protected override async Task <bool> HandleUnauthorizedAsync(ChallengeContext context) { var eventContext = new JwtBearerChallengeContext(Context, Options, new AuthenticationProperties(context.Properties)); await Options.Events.Challenge(eventContext); if (eventContext.HandledResponse) { return(true); } if (eventContext.Skipped) { return(false); } Response.StatusCode = 401; Response.Headers.Append(HeaderNames.WWWAuthenticate, Options.Challenge); return(false); }
protected override async Task HandleChallengeAsync(AuthenticationProperties properties) { var authResult = await HandleAuthenticateOnceSafeAsync(); var eventContext = new JwtBearerChallengeContext(Context, Scheme, Options, properties) { AuthenticateFailure = authResult?.Failure }; // Avoid returning error=invalid_token if the error is not caused by an authentication failure (e.g missing token). if (Options.IncludeErrorDetails && eventContext.AuthenticateFailure != null) { eventContext.Error = "invalid_token"; eventContext.ErrorDescription = CreateErrorDescription(eventContext.AuthenticateFailure); } await Events.Challenge(eventContext); if (eventContext.Handled) { return; } Response.StatusCode = 401; if (string.IsNullOrEmpty(eventContext.Error) && string.IsNullOrEmpty(eventContext.ErrorDescription) && string.IsNullOrEmpty(eventContext.ErrorUri)) { Response.Headers.Append(HeaderNames.WWWAuthenticate, Options.Challenge); } else { // https://tools.ietf.org/html/rfc6750#section-3.1 // WWW-Authenticate: Bearer realm="example", error="invalid_token", error_description="The access token expired" var builder = new StringBuilder(Options.Challenge); if (Options.Challenge.IndexOf(" ", StringComparison.Ordinal) > 0) { // Only add a comma after the first param, if any builder.Append(','); } if (!string.IsNullOrEmpty(eventContext.Error)) { builder.Append(" error=\""); builder.Append(eventContext.Error); builder.Append("\""); } if (!string.IsNullOrEmpty(eventContext.ErrorDescription)) { if (!string.IsNullOrEmpty(eventContext.Error)) { builder.Append(","); } builder.Append(" error_description=\""); builder.Append(eventContext.ErrorDescription); builder.Append('\"'); } if (!string.IsNullOrEmpty(eventContext.ErrorUri)) { if (!string.IsNullOrEmpty(eventContext.Error) || !string.IsNullOrEmpty(eventContext.ErrorDescription)) { builder.Append(","); } builder.Append(" error_uri=\""); builder.Append(eventContext.ErrorUri); builder.Append('\"'); } Response.Headers.Append(HeaderNames.WWWAuthenticate, builder.ToString()); } }
/// <summary> /// Invoked before a challenge is sent back to the caller. /// </summary> public virtual Task Challenge(JwtBearerChallengeContext context) => OnChallenge(context);
public virtual Task Challenge(JwtBearerChallengeContext context) => OnChallenge(context);