private async Task <ActionResult> AuthenticateAltinnStudioToken(string originalToken)
{
try
{
if (!_validator.CanReadToken(originalToken))
{
return(Unauthorized());
}
JwtSecurityToken jwt = _validator.ReadJwtToken(originalToken);
if (!jwt.Issuer.Equals("studio") && !jwt.Issuer.Equals("dev-studio"))
{
return(Unauthorized());
}
IEnumerable <SecurityKey> signingKeys = await _designerSigningKeysResolver.GetSigningKeys(jwt.Issuer);
TokenValidationParameters validationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKeys = signingKeys,
ValidateIssuer = false,
ValidateAudience = false,
RequireExpirationTime = true,
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero
};
ClaimsPrincipal originalPrincipal = _validator.ValidateToken(originalToken, validationParameters, out _);
List <Claim> claims = new List <Claim>();
foreach (Claim claim in originalPrincipal.Claims)
{
claims.Add(claim);
}
ClaimsIdentity identity = new ClaimsIdentity(AltinnStudioIdentity);
identity.AddClaims(claims);
ClaimsPrincipal principal = new ClaimsPrincipal(identity);
string serializedToken = await GenerateToken(principal);
return(Ok(serializedToken));
}
catch (Exception ex)
{
_logger.LogWarning($"Altinn Studio authentication failed. {ex.Message}");
return(Unauthorized());
}
}
private async Task <TokenValidationParameters> GetTokenValidationParameters(string issuer)
{
TokenValidationParameters tokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
ValidateIssuer = false,
ValidateAudience = false,
RequireExpirationTime = true,
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero
};
tokenValidationParameters.IssuerSigningKeys = await _signingKeysResolver.GetSigningKeys(issuer);
return(tokenValidationParameters);
}
