protected override void ApplicationStartup(TinyIoCContainer container, IPipelines pipelines) { Auth0Authenticator auth0Authenticator = container.Resolve <Auth0Authenticator>(); base.ApplicationStartup(container, pipelines); pipelines.EnableJwtBearerAuthentication( new JwtBearerAuthenticationConfiguration { //Challenge = "Guest", TokenValidationParameters = new TokenValidationParameters { // The signing key must match! ValidateIssuerSigningKey = true, IssuerSigningKey = jwtSigningKey, // Validate the JWT Issuer (iss) claim ValidateIssuer = true, ValidIssuer = $"https://{AuthSettings.Auth0Domain}/", // Validate the JWT Audience (aud) claim ValidateAudience = true, ValidAudience = AuthSettings.Auth0ApiIdentifier, // Validate the token expiry ValidateLifetime = true, ClockSkew = TimeSpan.Zero, ValidateActor = true, }, } ); pipelines.BeforeRequest.AddItemToEndOfPipeline(async(context, cancelToken) => { if (context.CurrentUser != null) { UserInfo userInfo = await auth0Authenticator.GetUserInfo(FetchBearerToken(context)); if (userInfo != null) { context.SetCurrentUserInfo(userInfo); context.CurrentUser.AddIdentity(new ClaimsIdentity(userInfo.ToClaims())); } } return(null); }); pipelines.AfterRequest.AddItemToEndOfPipeline(context => { Console.WriteLine(Print(context)); }); }
public AuthModule( Auth0Authenticator auth0Authenticator ) : base("/auth") { Post( path: "/token", action: async(_, c) => { System.Security.Claims.ClaimsPrincipal user = Context.CurrentUser; if (user == null) { return(HttpStatusCode.Forbidden); } if (!user.Identity.IsAuthenticated) { return(HttpStatusCode.Unauthorized); } AuthTokenResult tokenResult = await auth0Authenticator.GetApiAccessTokenFor( user.Claims.Single(x => x.Type == BasicAuthUserValidator.clientIdClaimName).Value, user.Claims.Single(x => x.Type == BasicAuthUserValidator.clientSecretClaimName).Value ); if (!tokenResult.IsSuccessful) { return(HttpStatusCode.Unauthorized); } return(Response.AsJson(new { token = tokenResult.Token, asOf = tokenResult.AsOf.ToString(), expiresInSeconds = (int)tokenResult.ExpiresIn.TotalSeconds, })); }, condition: null, name: null ); }
/// <summary> /// Authenticates the user via an "Authentication: Bearer {token}" header in an HTTP request message. /// Returns a user principal containing claims from the token and a token that can be used to perform actions on behalf of the user. /// Throws an exception if the token fails to authenticate or if the Authentication header is missing or malformed. /// This method has an asynchronous signature, but usually completes synchronously. /// </summary> /// <param name="this">The authenticator instance.</param> /// <param name="request">The HTTP request.</param> /// <param name="cancellationToken">An optional cancellation token.</param> public static Task <(ClaimsPrincipal User, SecurityToken ValidatedToken)> AuthenticateAsync(this Auth0Authenticator @this, HttpRequestMessage request, CancellationToken cancellationToken = new CancellationToken()) =>
/// <summary> /// Authenticates the user via an "Authentication: Bearer {token}" header. /// Returns a user principal containing claims from the token and a token that can be used to perform actions on behalf of the user. /// Throws an exception if the token fails to authenticate or if the Authentication header is malformed. /// This method has an asynchronous signature, but usually completes synchronously. /// </summary> /// <param name="this">The authenticator instance.</param> /// <param name="header">The authentication header.</param> /// <param name="cancellationToken">An optional cancellation token.</param> public static async Task <(ClaimsPrincipal User, SecurityToken ValidatedToken)> AuthenticateAsync(this Auth0Authenticator @this, AuthenticationHeaderValue header, CancellationToken cancellationToken = new CancellationToken()) { if (header == null || !string.Equals(header.Scheme, "Bearer", StringComparison.InvariantCultureIgnoreCase)) { throw new InvalidOperationException("Authentication header does not use Bearer token."); } return(await @this.AuthenticateAsync(header.Parameter, cancellationToken)); }