private static TokenValidationParameters CreateTokenValidationParams(JwtConfig jwtConfig)
{
var signingKeyAsBytes = Encoding.UTF8.GetBytes(jwtConfig.AccessTokenSecretKey);
return(new TokenValidationParameters
{
ValidIssuer = jwtConfig.Issuer,
ValidAudience = jwtConfig.Audience,
IssuerSigningKey = new SymmetricSecurityKey(signingKeyAsBytes),
ValidAlgorithms = new List <string> {
SecurityAlgorithms.HmacSha256
}
});
}
public static IServiceCollection AddJwtAuthentication(this IServiceCollection services)
{
IConfiguration configuration;
using (var serviceProvider = services.BuildServiceProvider())
{
configuration = serviceProvider.GetRequiredService <IConfiguration>();
}
services.Configure <JwtConfig>(configuration.GetSection("JwtConfig"));
var jwtConfig = new JwtConfig();
configuration.GetSection("JwtConfig").Bind(jwtConfig);
services
.AddAuthentication()
.AddJwtBearer(options =>
{
var accessTokenSecret = Encoding.UTF8.GetBytes(jwtConfig.AccessTokenSecretKey);
options.TokenValidationParameters = new TokenValidationParameters
{
IssuerSigningKey = new SymmetricSecurityKey(accessTokenSecret),
ValidIssuer = jwtConfig.Issuer,
ValidAudience = jwtConfig.Audience,
ValidAlgorithms = new List <string> {
SecurityAlgorithms.HmacSha256
},
ClockSkew = TimeSpan.Zero
};
options.SaveToken = true;
});
services.AddAuthorization(options =>
{
options.AddPolicy("Admin", builder =>
{
builder.RequireClaim("Role", "ADMIN", "SUPER_ADMIN");
});
options.AddPolicy("SuperAdmin", builder =>
{
builder.RequireClaim("Role", "SUPER_ADMIN");
});
});
services.AddSingleton <IAccessTokenDecoder, AccessTokenDecoder>();
return(services);
}
