public static AuthenticationBuilder AddIdentityJwtRefreshToken <BearerTokenType>(this AuthenticationBuilder authenticationBuilder, string authenticationScheme, JwtBearerAuthenticationOptions options)
where BearerTokenType : class, IBearerTokenEntity
{
authenticationScheme = authenticationScheme ?? throw new ArgumentNullException(nameof(authenticationScheme));
return(addIdentityJwtRefreshToken <BearerTokenType>(authenticationBuilder,
configureOptions => authenticationBuilder.AddJwtBearer(authenticationScheme, configureOptions),
options));
}
private static void validateJwtBearerAuthenticationOptions(JwtBearerAuthenticationOptions options)
{
options = options ?? throw new ArgumentNullException(nameof(options));
Validator.ValidateObject(options, new ValidationContext(options), true);
}
private static AuthenticationBuilder addIdentityJwtRefreshToken <BearerTokenType>(AuthenticationBuilder authenticationBuilder, Action <Action <JwtBearerOptions> > addJwtBearer, JwtBearerAuthenticationOptions options)
where BearerTokenType : class, IBearerTokenEntity
{
validateJwtBearerAuthenticationOptions(options);
addJwtBearer(jwtBearerOptions => {
jwtBearerOptions.IncludeErrorDetails = options.IncludeErrorDetails;
jwtBearerOptions.RequireHttpsMetadata = false;
jwtBearerOptions.TokenValidationParameters = new TokenValidationParameters {
ValidateIssuerSigningKey = true,
IssuerSigningKey = options.TokenSigningKey,
/// Is mandatory for <see cref="TokenValidatedContextTools.ValidateRefreshTokenIdClaim"/>.
SaveSigninToken = true,
ValidateIssuer = false,
ValidateAudience = false,
};
jwtBearerOptions.Events = new JwtBearerEvents()
#if DEBUG
{
OnAuthenticationFailed = (context) => {
return(Task.CompletedTask);
}
}
#endif
.WhenTokenValidated(
// The order matters! When validating, the user
// related identity is added to the claims principal.
TokenValidatedContextTools.ValidateRefreshTokenIdClaim <BearerTokenType>,
TokenValidatedContextTools.ValidateSecurityStamp);
});
return(authenticationBuilder);
}
public static AuthenticationBuilder AddJwtAccessToken(this AuthenticationBuilder authenticationBuilder, JwtBearerAuthenticationOptions options)
{
return(addIdentityJwtAccessToken(authenticationBuilder,
configureOptions => authenticationBuilder.AddJwtBearer(AuthenticationDefaults.AccessTokenBearerScheme, configureOptions),
options));
}
public static AuthenticationBuilder AddJwtAccessToken(this AuthenticationBuilder authenticationBuilder, string authenticationScheme, JwtBearerAuthenticationOptions options)
{
authenticationScheme = authenticationScheme ?? throw new ArgumentNullException(nameof(authenticationScheme));
return(addIdentityJwtAccessToken(authenticationBuilder,
configureOptions => authenticationBuilder.AddJwtBearer(authenticationScheme, configureOptions),
options));
}
private static AuthenticationBuilder addIdentityJwtAccessToken(AuthenticationBuilder authenticationBuilder, Action <Action <JwtBearerOptions> > addJwtBearer, JwtBearerAuthenticationOptions options)
{
validateJwtBearerAuthenticationOptions(options);
addJwtBearer(jwtBearerOptions => {
jwtBearerOptions.TokenValidationParameters = new TokenValidationParameters()
{
IssuerSigningKey = options.TokenSigningKey,
ValidateIssuerSigningKey = true,
ValidateAudience = false,
ValidateIssuer = false
};
});
return(authenticationBuilder);
}
public static AuthenticationBuilder AddIdentityJwtRefreshToken(this AuthenticationBuilder authenticationBuilder, JwtBearerAuthenticationOptions options) => AddIdentityJwtRefreshToken <BearerTokenEntity>(authenticationBuilder, options);
public static AuthenticationBuilder AddIdentityJwtRefreshToken <BearerTokenType>(this AuthenticationBuilder authenticationBuilder, JwtBearerAuthenticationOptions options)
where BearerTokenType : class, IBearerTokenEntity
{
return(addIdentityJwtRefreshToken <BearerTokenType>(authenticationBuilder,
configureOptions => authenticationBuilder.AddJwtBearer(AuthenticationDefaults.IdentityRefreshTokenBearerScheme, configureOptions),
options));
}
