internal static OAuthBearerAuthenticationOptions ConfigureLocalValidation(IdentityServerBearerTokenAuthenticationOptions options, ILoggerFactory loggerFactory)
{
var discoveryEndpoint = options.Authority.EnsureTrailingSlash();
discoveryEndpoint += ".well-known/openid-configuration";
var issuerProvider = new DiscoveryDocumentIssuerSecurityTokenProvider(
discoveryEndpoint,
options,
loggerFactory);
var valParams = new TokenValidationParameters
{
ValidAudience = issuerProvider.Audience,
NameClaimType = options.NameClaimType,
RoleClaimType = options.RoleClaimType
};
var tokenFormat = new JwtFormat(valParams, issuerProvider);
var bearerOptions = new OAuthBearerAuthenticationOptions
{
AccessTokenFormat = tokenFormat,
AuthenticationMode = options.AuthenticationMode,
AuthenticationType = options.AuthenticationType,
Provider = options.TokenProvider ?? new ContextTokenProvider(),
};
return bearerOptions;
}
internal static OAuthBearerAuthenticationOptions ConfigureLocalValidation(IdentityServerBearerTokenAuthenticationOptions options, ILoggerFactory loggerFactory)
{
JwtFormat tokenFormat = null;
// use static configuration
if (!string.IsNullOrWhiteSpace(options.IssuerName) &&
options.SigningCertificate != null)
{
var audience = options.IssuerName.EnsureTrailingSlash();
audience += "resources";
var valParams = new TokenValidationParameters
{
ValidIssuer = options.IssuerName,
ValidAudience = audience,
IssuerSigningToken = new X509SecurityToken(options.SigningCertificate),
NameClaimType = options.NameClaimType,
RoleClaimType = options.RoleClaimType,
};
tokenFormat = new JwtFormat(valParams);
}
else
{
// use discovery endpoint
if (string.IsNullOrWhiteSpace(options.Authority))
{
throw new Exception("Either set IssuerName and SigningCertificate - or Authority");
}
var discoveryEndpoint = options.Authority.EnsureTrailingSlash();
discoveryEndpoint += ".well-known/openid-configuration";
var issuerProvider = new DiscoveryDocumentIssuerSecurityTokenProvider(
discoveryEndpoint,
options,
loggerFactory);
var valParams = new TokenValidationParameters
{
ValidAudience = issuerProvider.Audience,
NameClaimType = options.NameClaimType,
RoleClaimType = options.RoleClaimType
};
tokenFormat = new JwtFormat(valParams, issuerProvider);
}
var bearerOptions = new OAuthBearerAuthenticationOptions
{
AccessTokenFormat = tokenFormat,
AuthenticationMode = options.AuthenticationMode,
AuthenticationType = options.AuthenticationType,
Provider = new ContextTokenProvider()
};
if (options.TokenProvider != null)
{
bearerOptions.Provider = options.TokenProvider;
}
return bearerOptions;
}
