예제 #1
0
    /// <inheritdoc/>
    public void Configure(string name, TAuthenticationOptions options)
    {
        // we have to resolve these here due to DI lifetime issues
        var providerOptions = _httpContextAccessor.HttpContext.RequestServices.GetRequiredService <DynamicProviderOptions>();
        var cache           = _httpContextAccessor.HttpContext.RequestServices.GetRequiredService <DynamicAuthenticationSchemeCache>();

        var idp = cache.GetIdentityProvider <TIdentityProvider>(name);

        if (idp != null)
        {
            var pathPrefix = providerOptions.PathPrefix + "/" + idp.Scheme;
            var ctx        = new ConfigureAuthenticationContext <TAuthenticationOptions, TIdentityProvider>
            {
                IdentityProvider       = idp,
                AuthenticationOptions  = options,
                DynamicProviderOptions = providerOptions,
                PathPrefix             = pathPrefix
            };
            Configure(ctx);
        }
    }
예제 #2
0
    protected override void Configure(ConfigureAuthenticationContext <OpenIdConnectOptions, OidcProvider> context)
    {
        context.AuthenticationOptions.SignInScheme  = context.DynamicProviderOptions.SignInScheme;
        context.AuthenticationOptions.SignOutScheme = context.DynamicProviderOptions.SignOutScheme;

        context.AuthenticationOptions.Authority            = context.IdentityProvider.Authority;
        context.AuthenticationOptions.RequireHttpsMetadata = context.IdentityProvider.Authority.StartsWith("https");

        context.AuthenticationOptions.ClientId     = context.IdentityProvider.ClientId;
        context.AuthenticationOptions.ClientSecret = context.IdentityProvider.ClientSecret;

        context.AuthenticationOptions.ResponseType = context.IdentityProvider.ResponseType;
        context.AuthenticationOptions.ResponseMode =
            context.IdentityProvider.ResponseType.Contains("id_token") ? "form_post" : "query";
        context.AuthenticationOptions.UsePkce = context.IdentityProvider.UsePkce;

        context.AuthenticationOptions.Scope.Clear();
        foreach (var scope in context.IdentityProvider.Scopes)
        {
            context.AuthenticationOptions.Scope.Add(scope);
        }

        context.AuthenticationOptions.SaveTokens = true;
        context.AuthenticationOptions.GetClaimsFromUserInfoEndpoint = context.IdentityProvider.GetClaimsFromUserInfoEndpoint;
        context.AuthenticationOptions.DisableTelemetry = true;
#if NET5_0_OR_GREATER
        context.AuthenticationOptions.MapInboundClaims = false;
#else
        context.AuthenticationOptions.SecurityTokenValidator = new JwtSecurityTokenHandler
        {
            MapInboundClaims = false
        };
#endif
        context.AuthenticationOptions.TokenValidationParameters.NameClaimType = JwtClaimTypes.Name;
        context.AuthenticationOptions.TokenValidationParameters.RoleClaimType = JwtClaimTypes.Role;

        context.AuthenticationOptions.CallbackPath          = context.PathPrefix + "/signin";
        context.AuthenticationOptions.SignedOutCallbackPath = context.PathPrefix + "/signout-callback";
        context.AuthenticationOptions.RemoteSignOutPath     = context.PathPrefix + "/signout";
    }
예제 #3
0
 /// <summary>
 /// Allows for configuring the handler options from the identity provider configuration.
 /// </summary>
 /// <param name="context"></param>
 protected abstract void Configure(ConfigureAuthenticationContext <TAuthenticationOptions, TIdentityProvider> context);