/// <inheritdoc /> public void Configure(string?name, JwtBearerOptions options) { if (string.IsNullOrEmpty(name)) { return; } var configSection = _authenticationConfigurationProvider.GetSchemeConfiguration(name); if (configSection is null || !configSection.GetChildren().Any()) { return; } var issuer = configSection["ClaimsIssuer"]; var audiences = configSection.GetSection("Audiences").GetChildren().Select(aud => aud.Value).ToArray(); options.TokenValidationParameters = new() { ValidateIssuer = issuer is not null, ValidIssuers = new[] { issuer }, ValidateAudience = audiences.Length > 0, ValidAudiences = audiences, ValidateIssuerSigningKey = true, IssuerSigningKey = GetIssuerSigningKey(_configuration, issuer), }; }
/// <inheritdoc /> public void Configure(string?name, OpenIdConnectOptions options) { if (string.IsNullOrEmpty(name)) { return; } var configSection = _authenticationConfigurationProvider.GetSchemeConfiguration(name); if (configSection is null || !configSection.GetChildren().Any()) { return; } options.AccessDeniedPath = new PathString(configSection[nameof(options.AccessDeniedPath)] ?? options.AccessDeniedPath.Value); options.Authority = configSection[nameof(options.Authority)] ?? options.Authority; options.AutomaticRefreshInterval = StringHelpers.ParseValueOrDefault(configSection[nameof(options.AutomaticRefreshInterval)], _invariantTimeSpanParse, options.AutomaticRefreshInterval); options.BackchannelTimeout = StringHelpers.ParseValueOrDefault(configSection[nameof(options.BackchannelTimeout)], _invariantTimeSpanParse, options.BackchannelTimeout); options.CallbackPath = new PathString(configSection[nameof(options.CallbackPath)] ?? options.CallbackPath.Value); options.ClaimsIssuer = configSection[nameof(options.ClaimsIssuer)] ?? options.ClaimsIssuer; options.ClientId = configSection[nameof(options.ClientId)] ?? options.ClientId; options.ClientSecret = configSection[nameof(options.ClientSecret)] ?? options.ClientSecret; SetCookieFromConfig(configSection.GetSection(nameof(options.CorrelationCookie)), options.CorrelationCookie); options.DisableTelemetry = StringHelpers.ParseValueOrDefault(configSection[nameof(options.DisableTelemetry)], bool.Parse, options.DisableTelemetry); options.ForwardAuthenticate = configSection[nameof(options.ForwardAuthenticate)] ?? options.ForwardAuthenticate; options.ForwardChallenge = configSection[nameof(options.ForwardChallenge)] ?? options.ForwardChallenge; options.ForwardDefault = configSection[nameof(options.ForwardDefault)] ?? options.ForwardDefault; options.ForwardForbid = configSection[nameof(options.ForwardForbid)] ?? options.ForwardForbid; options.ForwardSignIn = configSection[nameof(options.ForwardSignIn)] ?? options.ForwardSignIn; options.ForwardSignOut = configSection[nameof(options.ForwardSignOut)] ?? options.ForwardSignOut; options.GetClaimsFromUserInfoEndpoint = StringHelpers.ParseValueOrDefault(configSection[nameof(options.GetClaimsFromUserInfoEndpoint)], bool.Parse, options.GetClaimsFromUserInfoEndpoint); options.MapInboundClaims = StringHelpers.ParseValueOrDefault(configSection[nameof(options.MapInboundClaims)], bool.Parse, options.MapInboundClaims); options.MaxAge = StringHelpers.ParseValueOrDefault(configSection[nameof(options.MaxAge)], _invariantNullableTimeSpanParse, options.MaxAge); options.MetadataAddress = configSection[nameof(options.MetadataAddress)] ?? options.MetadataAddress; SetCookieFromConfig(configSection.GetSection(nameof(options.NonceCookie)), options.NonceCookie); options.Prompt = configSection[nameof(options.Prompt)] ?? options.Prompt; options.RefreshInterval = StringHelpers.ParseValueOrDefault(configSection[nameof(options.RefreshInterval)], _invariantTimeSpanParse, options.RefreshInterval); options.RefreshOnIssuerKeyNotFound = StringHelpers.ParseValueOrDefault(configSection[nameof(options.RefreshOnIssuerKeyNotFound)], bool.Parse, options.RefreshOnIssuerKeyNotFound); options.RemoteAuthenticationTimeout = StringHelpers.ParseValueOrDefault(configSection[nameof(options.RemoteAuthenticationTimeout)], _invariantTimeSpanParse, options.RemoteAuthenticationTimeout); options.RemoteSignOutPath = new PathString(configSection[nameof(options.RemoteSignOutPath)] ?? options.RemoteSignOutPath.Value); options.RequireHttpsMetadata = StringHelpers.ParseValueOrDefault(configSection[nameof(options.RequireHttpsMetadata)], bool.Parse, options.RequireHttpsMetadata); options.Resource = configSection[nameof(options.Resource)] ?? options.Resource; options.ResponseMode = configSection[nameof(options.ResponseMode)] ?? options.ResponseMode; options.ResponseType = configSection[nameof(options.ResponseType)] ?? options.ResponseType; options.ReturnUrlParameter = configSection[nameof(options.ReturnUrlParameter)] ?? options.ReturnUrlParameter; options.SaveTokens = StringHelpers.ParseValueOrDefault(configSection[nameof(options.SaveTokens)], bool.Parse, options.SaveTokens); ClearAndSetListOption(options.Scope, configSection.GetSection(nameof(options.Scope))); options.SignedOutCallbackPath = new PathString(configSection[nameof(options.SignedOutCallbackPath)] ?? options.SignedOutCallbackPath.Value); options.SignedOutRedirectUri = configSection[nameof(options.SignedOutRedirectUri)] ?? options.SignedOutRedirectUri; options.SignInScheme = configSection[nameof(options.SignInScheme)] ?? options.SignInScheme; options.SignOutScheme = configSection[nameof(options.SignOutScheme)] ?? options.SignOutScheme; options.SkipUnrecognizedRequests = StringHelpers.ParseValueOrDefault(configSection[nameof(options.SkipUnrecognizedRequests)], bool.Parse, options.SkipUnrecognizedRequests); options.UsePkce = StringHelpers.ParseValueOrDefault(configSection[nameof(options.UsePkce)], bool.Parse, options.UsePkce); options.UseTokenLifetime = StringHelpers.ParseValueOrDefault(configSection[nameof(options.UseTokenLifetime)], bool.Parse, options.UseTokenLifetime); }
/// <inheritdoc /> public void Configure(string?name, JwtBearerOptions options) { if (string.IsNullOrEmpty(name)) { return; } var configSection = _authenticationConfigurationProvider.GetSchemeConfiguration(name); if (configSection is null || !configSection.GetChildren().Any()) { return; } var issuer = configSection[nameof(TokenValidationParameters.ValidIssuer)]; var issuers = configSection.GetSection(nameof(TokenValidationParameters.ValidIssuers)).GetChildren().Select(iss => iss.Value).ToList(); if (issuer is not null) { issuers.Add(issuer); } var audience = configSection[nameof(TokenValidationParameters.ValidAudience)]; var audiences = configSection.GetSection(nameof(TokenValidationParameters.ValidAudiences)).GetChildren().Select(aud => aud.Value).ToList(); if (audience is not null) { audiences.Add(audience); } options.Authority = configSection[nameof(options.Authority)] ?? options.Authority; options.BackchannelTimeout = StringHelpers.ParseValueOrDefault(configSection[nameof(options.BackchannelTimeout)], _invariantTimeSpanParse, options.BackchannelTimeout); options.Challenge = configSection[nameof(options.Challenge)] ?? options.Challenge; options.ForwardAuthenticate = configSection[nameof(options.ForwardAuthenticate)] ?? options.ForwardAuthenticate; options.ForwardChallenge = configSection[nameof(options.ForwardChallenge)] ?? options.ForwardChallenge; options.ForwardDefault = configSection[nameof(options.ForwardDefault)] ?? options.ForwardDefault; options.ForwardForbid = configSection[nameof(options.ForwardForbid)] ?? options.ForwardForbid; options.ForwardSignIn = configSection[nameof(options.ForwardSignIn)] ?? options.ForwardSignIn; options.ForwardSignOut = configSection[nameof(options.ForwardSignOut)] ?? options.ForwardSignOut; options.IncludeErrorDetails = StringHelpers.ParseValueOrDefault(configSection[nameof(options.IncludeErrorDetails)], bool.Parse, options.IncludeErrorDetails); options.MapInboundClaims = StringHelpers.ParseValueOrDefault(configSection[nameof(options.MapInboundClaims)], bool.Parse, options.MapInboundClaims); options.MetadataAddress = configSection[nameof(options.MetadataAddress)] ?? options.MetadataAddress; options.RefreshInterval = StringHelpers.ParseValueOrDefault(configSection[nameof(options.RefreshInterval)], _invariantTimeSpanParse, options.RefreshInterval); options.RefreshOnIssuerKeyNotFound = StringHelpers.ParseValueOrDefault(configSection[nameof(options.RefreshOnIssuerKeyNotFound)], bool.Parse, options.RefreshOnIssuerKeyNotFound); options.RequireHttpsMetadata = StringHelpers.ParseValueOrDefault(configSection[nameof(options.RequireHttpsMetadata)], bool.Parse, options.RequireHttpsMetadata); options.SaveToken = StringHelpers.ParseValueOrDefault(configSection[nameof(options.SaveToken)], bool.Parse, options.SaveToken); options.TokenValidationParameters = new() { ValidateIssuer = issuers.Count > 0, ValidIssuers = issuers, ValidateAudience = audiences.Count > 0, ValidAudiences = audiences, ValidateIssuerSigningKey = true, IssuerSigningKeys = GetIssuerSigningKeys(configSection, issuers), }; }