public static AuthenticationBuilder AddJwtValidator(
this AuthenticationBuilder builder,
IConfiguration configuration)
{
builder.Services
.Configure <JwtValidatorSettings>(configuration.GetSection(nameof(JwtValidatorSettings)));
return(builder
.AddJwtBearer(options =>
{
var section = configuration.GetSection(nameof(JwtValidatorSettings));
var audience = section.GetValue <string>(nameof(JwtValidatorSettings.Audience));
var signingKey = section.GetValue <string>(nameof(JwtValidatorSettings.SigningKey));
options.SaveToken = true;
options.RequireHttpsMetadata = false;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = !string.IsNullOrWhiteSpace(audience),
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = JwtDefaults.AuthenticationScheme,
ValidAudience = audience,
IssuerSigningKey = SymmetricSecurityKeyHelper.GetSymmetricSecurityKey(signingKey)
};
}));
}
/// <summary>
/// Enables the JWT bearer authentication by registering it in the specified <see cref="serviceCollection"/>.
/// </summary>
private static void AddJwtBearerAuthentication(IServiceCollection serviceCollection)
{
using ServiceProvider provider = serviceCollection.BuildServiceProvider();
JwtAccessTokenConfig tokenConfig = provider
.GetRequiredService <IOptions <JwtAccessTokenConfig> >()
.Value;
serviceCollection
.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(o =>
{
o.TokenValidationParameters = new TokenValidationParameters
{
ValidateLifetime = true,
ValidateIssuer = true,
ValidateAudience = true,
ValidateIssuerSigningKey = true,
ClockSkew = tokenConfig.ClockSkew,
ValidIssuer = tokenConfig.ValidIssuer,
ValidAudience = tokenConfig.ValidAudience,
IssuerSigningKey =
SymmetricSecurityKeyHelper.CreateFromString(tokenConfig.IssuerSigningKey)
};
});
}
/// <summary>
/// Creates an instance of type <see cref="SigningCredentials"/> based on the specified parameters.
/// </summary>
private SigningCredentials CreateSigningCredentials(string issuerSigningKey, string encryptionAlgorithm)
{
SymmetricSecurityKey symmetricSecurityKey =
SymmetricSecurityKeyHelper.CreateFromString(issuerSigningKey);
return(new SigningCredentials(symmetricSecurityKey, encryptionAlgorithm));
}
public string Generate(string key, string audience, IEnumerable <Claim> claims, TimeSpan expiresTimeSpan)
{
var now = DateTime.UtcNow;
var expires = now.Add(expiresTimeSpan);
var securityKey = SymmetricSecurityKeyHelper.GetSymmetricSecurityKey(key);
var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
var jwt = new JwtSecurityToken(JwtDefaults.AuthenticationScheme, audience, claims, now, expires, credentials);
return(new JwtSecurityTokenHandler().WriteToken(jwt));
}
