public static IServiceCollection AddJwtCookieAuthentication(this IServiceCollection services, Action <JwtCookieOptions> builder)
{
var options = new JwtCookieOptions();
builder?.Invoke(options);
if (string.IsNullOrWhiteSpace(options.SecurityKey))
{
throw new ArgumentNullException(nameof(options.SecurityKey));
}
if (options.SecurityKey.Length < 16)
{
throw new ArgumentOutOfRangeException(nameof(options.SecurityKey), "SecurityKey length cannot be less than 16.");
}
var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(options.SecurityKey));
var validationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = signingKey,
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero
};
if (!string.IsNullOrWhiteSpace(options.ValidIssuer) || options.ValidIssuers != null && options.ValidIssuers.Any())
{
validationParameters.ValidateIssuer = true;
validationParameters.ValidIssuer = options.ValidIssuer;
validationParameters.ValidIssuers = options.ValidIssuers;
}
if (!string.IsNullOrWhiteSpace(options.ValidAudience) || options.ValidAudiences != null && options.ValidAudiences.Any())
{
validationParameters.ValidateAudience = true;
validationParameters.ValidAudience = options.ValidAudience;
validationParameters.ValidAudiences = options.ValidAudiences;
}
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(option =>
{
option.Cookie = options.Cookie;
option.LoginPath = options.LoginPath;
option.AccessDeniedPath = options.AccessDeniedPath;
//option.TicketDataFormat = new JwtCookieDataFormat(validationParameters, options);
option.SlidingExpiration = options.SlidingExpiration;
option.ExpireTimeSpan = options.ExpireTimeSpan;
if (options.Events != null)
{
option.Events = options.Events;
}
});
return(services);
}
public JwtCookieDataFormat(TokenValidationParameters validationParameters, JwtCookieOptions options)
{
ValidationParameters = validationParameters;
Options = options;
Handler = new JwtSecurityTokenHandler();
}