/// <summary>
/// Adds Bearer token processing to an HTTP application pipeline. This middleware understands appropriately
/// formatted and secured tokens which appear in the request header. If the Options.AuthenticationMode is Active, the
/// claims within the bearer token are added to the current request's IPrincipal User. If the Options.AuthenticationMode
/// is Passive, then the current request is not modified, but IAuthenticationManager AuthenticateAsync may be used at
/// any time to obtain the claims from the request's bearer token.
/// See also http://tools.ietf.org/html/rfc6749
/// </summary>
/// <param name="app">The application builder</param>
/// <param name="configureOptions">Used to configure Middleware options.</param>
/// <returns>The application builder</returns>
public static IApplicationBuilder UseJwtBearerAuthentication([NotNull] this IApplicationBuilder app, Action<JwtBearerOptions> configureOptions)
{
var options = new JwtBearerOptions();
if (configureOptions != null)
{
configureOptions(options);
}
return app.UseJwtBearerAuthentication(options);
}
public BaseJwtBearerContext(HttpContext context, JwtBearerOptions options)
: base(context)
{
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
Options = options;
}
/// <summary>
/// Adds the <see cref="JwtBearerMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Bearer token processing capabilities.
/// This middleware understands appropriately
/// formatted and secured tokens which appear in the request header. If the Options.AuthenticationMode is Active, the
/// claims within the bearer token are added to the current request's IPrincipal User. If the Options.AuthenticationMode
/// is Passive, then the current request is not modified, but IAuthenticationManager AuthenticateAsync may be used at
/// any time to obtain the claims from the request's bearer token.
/// See also http://tools.ietf.org/html/rfc6749
/// </summary>
/// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
/// <param name="configureOptions">An action delegate to configure the provided <see cref="JwtBearerOptions"/>.</param>
/// <returns>A reference to this instance after the operation has completed.</returns>
public static IApplicationBuilder UseJwtBearerAuthentication(this IApplicationBuilder app, Action<JwtBearerOptions> configureOptions)
{
if (app == null)
{
throw new ArgumentNullException(nameof(app));
}
var options = new JwtBearerOptions();
if (configureOptions != null)
{
configureOptions(options);
}
return app.UseJwtBearerAuthentication(options);
}
/// <summary>
/// Adds the <see cref="JwtBearerMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables Bearer token processing capabilities.
/// This middleware understands appropriately
/// formatted and secured tokens which appear in the request header. If the Options.AuthenticationMode is Active, the
/// claims within the bearer token are added to the current request's IPrincipal User. If the Options.AuthenticationMode
/// is Passive, then the current request is not modified, but IAuthenticationManager AuthenticateAsync may be used at
/// any time to obtain the claims from the request's bearer token.
/// See also http://tools.ietf.org/html/rfc6749
/// </summary>
/// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param>
/// <param name="options">A <see cref="JwtBearerOptions"/> that specifies options for the middleware.</param>
/// <returns>A reference to this instance after the operation has completed.</returns>
public static IApplicationBuilder UseJwtBearerAuthentication(this IApplicationBuilder app, JwtBearerOptions options)
{
if (app == null)
{
throw new ArgumentNullException(nameof(app));
}
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
return app.UseMiddleware<JwtBearerMiddleware>(options);
}
public static String GenerateToken(this JwtSecurityTokenHandler tokenHandler,
JwtBearerOptions options, SigningCredentials signingCredentials, ClaimsIdentity identity)
{
if (tokenHandler == null) throw new ArgumentNullException(nameof(tokenHandler));
if (options == null) throw new ArgumentNullException(nameof(options));
if (signingCredentials == null) throw new ArgumentNullException(nameof(signingCredentials));
if (identity == null) throw new ArgumentNullException(nameof(identity));
var token = tokenHandler.CreateToken(
issuer: options.TokenValidationParameters.ValidIssuer,
audience: options.TokenValidationParameters.ValidAudience,
signingCredentials: signingCredentials,
subject: identity);
return tokenHandler.WriteToken(token);
}
public ReceivedTokenContext(HttpContext context, JwtBearerOptions options)
: base(context, options)
{
}
private static JwtBearerOptions ConfigureJwt(IdentityServerAuthenticationOptions options)
{
var jwtOptions = new JwtBearerOptions
{
AuthenticationScheme = options.AuthenticationScheme,
Authority = options.Authority,
RequireHttpsMetadata = false,
AutomaticAuthenticate = options.AutomaticAuthenticate,
AutomaticChallenge = options.AutomaticChallenge,
BackchannelTimeout = options.BackChannelTimeouts,
RefreshOnIssuerKeyNotFound = true,
Events = new JwtBearerEvents
{
OnReceivingToken = e =>
{
e.Token = _tokenRetriever(e.Request);
return Task.FromResult(0);
},
OnValidatedToken = e =>
{
if (options.SaveTokensAsClaims)
{
e.AuthenticationTicket.Principal.Identities.First().AddClaim(
new Claim("access_token", _tokenRetriever(e.Request)));
}
return Task.FromResult(0);
}
}
};
if (options.JwtBackChannelHandler != null)
{
jwtOptions.BackchannelHttpHandler = options.JwtBackChannelHandler;
}
jwtOptions.TokenValidationParameters.ValidateAudience = false;
jwtOptions.TokenValidationParameters.NameClaimType = options.NameClaimType;
jwtOptions.TokenValidationParameters.RoleClaimType = options.RoleClaimType;
return jwtOptions;
}
public AuthenticationFailedContext(HttpContext context, JwtBearerOptions options)
: base(context, options)
{
}
public ValidatedTokenContext(HttpContext context, JwtBearerOptions options)
: base(context, options)
{
}
public AuthenticationFailedContext(HttpContext context, JwtBearerOptions options)
: base(context, options)
{
}
public ReceivingTokenContext(HttpContext context, JwtBearerOptions options)
: base(context, options)
{
}
public JwtBearerChallengeContext(HttpContext context, JwtBearerOptions options)
: base(context, options)
{
}
