protected override async Task <AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
{
//Logger.LogDebug($"Token: {tokens.AccessToken}");
JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler
{
MapInboundClaims = true
};
//Читаем токен
SecurityToken T = tokenHandler.ReadToken(tokens.AccessToken);
string KeyName = (string)((JwtSecurityToken)T).Header["x5t"];
X509Certificate2 Cer = await ADFSMetadata.Instance(Options.Server, Logger).GetCertificate(KeyName);
X509SecurityKey signingKey = new X509SecurityKey(Cer);
TokenValidationParameters V = new TokenValidationParameters
{
ValidAudience = $"microsoft:identityserver:{Options.Resource}",
IssuerSigningKey = signingKey,
ValidateIssuerSigningKey = true,
ValidIssuer = Options.ValidIssuer,
ValidateIssuer = true,
};
var principal = tokenHandler.ValidateToken(tokens.AccessToken, V, out T);
await _processor?.TicketCreated(new ADFSCreatingTiketContext(principal));
return(new AuthenticationTicket(principal, properties, Scheme.Name));
}
public static ADFSMetadata Instance(string Server, ILogger logger)
{
ADFSMetadata res = Instances.Where(p => p._server == Server).FirstOrDefault();
if (res == null)
{
res = new ADFSMetadata(Server, logger);
Instances.Add(res);
}
return(res);
}