public async Task Invoke(HttpContext httpContext)
{
if (AuthenticationHeaderValue.TryParse(httpContext.Request.Headers["Authorization"], out var auth) &&
string.Equals(auth.Scheme, "Bearer", StringComparison.OrdinalIgnoreCase))
{
using var kubernetes = new Kubernetes(KubernetesClientConfiguration.BuildDefaultConfig());
var tokenReview = await kubernetes.CreateTokenReviewAsync(
new V1TokenReview(
new V1TokenReviewSpec(token: auth.Parameter)));
if (tokenReview.Status.Authenticated.GetValueOrDefault())
{
var identity = new ClaimsIdentity("Kubernetes");
identity.AddClaim(new Claim(identity.NameClaimType, tokenReview.Status.User.Username));
foreach (var group in tokenReview.Status.User.Groups)
{
identity.AddClaim(new Claim(identity.RoleClaimType, group));
}
httpContext.User = new ClaimsPrincipal(identity);
}
}
await next.Invoke(httpContext);
}