private static TokenValidationParameters CreateTokenValidationParams(JwtConfig jwtConfig)
        {
            var signingKeyAsBytes = Encoding.UTF8.GetBytes(jwtConfig.AccessTokenSecretKey);

            return(new TokenValidationParameters
            {
                ValidIssuer = jwtConfig.Issuer,
                ValidAudience = jwtConfig.Audience,
                IssuerSigningKey = new SymmetricSecurityKey(signingKeyAsBytes),
                ValidAlgorithms = new List <string> {
                    SecurityAlgorithms.HmacSha256
                }
            });
        }
Esempio n. 2
0
        public static IServiceCollection AddJwtAuthentication(this IServiceCollection services)
        {
            IConfiguration configuration;

            using (var serviceProvider = services.BuildServiceProvider())
            {
                configuration = serviceProvider.GetRequiredService <IConfiguration>();
            }

            services.Configure <JwtConfig>(configuration.GetSection("JwtConfig"));

            var jwtConfig = new JwtConfig();

            configuration.GetSection("JwtConfig").Bind(jwtConfig);

            services
            .AddAuthentication()
            .AddJwtBearer(options =>
            {
                var accessTokenSecret             = Encoding.UTF8.GetBytes(jwtConfig.AccessTokenSecretKey);
                options.TokenValidationParameters = new TokenValidationParameters
                {
                    IssuerSigningKey = new SymmetricSecurityKey(accessTokenSecret),
                    ValidIssuer      = jwtConfig.Issuer,
                    ValidAudience    = jwtConfig.Audience,
                    ValidAlgorithms  = new List <string> {
                        SecurityAlgorithms.HmacSha256
                    },
                    ClockSkew = TimeSpan.Zero
                };
                options.SaveToken = true;
            });

            services.AddAuthorization(options =>
            {
                options.AddPolicy("Admin", builder =>
                {
                    builder.RequireClaim("Role", "ADMIN", "SUPER_ADMIN");
                });
                options.AddPolicy("SuperAdmin", builder =>
                {
                    builder.RequireClaim("Role", "SUPER_ADMIN");
                });
            });

            services.AddSingleton <IAccessTokenDecoder, AccessTokenDecoder>();

            return(services);
        }