
return(builder);
}
public AccessTokenValidatorMiddleware(IAccessTokenService accessTokenService, JwtOptions options)
{
_accessTokenService = accessTokenService;
_endpoints = options.AllowAnonymousEndpoints ?? Enumerable.Empty <string>();
}
