private void JwtBearerTokenAuthenticationPipeline_OnStartup(IAppBuilder app)
        {
            app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions {
                AllowedAudiences             = new string[] { "audience" },
                IssuerSecurityTokenProviders = new IIssuerSecurityTokenProvider[]
                {
                    new X509CertificateSecurityTokenProvider("issuer", SigningCertificate.Cert)
                },
                Provider = new OAuthBearerAuthenticationProvider
                {
                    OnRequestToken = async ctx =>
                    {
                        ctx.Token = await DefaultPopTokenProvider.GetAccessTokenFromPopTokenAsync(ctx.OwinContext.Environment);
                    }
                }
            });

            app.Run(ctx =>
            {
                if (ctx.Authentication.User != null &&
                    ctx.Authentication.User.Identity != null &&
                    ctx.Authentication.User.Identity.IsAuthenticated)
                {
                    ctx.Response.StatusCode = 200;
                }
                else
                {
                    ctx.Response.StatusCode = 401;
                }

                return(Task.FromResult(0));
            });
        }
Example #2
0
        public void Configuration(IAppBuilder app)
        {
            JwtSecurityTokenHandler.InboundClaimTypeMap.Clear();

            app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
            {
                // The HttpSignatureValidation middleware looks for another middleware called PoP
                AuthenticationType = "PoP",

                Authority      = "https://localhost:44333/core",
                RequiredScopes = new[] { "write" },

                // client credentials for the introspection endpoint
                ClientId     = "write",
                ClientSecret = "secret",

                // this is used to extract the access token from the pop token
                TokenProvider = new OAuthBearerAuthenticationProvider
                {
                    OnRequestToken = async ctx =>
                    {
                        ctx.Token = await DefaultPopTokenProvider.GetAccessTokenFromPopTokenAsync(ctx.OwinContext.Environment);
                    }
                }
            });

            // this registers the middleware that does the signature validation of the request against the pop token secret
            app.UseHttpSignatureValidation();

            app.UseWebApi(WebApiConfig.Register());
        }
Example #3
0
        public async Task GetPopTokenAsync_should_find_token_in_authorization_header()
        {
            var ctx = new OwinContext();

            ctx.Request.Headers.Add("Authorization", new string[] { "PoP token" });

            var token = await DefaultPopTokenProvider.GetPopTokenAsync(ctx.Environment);

            token.Should().Be("token");
        }
Example #4
0
        public async Task when_no_params_GetPopTokenAsync_should_return_null()
        {
            var ctx = new OwinContext();

            ctx.Request.Method = "GET";
            ctx.Request.Path   = new PathString("/hello");
            var token = await DefaultPopTokenProvider.GetPopTokenAsync(ctx.Environment);

            token.Should().BeNull();
        }
Example #5
0
        public void pop_token_missing_at_passed_to_GetAccessTokenFromPopToken_should_return_no_access_token()
        {
            var pop = new
            {
            };
            var token = JWT.Encode(pop, null, JwsAlgorithm.none);

            var access_token = DefaultPopTokenProvider.GetAccessTokenFromPopToken(token);

            access_token.Should().BeNull();
        }
Example #6
0
        public async Task GetPopTokenAsync_should_find_token_in_query_string()
        {
            var ctx = new OwinContext();

            ctx.Request.Path        = new PathString("/hello");
            ctx.Request.QueryString = new QueryString("x=1&pop_access_token=token&y=2");

            var token = await DefaultPopTokenProvider.GetPopTokenAsync(ctx.Environment);

            token.Should().Be("token");
        }
Example #7
0
        public async Task GetPopTokenAsync_should_find_token_in_POST_body()
        {
            var ctx = new OwinContext();

            ctx.Request.Method      = "POST";
            ctx.Request.Path        = new PathString("/hello");
            ctx.Request.ContentType = "application/x-www-form-urlencoded";
            using (var ms = new MemoryStream())
            {
                var form  = "foo=bar&pop_access_token=token&baz=quux";
                var bytes = Encoding.UTF8.GetBytes(form);
                ms.Write(bytes, 0, bytes.Length);
                ms.Seek(0, SeekOrigin.Begin);
                ctx.Request.Body = ms;

                var token = await DefaultPopTokenProvider.GetPopTokenAsync(ctx.Environment);

                token.Should().Be("token");
            }
        }
Example #8
0
        public async Task when_multiple_tokens_sent_GetPopTokenAsync_should_find_authorization_header_first()
        {
            var ctx = new OwinContext();

            ctx.Request.Method = "POST";
            ctx.Request.Path   = new PathString("/hello");
            ctx.Request.Headers.Add("Authorization", new string[] { "PoP token1" });
            ctx.Request.QueryString = new QueryString("x=1&pop_access_token=token3&y=2");
            ctx.Request.ContentType = "application/x-www-form-urlencoded";
            using (var ms = new MemoryStream())
            {
                var form  = "foo=bar&pop_access_token=token2&baz=quux";
                var bytes = Encoding.UTF8.GetBytes(form);
                ms.Write(bytes, 0, bytes.Length);
                ms.Seek(0, SeekOrigin.Begin);
                ctx.Request.Body = ms;

                var token = await DefaultPopTokenProvider.GetPopTokenAsync(ctx.Environment);

                token.Should().Be("token1");
            }
        }
Example #9
0
        public WebApiPipeline(HttpMessageHandler idSvrBackchannel)
        {
            AuthenticationOptions.BackchannelHttpHandler   = idSvrBackchannel;
            AuthenticationOptions.IntrospectionHttpHandler = idSvrBackchannel;

            AuthenticationOptions.AuthenticationType = "PoP";
            AuthenticationOptions.Authority          = IdentityServerPipeline.Authority;
            AuthenticationOptions.RequiredScopes     = new string[] { "api1" };
            AuthenticationOptions.ClientId           = "api1";
            AuthenticationOptions.ClientSecret       = "secret";

            AuthenticationOptions.TokenProvider = new OAuthBearerAuthenticationProvider
            {
                OnRequestToken = async ctx =>
                {
                    if (AuthenticationOptions.AuthenticationType == "PoP")
                    {
                        ctx.Token = await DefaultPopTokenProvider.GetAccessTokenFromPopTokenAsync(ctx.OwinContext.Environment);
                    }
                }
            };

            OnConfiguration += WebApiPipeline_OnConfiguration;
        }
Example #10
0
 public void empty_pop_token_passed_to_GetAccessTokenFromPopToken_should_return_no_access_token()
 {
     DefaultPopTokenProvider.GetAccessTokenFromPopToken(null).Should().BeNull();
     DefaultPopTokenProvider.GetAccessTokenFromPopToken("").Should().BeNull();
     DefaultPopTokenProvider.GetAccessTokenFromPopToken("    ").Should().BeNull();
 }