private static IConveyBuilder AddJwt(this IConveyBuilder builder, JwtOptions options) { if (!builder.TryRegister(RegistryName)) { return(builder); } builder.Services.AddSingleton(options); builder.Services.AddSingleton <IJwtHandler, JwtHandler>(); builder.Services.AddSingleton <IAccessTokenService, InMemoryAccessTokenService>(); builder.Services.AddTransient <AccessTokenValidatorMiddleware>(); var tokenValidationParameters = new TokenValidationParameters { RequireAudience = options.RequireAudience, ValidIssuer = options.ValidIssuer, ValidIssuers = options.ValidIssuers, ValidateActor = options.ValidateActor, ValidAudience = options.ValidAudience, ValidAudiences = options.ValidAudiences, ValidateAudience = options.ValidateAudience, ValidateIssuer = options.ValidateIssuer, ValidateLifetime = options.ValidateLifetime, ValidateTokenReplay = options.ValidateTokenReplay, ValidateIssuerSigningKey = options.ValidateIssuerSigningKey, SaveSigninToken = options.SaveSigninToken, RequireExpirationTime = options.RequireExpirationTime, RequireSignedTokens = options.RequireSignedTokens, ClockSkew = TimeSpan.Zero }; if (!string.IsNullOrWhiteSpace(options.AuthenticationType)) { tokenValidationParameters.AuthenticationType = options.AuthenticationType; } if (!string.IsNullOrWhiteSpace(options.IssuerSigningKey)) { tokenValidationParameters.IssuerSigningKey = new SymmetricSecurityKey( Encoding.UTF8.GetBytes(options.IssuerSigningKey)); } if (!string.IsNullOrWhiteSpace(options.NameClaimType)) { tokenValidationParameters.NameClaimType = options.NameClaimType; } if (!string.IsNullOrWhiteSpace(options.RoleClaimType)) { tokenValidationParameters.RoleClaimType = options.RoleClaimType; } builder.Services.AddSingleton(tokenValidationParameters); builder.Services .AddAuthentication(o => { o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(o => { o.Authority = options.Authority; o.Audience = options.Audience; o.MetadataAddress = options.MetadataAddress; o.SaveToken = options.SaveToken; o.RefreshOnIssuerKeyNotFound = options.RefreshOnIssuerKeyNotFound; o.RequireHttpsMetadata = options.RequireHttpsMetadata; o.IncludeErrorDetails = options.IncludeErrorDetails; o.TokenValidationParameters = tokenValidationParameters; if (!string.IsNullOrWhiteSpace(options.Challenge)) { o.Challenge = options.Challenge; } }); return(builder); }
public AccessTokenValidatorMiddleware(IAccessTokenService accessTokenService, JwtOptions options) { _accessTokenService = accessTokenService; _endpoints = options.AllowAnonymousEndpoints ?? Enumerable.Empty <string>(); }