IAccessToken IOauthAuthenticatorSync <IJwtAuthenticationRequest, IAccessToken> .Authenticate(IJwtAuthenticationRequest authenticationRequest) { this.ThrowIfInvalid(authenticationRequest); return(this.withLocalValidation ? this.ValidateLocallySync(authenticationRequest) : this.ValidateRemoteSync(authenticationRequest)); }
async Task <IAccessToken> IOauthAuthenticator <IJwtAuthenticationRequest, IAccessToken> .AuthenticateAsync(IJwtAuthenticationRequest authenticationRequest, CancellationToken cancellationToken) { this.ThrowIfInvalid(authenticationRequest); return(this.withLocalValidation ? this.ValidateLocallySync(authenticationRequest) : await this.ValidateRemoteAsync(authenticationRequest, cancellationToken).ConfigureAwait(false)); }
private IAccessToken ValidateRemoteSync(IJwtAuthenticationRequest request) { var validationRequestHref = new StringBuilder() .Append(this.application.Href) .Append(OauthTokenPath) .Append(request.Jwt) .ToString(); return(this.InternalSyncDataStore.GetResource <IAccessToken>(validationRequestHref)); }
private Task <IAccessToken> ValidateRemoteAsync(IJwtAuthenticationRequest request, CancellationToken cancellationToken) { var validationRequestHref = new StringBuilder() .Append(this.application.Href) .Append(OauthTokenPath) .Append(request.Jwt) .ToString(); return(this.internalDataStore.GetResourceAsync <IAccessToken>(validationRequestHref)); }
private void ThrowIfInvalid(IJwtAuthenticationRequest request) { if (this.application == null) { throw new ApplicationException($"{nameof(this.application)} cannot be null."); } if (request == null) { throw new ApplicationException($"{nameof(request)} cannot be null."); } }
private IAccessToken ValidateLocallySync(IJwtAuthenticationRequest request) { var options = this.localValidationOptions ?? new JwtLocalValidationOptions(); // Allow the issuer claim to be manually specified. This is necessary // because ID Site tokens have a different issuer and break local validation // with the default rules. var expectedIssuer = options.Issuer; if (string.IsNullOrEmpty(expectedIssuer)) { expectedIssuer = this.application.Href; } var parser = this.application.Client.NewJwtParser() // Require secret key signature .SetSigningKey(this.internalDataStore.ApiKey.GetSecret(), Encoding.UTF8) // Require this application to be the issuer .RequireIssuer(expectedIssuer); // During parsing, the JWT is validated for lifetime, signature, and tampering var jwt = parser.Parse(request.Jwt); // Build an IAccessToken instance from scratch var properties = new Dictionary <string, object>(); var accessTokenHref = this.application.Href.Replace(ApplicationPath, AccessTokenPath); var accessTokenIdStartingPoint = accessTokenHref.LastIndexOf("/") + 1; accessTokenHref = accessTokenHref.Substring(0, accessTokenIdStartingPoint); accessTokenHref = accessTokenHref + jwt.Body.Id; properties.Add(AbstractResource.HrefPropertyName, accessTokenHref); properties.Add(DefaultAccessToken.AccountPropertyName, new LinkProperty(jwt.Body.Subject)); properties.Add(DefaultAccessToken.ApplicationPropertyName, new LinkProperty(this.application.Href)); properties.Add(AbstractInstanceResource.CreatedAtPropertyName, DateTimeOffset.UtcNow); properties.Add(DefaultAccessToken.JwtPropertyName, request.Jwt); properties.Add(AbstractResource.TenantPropertyName, (this.application as DefaultApplication).Tenant); var accessToken = this.internalDataStore.InstantiateWithData <IAccessToken>(properties); return(accessToken); }
/// <summary> /// Synchronously executes the OAuth 2.0 Authentication Request and returns the result. /// </summary> /// <param name="authenticator">The <see cref="IJwtAuthenticator"/>.</param> /// <param name="authenticationRequest">The Authentication Request this authenticator will attempt.</param> /// <returns>An Authentication Result representing the successful authentication.</returns> /// <exception cref="Error.ResourceException">The authentication failed.</exception> public static IAccessToken Authenticate(this IJwtAuthenticator authenticator, IJwtAuthenticationRequest authenticationRequest) => (authenticator as IJwtAuthenticatorSync).Authenticate(authenticationRequest);