public static void install(IPipelines pipelines, IEnumerable <ITokenCryptoAlgorithm> algorithms) { pipelines.BeforeRequest.AddItemToEndOfPipeline(ctx => { var authToken = ctx.Request.Headers.Authorization; if (string.IsNullOrEmpty(authToken)) { return(null); } foreach (var algorithm in algorithms) { try { var claims = new WebTokenBuilder() .withAlgorithm(algorithm) .mustVerify() .decode(authToken); ctx.CurrentUser = new ClaimsPrincipal( new ClaimsIdentity(claims.Select(x => new Claim(x.Key, x.Value.ToString()))) ); ctx.Items["claims"] = claims; return(null); } catch (TokenExpiredException) { return(null); // no auth } catch (SignatureVerificationException) { continue; // try the next algo } } return(null); // failure }); }
public string createToken(UserIdentity user) { var tokenBuilder = new WebTokenBuilder() .withAlgorithm(new RS384Algorithm(serverContext.configuration.crypto)); // add user claims tokenBuilder .addClaim(CLAIM_SERVER, serverContext.configuration.authServerId) .addClaim(CLAIM_USERNAME, user.username) .addClaim(CLAIM_IDENTIFIER, user.identifier) .addClaim(CLAIM_GROUPS, user.packGroups()) .expire(DateTime.Now.Add(serverContext.configuration.tokenValidity)); // check special users if (serverContext.configuration.admins.Contains(user.identifier)) { tokenBuilder.addClaim(CLAIM_ADMIN, true); } return(tokenBuilder.build()); }