/// <summary> /// Adds JWT middleware and configuration for using UAA or Pivotal SSO for bearer token authentication /// </summary> /// <param name="builder">Your <see cref="AuthenticationBuilder"/></param> /// <param name="authenticationScheme">An identifier for this authentication mechanism. Default value is <see cref="JwtBearerDefaults.AuthenticationScheme"/></param> /// <param name="displayName">Sets a display name for this auth scheme. Defaults to <see cref="JwtBearerDefaults.AuthenticationScheme"/></param> /// <param name="config">Your application configuration. Be sure to include the <see cref="CloudFoundryConfigurationProvider"/></param> /// <returns><see cref="AuthenticationBuilder"/> configured to use JWT Bearer tokens from UAA or Pivotal SSO</returns> public static AuthenticationBuilder AddCloudFoundryJwtBearer(this AuthenticationBuilder builder, string authenticationScheme, string displayName, IConfiguration config) { builder.AddJwtBearer(authenticationScheme, displayName, (options) => { var cloudFoundryOptions = new CloudFoundryJwtBearerOptions(); var securitySection = config.GetSection(CloudFoundryDefaults.SECURITY_CLIENT_SECTION_PREFIX); securitySection.Bind(cloudFoundryOptions); var info = config.GetSingletonServiceInfo <SsoServiceInfo>(); CloudFoundryJwtBearerConfigurer.Configure(info, options, cloudFoundryOptions); }); return(builder); }
internal static void Configure(SsoServiceInfo si, JwtBearerOptions jwtOptions, CloudFoundryJwtBearerOptions options) { if (jwtOptions == null || options == null) { return; } if (si != null) { options.JwtKeyUrl = si.AuthDomain + CloudFoundryDefaults.JwtTokenUri; } jwtOptions.ClaimsIssuer = options.ClaimsIssuer; jwtOptions.BackchannelHttpHandler = CloudFoundryHelper.GetBackChannelHandler(options.ValidateCertificates); jwtOptions.TokenValidationParameters = CloudFoundryHelper.GetTokenValidationParameters(options.TokenValidationParameters, options.JwtKeyUrl, jwtOptions.BackchannelHttpHandler, options.ValidateCertificates); jwtOptions.SaveToken = options.SaveToken; }