Esempio n. 1
0
        async Task <AccessTokenResult> ValidateUsingJWKs(HttpClient client, DiscoveryDocumentResponse disco, string token, CancellationToken cancellationToken = default)
        {
            // Replace with your authorization server URL:

            var configurationManager = new ConfigurationManager <OpenIdConnectConfiguration>(
                _issuerUrl + "/.well-known/oauth-authorization-server",
                new OpenIdConnectConfigurationRetriever(),
                new HttpDocumentRetriever());

            var discoveryDocument = await configurationManager.GetConfigurationAsync(cancellationToken);

            var signingKeys = discoveryDocument.SigningKeys;

            var validationParameters = new TokenValidationParameters
            {
                RequireExpirationTime = true,
                RequireSignedTokens   = true,

                ValidateIssuer = true,
                ValidIssuer    = _issuerUrl,

                ValidateIssuerSigningKey = true,
                IssuerSigningKeys        = signingKeys,

                ValidateAudience = false,

                ValidateLifetime = true,
                // Allow for some drift in server time
                // (a lower value is better; we recommend two minutes or less)
                ClockSkew = TimeSpan.FromMinutes(2),
                // See additional validation for aud below
            };

            try
            {
                var principal = new JwtSecurityTokenHandler()
                                .ValidateToken(token, validationParameters, out var rawValidatedToken);

                var securityToken = (JwtSecurityToken)rawValidatedToken;

                return(AccessTokenResult.Success(principal));
            }
            catch (SecurityTokenValidationException ex)
            {
                // Logging, etc.

                return(AccessTokenResult.Expired());
            }


            //var claimsColl = instrospectResponse.Claims;

            //var claimsIdentity = new ClaimsIdentity(claimsColl, "oidc");

            //var principal = new ClaimsPrincipal(claimsIdentity);

            //return AccessTokenResult.Success(principal);
        }
Esempio n. 2
0
        async Task <AccessTokenResult> ValidateUsingUserInfo(HttpClient client, DiscoveryDocumentResponse disco, string token, CancellationToken cancellationToken = default)
        {
            var response = await client.GetUserInfoAsync(new UserInfoRequest
            {
                Address = disco.UserInfoEndpoint,
                Token   = token
            });

            var claimsColl     = response.Claims;
            var claimsIdentity = new ClaimsIdentity(claimsColl, "oidc");

            var principal = new ClaimsPrincipal(claimsIdentity);

            return(AccessTokenResult.Success(principal));
        }
Esempio n. 3
0
        async Task <AccessTokenResult> ValidateUsingInstrospect(HttpClient client, DiscoveryDocumentResponse disco, string token, CancellationToken cancellationToken = default)
        {
            var instrospectResponse = await client.IntrospectTokenAsync(new TokenIntrospectionRequest()
            {
                Address       = disco.IntrospectionEndpoint,
                ClientId      = Environment.GetEnvironmentVariable("ClientId"),
                Token         = token,
                TokenTypeHint = "access_token"
            }, CancellationToken.None);

            var claimsColl = instrospectResponse.Claims;

            var claimsIdentity = new ClaimsIdentity(claimsColl, "oidc");

            var principal = new ClaimsPrincipal(claimsIdentity);

            return(AccessTokenResult.Success(principal));
        }
Esempio n. 4
0
        public Task <AccessTokenResult> ValidateToken(HttpRequest request, CancellationToken cancellationToken = default)
        {
            try
            {
                if (request != null &&
                    request.Headers.ContainsKey(AUTH_HEADER_NAME) &&
                    request.Headers[AUTH_HEADER_NAME].ToString().StartsWith(BEARER_PREFIX))
                {
                    var token = request.Headers[AUTH_HEADER_NAME].ToString().Substring(BEARER_PREFIX.Length);

                    var tokenParams = new TokenValidationParameters()
                    {
                        RequireSignedTokens      = true,
                        ValidAudience            = _audience,
                        ValidateAudience         = true,
                        ValidIssuer              = _issuer,
                        ValidateIssuer           = true,
                        ValidateIssuerSigningKey = true,
                        ValidateLifetime         = true,
                        IssuerSigningKey         = new SymmetricSecurityKey(Token)
                    };

                    var handler = new JwtSecurityTokenHandler();
                    var result  = handler.ValidateToken(token, tokenParams, out var securityToken);
                    return(Task.FromResult <AccessTokenResult>(AccessTokenResult.Success(result)));
                }
                else
                {
                    return(Task.FromResult <AccessTokenResult>(AccessTokenResult.NoToken()));
                }
            }
            catch (SecurityTokenExpiredException)
            {
                return(Task.FromResult <AccessTokenResult>(AccessTokenResult.Expired()));
            }
            catch (Exception ex)
            {
                return(Task.FromResult <AccessTokenResult>(AccessTokenResult.Error(ex)));
            }
        }