/// <summary>
        /// Initializes a new instance of the <see cref="JwtAccessTokenFormat" /> class.
        /// </summary>
        /// <param name="serverSettings">The server settings.</param>
        /// <exception cref="System.ArgumentNullException">If serverSettings is null.</exception>
        /// <exception cref="System.InvalidOperationException">If serverSettings configuration is invalid.</exception>
        /// <exception cref="System.FormatException">If a client secret is not base 64 url encoded.</exception>
        public JwtAccessTokenFormat(JwtOAuthServerSettings serverSettings)
        {
            if (serverSettings == null)
            {
                throw new ArgumentNullException(nameof(serverSettings));
            }

            this.serverSettings = serverSettings;

            foreach (var client in this.serverSettings.AllowedClients)
            {
                if (client.RelativeFileCertificate != null && client.StoreCertificate != null)
                {
                    throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, Messages.Exception_JwtAccessTokenFormat_MultipleCertificateOptionsProvided, client.Id));
                }

                var certificateFetcher = GetCertificateFetcher(client);

                if (certificateFetcher != null)
                {
                    var certificate = certificateFetcher.Fetch();

                    if (certificate == null)
                    {
                        throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, Messages.Exception_JwtAccessTokenFormat_CertificateNotFound, client.Id));
                    }
                }

                // Try decoding each secret early to detect if there is a configuration problem
                TextEncodings.Base64Url.Decode(client.Secret);
            }
        }
        /// <summary>
        /// Initializes a new instance of the <see cref="JwtOAuthServerOptions"/> class.
        /// </summary>
        /// <param name="serverSettings">The server settings.</param>
        /// <param name="provider">The provider.</param>
        /// <param name="jwtAccessTokenFormat">The JWT format.</param>
        public JwtOAuthServerOptions(
            JwtOAuthServerSettings serverSettings,
            IOAuthAuthorizationServerProvider provider,
            JwtAccessTokenFormat jwtAccessTokenFormat)
        {
            if (serverSettings == null)
            {
                throw new ArgumentNullException(nameof(serverSettings));
            }

            if (provider == null)
            {
                throw new ArgumentNullException(nameof(provider));
            }

            if (jwtAccessTokenFormat == null)
            {
                throw new ArgumentNullException(nameof(jwtAccessTokenFormat));
            }

            AuthenticationType        = "JWT";
            AllowInsecureHttp         = serverSettings.AllowInsecureHttp;
            AccessTokenExpireTimeSpan = serverSettings.AccessTokenExpireTimeSpan;
            TokenEndpointPath         = serverSettings.TokenEndpointPath;

            Provider          = provider;
            AccessTokenFormat = jwtAccessTokenFormat;
        }
Example #3
0
        /// <summary>
        /// Initializes a new instance of the <see cref="JwtOAuthClientValidatingServerProvider"/> class.
        /// </summary>
        /// <param name="serverSettings">The server settings.</param>
        /// <param name="authenticator">The authenticator.</param>
        /// <exception cref="System.ArgumentNullException">If any arguments are null.</exception>
        public JwtOAuthClientValidatingServerProvider(
            JwtOAuthServerSettings serverSettings,
            IAuthenticator authenticator)
        {
            if (serverSettings == null)
            {
                throw new ArgumentNullException(nameof(serverSettings));
            }

            if (authenticator == null)
            {
                throw new ArgumentNullException(nameof(authenticator));
            }

            ServerSettings = serverSettings;
            Authenticator  = authenticator;
        }