/// <summary> /// Initializes a new instance of the <see cref="SentinelAuthorizationServerProvider"/> class. /// </summary> /// <exception cref="ArgumentNullException"> /// Thrown when one or more required arguments are null. /// </exception> /// <param name="options">The security handler.</param> public SentinelAuthorizationServerProvider(SentinelAuthorizationServerOptions options) { if (options == null) { throw new ArgumentNullException("options"); } this.options = options; }
/// <summary> /// Initializes a new instance of the /// Sentinel.OAuth.Core.Providers.SentinelAuthorizationCodeProvider class. /// </summary> /// <exception cref="ArgumentNullException"> /// Thrown when one or more required arguments are null. /// </exception> /// <param name="options">Options for controlling the operation.</param> public SentinelAuthorizationCodeProvider(SentinelAuthorizationServerOptions options) { if (options == null) { throw new ArgumentNullException("options"); } this.options = options; this.OnCreate += this.CreateAuthorizationCode; this.OnReceive += this.ReceiveAuthorizationCode; }
/// <summary> /// Adds OAuth2 Authorization Server capabilities to an OWIN web application. This middleware /// performs the request processing for the Authorize and Token endpoints defined by the OAuth2 specification. /// See also http://tools.ietf.org/html/rfc6749 /// </summary> /// <param name="app">The web application builder</param> /// <param name="options">Options which control the behavior of the Authorization Server.</param> /// <returns>The application builder</returns> public static IAppBuilder UseSentinelAuthorizationServer(this IAppBuilder app, SentinelAuthorizationServerOptions options) { if (app == null) { throw new ArgumentNullException(nameof(app)); } // Last minute default configurations if (options.Logger == null) { options.Logger = LogManager.GetLogger("Sentinel.OAuth"); } if (options.IssuerUri == null) { throw new InvalidOperationException("IssuerUri must be set"); } if (options.TokenCryptoProvider == null) { options.TokenCryptoProvider = new SHA2CryptoProvider(HashAlgorithm.SHA256); } if (options.PasswordCryptoProvider == null) { options.PasswordCryptoProvider = new PBKDF2CryptoProvider(); } if (options.SignatureCryptoProvider == null) { options.SignatureCryptoProvider = new AsymmetricCryptoProvider(); } if (options.PrincipalProvider == null) { options.PrincipalProvider = new PrincipalProvider(options.TokenCryptoProvider); } if (options.UserRepository == null && options.UserManager == null) { throw new InvalidOperationException("UserRepository must be set if not using a specific UserManager"); } if (options.ClientRepository == null && options.ClientManager == null) { throw new InvalidOperationException("ClientRepository must be set if not using a specific ClientManager"); } if (options.TokenRepository == null) { options.TokenRepository = new MemoryTokenRepository(); } if (options.TokenProvider == null) { options.TokenProvider = new JwtTokenProvider(new JwtTokenProviderConfiguration(options.TokenCryptoProvider, options.IssuerUri, options.TokenCryptoProvider.CreateHash(256))); } if (options.TokenManager == null) { options.TokenManager = new TokenManager(options.Logger, options.PrincipalProvider, options.TokenProvider, options.TokenRepository); } if (options.UserManager == null && options.UserRepository != null) { options.UserManager = new UserManager(options.Logger, options.PasswordCryptoProvider, options.SignatureCryptoProvider, options.UserRepository, options.UserApiKeyRepository, options.ClientRepository); } if (options.ClientManager == null && options.ClientRepository != null) { options.ClientManager = new ClientManager(options.Logger, options.PasswordCryptoProvider, options.SignatureCryptoProvider, options.ClientRepository); } var oauthOptions = new OAuthAuthorizationServerOptions { AllowInsecureHttp = true, AccessTokenExpireTimeSpan = options.AccessTokenLifetime, AuthorizationCodeExpireTimeSpan = options.AuthorizationCodeLifetime, AuthorizeEndpointPath = new PathString(options.AuthorizationCodeEndpointUrl), TokenEndpointPath = new PathString(options.TokenEndpointUrl), Provider = new SentinelAuthorizationServerProvider(options), AccessTokenProvider = new SentinelAccessTokenProvider(options), AuthorizationCodeProvider = new SentinelAuthorizationCodeProvider(options), RefreshTokenProvider = new SentinelRefreshTokenProvider(options) }; // Initialize underlying OWIN OAuth system app.UseOAuthAuthorizationServer(oauthOptions); app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions() { AccessTokenProvider = oauthOptions.AccessTokenProvider }); // Initialize basic auth if specified if (options.EnableBasicAuthentication) { var basicAuthenticationOptions = new BasicAuthenticationOptions() { ClientManager = options.ClientManager, UserManager = options.UserManager, Logger = options.Logger, RequireSecureConnection = options.RequireSecureConnection, Realm = options.Realm }; app.Use <BasicAuthenticationMiddleware>(basicAuthenticationOptions, oauthOptions); } if (options.EnableSignatureAuthentication) { var apiKeyAuthenticationOptions = new SignatureAuthenticationOptions() { ClientManager = options.ClientManager, UserManager = options.UserManager, Logger = options.Logger, Realm = options.Realm, RequireSecureConnection = options.RequireSecureConnection, MaximumClockSkew = options.MaximumClockSkew }; app.Use <SignatureAuthenticationMiddleware>(apiKeyAuthenticationOptions, oauthOptions); } app.UseStageMarker(PipelineStage.Authenticate); // Set up identity endpoint app.Map(options.IdentityEndpointUrl, config => config.Use <UserInfoMiddleware>()); return(app); }