private static void ConfigureOptions(JwtBearerOptions options, AuthenticationInformation authenticationInformation)
{
options.Audience = authenticationInformation.TokenValidationParameters.ValidAudiences.First();
options.TokenValidationParameters = authenticationInformation.TokenValidationParameters;
options.Authority = options.TokenValidationParameters.ValidIssuer;
// HACK: Avoid getting .well-known when using local tokens.
if (options.Authority == LocalAuthentication.Issuer)
{
options.Configuration = new OpenIdConnectConfiguration
{
Issuer = options.Authority
};
options.Configuration.SigningKeys.Add(options.TokenValidationParameters.IssuerSigningKey);
}
// For SignalR hubs.
options.Events = new JwtBearerEvents
{
OnMessageReceived = context =>
{
var accessToken = context.Request.Query["access_token"];
// If the request is for our hub...
var path = context.HttpContext.Request.Path;
if (!string.IsNullOrEmpty(accessToken) &&
path.StartsWithSegments("/hub"))
{
// Read the token out of the query string
context.Token = accessToken;
}
return(Task.CompletedTask);
}
};
}
public AuthenticationInformationProvider(
AuthenticationInformation profileAuthenticationInformation,
AuthenticationInformation serviceAuthenticationInformation)
{
_profileAuthenticationInformation = profileAuthenticationInformation;
_serviceAuthenticationInformation = serviceAuthenticationInformation;
}
public static MessageTypeCacheBuilder AddTypingRealmAuthentication(
this MessageTypeCacheBuilder builder,
AuthenticationInformation profileAuthentication,
AuthenticationInformation?serviceAuthentication = null)
{
builder.AddTyrAuthenticationMessages();
builder.Services.AddTypingRealmAuthentication(profileAuthentication, serviceAuthentication);
return(builder);
}
public static IServiceCollection AddTypingRealmAuthentication(
this IServiceCollection services,
AuthenticationInformation profileAuthentication,
AuthenticationInformation?serviceAuthentication = null)
{
services.AddTransient <IAccessTokenProvider, AccessTokenProvider>();
services.AddTransient <IServiceTokenService, ServiceTokenService>();
services.AddProfileApiClients();
services.AddSingleton <IAuthenticationInformationProvider>(new AuthenticationInformationProvider(
profileAuthentication, serviceAuthentication ?? profileAuthentication));
return(services);
}
public static IServiceCollection UseAspNetAuthentication(
this IServiceCollection services,
AuthenticationInformation profileAuthentication,
AuthenticationInformation?serviceAuthentication = null)
{
if (profileAuthentication.TokenValidationParameters.ValidAudiences?.FirstOrDefault() == null ||
(serviceAuthentication != null && serviceAuthentication.TokenValidationParameters.ValidAudiences?.FirstOrDefault() == null))
{
throw new InvalidOperationException("Call UseSomeProvider method on AuthenticationInformationBuilder before calling this method, so that ValidAudiences parameter is set up.");
}
var authenticationSchemes = new List <string>
{
TyrAuthenticationSchemes.ProfileAuthenticationScheme
};
var authenticationBuilder = services
.AddAuthentication()
.AddJwtBearer(TyrAuthenticationSchemes.ProfileAuthenticationScheme, options => ConfigureOptions(options, profileAuthentication));
if (serviceAuthentication != null)
{
authenticationSchemes.Add(TyrAuthenticationSchemes.ServiceAuthenticationScheme);
authenticationBuilder.AddJwtBearer(TyrAuthenticationSchemes.ServiceAuthenticationScheme, options => ConfigureOptions(options, serviceAuthentication));
}
services.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.AddAuthenticationSchemes(authenticationSchemes.ToArray())
.Build();
});
services.AddTransient <IHttpContextAccessor, HttpContextAccessor>();
services.AddTransient <IProfileTokenService, HttpContextProfileTokenService>();
return(services);
}
