/// <summary> /// Gets token, verifies, and adds claims to OWIN context. /// </summary> /// <param name="headers"></param> /// <param name="context"></param> public void ProcessToken(IDictionary <string, string[]> headers, ref IOwinContext context) { try { // verify token and set principal if (!headers.ContainsKey("Authorization")) { return; } var token = GetTokenFromAuthorizationHeader(headers["Authorization"]); if (token == "") { return; } var jwtConfig = new JwtConfig(true, context.Request.Uri.GetLeftPart(UriPartial.Authority)); var claimsPrincipal = JsonWebToken.VerifyToken(jwtConfig, token); AddClaimsToContext(claimsPrincipal, ref context); // set the context user to trigger Auth Attribute context.Request.User = claimsPrincipal; } catch (Exception e) { // ignored Logger.Error("Failed Token", e); } }
/// <summary> /// Creates a token /// </summary> /// <param name="config"></param> /// <param name="start"></param> /// <param name="payload"></param> /// <param name="isRefresh"></param> /// <returns></returns> private static string CreateToken(JwtConfig config, DateTime start, IDictionary <string, string[]> payload, bool isRefresh) { var claimsIdentity = CreateClaimsIdentity(payload); var descriptor = CreateDescriptor(start, config, claimsIdentity, isRefresh); return(CreateToken(descriptor)); }
/// <summary> /// Verifies token and returns claims. /// Throws exception if invalid or unverified. /// </summary> /// <param name="config"></param> /// <param name="tokenStr"></param> /// <returns></returns> public static ClaimsPrincipal VerifyToken(JwtConfig config, string tokenStr) { var validationParams = GetValidationParams(config); SecurityToken jwt; var tokenHandler = new JwtSecurityTokenHandler(); var principal = tokenHandler.ValidateToken(tokenStr, validationParams, out jwt); return(principal); }
/// <summary> /// This verifies a refresh token. /// If valid, we return a new access token /// and a new refresh token with the necessary info to save it. /// </summary> /// <param name="config"></param> /// <param name="refreshToken"></param> /// <returns></returns> public static bool GrantNewAccess(JwtConfig config, string refreshToken) { try { // remember, this will throw if invalid / expired VerifyToken(config, refreshToken); return(true); } catch (Exception) { return(false); } }
/// <summary> /// Creates validation parameters from config settings. /// </summary> /// <param name="config"></param> /// <returns></returns> private static TokenValidationParameters GetValidationParams(JwtConfig config) { return(new TokenValidationParameters { ValidAudience = config.AppliesToAddress, ValidateAudience = true, IssuerSigningKey = new InMemorySymmetricSecurityKey(GetSymKey(config.SecretKey)), ValidateIssuerSigningKey = true, ValidIssuer = config.Issuer, ValidateIssuer = true, ValidateLifetime = true, ClockSkew = TimeSpan.FromMinutes(1.5) }); }
/// <summary> /// Creates the Security Token Descriptor from the config /// settings and Claims Identity. /// </summary> /// <param name="date"></param> /// <param name="config"></param> /// <param name="ci"></param> /// <param name="isRefresh"></param> /// <returns></returns> private static SecurityTokenDescriptor CreateDescriptor(DateTime date, JwtConfig config, ClaimsIdentity ci, bool isRefresh) { var symKey = GetSymKey(config.SecretKey); var minutes = isRefresh ? config.RefreshMinutes : config.AccessMinutes; var tokenDescriptor = new SecurityTokenDescriptor { Subject = ci, TokenIssuerName = config.Issuer, AppliesToAddress = config.AppliesToAddress, Lifetime = new Lifetime(date, date.AddMinutes(minutes)), SigningCredentials = new SigningCredentials(new InMemorySymmetricSecurityKey(symKey), "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", "http://www.w3.org/2001/04/xmlenc#sha256") }; return(tokenDescriptor); }
/// <summary> /// Creates a refresh token. /// Uses the refreshMinutes from the JWTConfig. /// See JWTConfig for more info. /// </summary> /// <param name="config"></param> /// <param name="start"></param> /// <param name="payload"></param> /// <returns></returns> public static string CreateRefreshToken(JwtConfig config, DateTime start, IDictionary <string, string[]> payload) { return(CreateToken(config, start, payload, true)); }
/// <summary> /// Creates an access token from info. /// Basically, just uses the accessMinutes from the JWTConfig. /// See JWTConfig for more info. /// </summary> /// <param name="config"></param> /// <param name="start"></param> /// <param name="payload"></param> /// <returns></returns> public static string CreateAccessToken(JwtConfig config, DateTime start, IDictionary <string, string[]> payload) { return(CreateToken(config, start, payload, false)); }