public static void install(IPipelines pipelines, IEnumerable <ITokenCryptoAlgorithm> algorithms)
{
pipelines.BeforeRequest.AddItemToEndOfPipeline(ctx => {
var authToken = ctx.Request.Headers.Authorization;
if (string.IsNullOrEmpty(authToken))
{
return(null);
}
foreach (var algorithm in algorithms)
{
try {
var claims = new WebTokenBuilder()
.withAlgorithm(algorithm)
.mustVerify()
.decode(authToken);
ctx.CurrentUser =
new ClaimsPrincipal(
new ClaimsIdentity(claims.Select(x => new Claim(x.Key, x.Value.ToString())))
);
ctx.Items["claims"] = claims;
return(null);
} catch (TokenExpiredException) {
return(null); // no auth
} catch (SignatureVerificationException) {
continue; // try the next algo
}
}
return(null); // failure
});
}
public string createToken(UserIdentity user)
{
var tokenBuilder = new WebTokenBuilder()
.withAlgorithm(new RS384Algorithm(serverContext.configuration.crypto));
// add user claims
tokenBuilder
.addClaim(CLAIM_SERVER, serverContext.configuration.authServerId)
.addClaim(CLAIM_USERNAME, user.username)
.addClaim(CLAIM_IDENTIFIER, user.identifier)
.addClaim(CLAIM_GROUPS, user.packGroups())
.expire(DateTime.Now.Add(serverContext.configuration.tokenValidity));
// check special users
if (serverContext.configuration.admins.Contains(user.identifier))
{
tokenBuilder.addClaim(CLAIM_ADMIN, true);
}
return(tokenBuilder.build());
}
