protected override void ApplicationStartup(TinyIoCContainer container, IPipelines pipelines)
{
Auth0Authenticator auth0Authenticator = container.Resolve <Auth0Authenticator>();
base.ApplicationStartup(container, pipelines);
pipelines.EnableJwtBearerAuthentication(
new JwtBearerAuthenticationConfiguration
{
//Challenge = "Guest",
TokenValidationParameters = new TokenValidationParameters
{
// The signing key must match!
ValidateIssuerSigningKey = true,
IssuerSigningKey = jwtSigningKey,
// Validate the JWT Issuer (iss) claim
ValidateIssuer = true,
ValidIssuer = $"https://{AuthSettings.Auth0Domain}/",
// Validate the JWT Audience (aud) claim
ValidateAudience = true,
ValidAudience = AuthSettings.Auth0ApiIdentifier,
// Validate the token expiry
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero,
ValidateActor = true,
},
}
);
pipelines.BeforeRequest.AddItemToEndOfPipeline(async(context, cancelToken) =>
{
if (context.CurrentUser != null)
{
UserInfo userInfo = await auth0Authenticator.GetUserInfo(FetchBearerToken(context));
if (userInfo != null)
{
context.SetCurrentUserInfo(userInfo);
context.CurrentUser.AddIdentity(new ClaimsIdentity(userInfo.ToClaims()));
}
}
return(null);
});
pipelines.AfterRequest.AddItemToEndOfPipeline(context =>
{
Console.WriteLine(Print(context));
});
}
public AuthModule(
Auth0Authenticator auth0Authenticator
) : base("/auth")
{
Post(
path: "/token",
action: async(_, c) =>
{
System.Security.Claims.ClaimsPrincipal user = Context.CurrentUser;
if (user == null)
{
return(HttpStatusCode.Forbidden);
}
if (!user.Identity.IsAuthenticated)
{
return(HttpStatusCode.Unauthorized);
}
AuthTokenResult tokenResult = await auth0Authenticator.GetApiAccessTokenFor(
user.Claims.Single(x => x.Type == BasicAuthUserValidator.clientIdClaimName).Value,
user.Claims.Single(x => x.Type == BasicAuthUserValidator.clientSecretClaimName).Value
);
if (!tokenResult.IsSuccessful)
{
return(HttpStatusCode.Unauthorized);
}
return(Response.AsJson(new {
token = tokenResult.Token,
asOf = tokenResult.AsOf.ToString(),
expiresInSeconds = (int)tokenResult.ExpiresIn.TotalSeconds,
}));
},
condition: null,
name: null
);
}
/// <summary>
/// Authenticates the user via an "Authentication: Bearer {token}" header in an HTTP request message.
/// Returns a user principal containing claims from the token and a token that can be used to perform actions on behalf of the user.
/// Throws an exception if the token fails to authenticate or if the Authentication header is missing or malformed.
/// This method has an asynchronous signature, but usually completes synchronously.
/// </summary>
/// <param name="this">The authenticator instance.</param>
/// <param name="request">The HTTP request.</param>
/// <param name="cancellationToken">An optional cancellation token.</param>
public static Task <(ClaimsPrincipal User, SecurityToken ValidatedToken)> AuthenticateAsync(this Auth0Authenticator @this, HttpRequestMessage request,
CancellationToken cancellationToken = new CancellationToken()) =>
/// <summary>
/// Authenticates the user via an "Authentication: Bearer {token}" header.
/// Returns a user principal containing claims from the token and a token that can be used to perform actions on behalf of the user.
/// Throws an exception if the token fails to authenticate or if the Authentication header is malformed.
/// This method has an asynchronous signature, but usually completes synchronously.
/// </summary>
/// <param name="this">The authenticator instance.</param>
/// <param name="header">The authentication header.</param>
/// <param name="cancellationToken">An optional cancellation token.</param>
public static async Task <(ClaimsPrincipal User, SecurityToken ValidatedToken)> AuthenticateAsync(this Auth0Authenticator @this, AuthenticationHeaderValue header,
CancellationToken cancellationToken = new CancellationToken())
{
if (header == null || !string.Equals(header.Scheme, "Bearer", StringComparison.InvariantCultureIgnoreCase))
{
throw new InvalidOperationException("Authentication header does not use Bearer token.");
}
return(await @this.AuthenticateAsync(header.Parameter, cancellationToken));
}
