/// <inheritdoc />
public void Configure(string?name, JwtBearerOptions options)
{
if (string.IsNullOrEmpty(name))
{
return;
}
var configSection = _authenticationConfigurationProvider.GetSchemeConfiguration(name);
if (configSection is null || !configSection.GetChildren().Any())
{
return;
}
var issuer = configSection["ClaimsIssuer"];
var audiences = configSection.GetSection("Audiences").GetChildren().Select(aud => aud.Value).ToArray();
options.TokenValidationParameters = new()
{
ValidateIssuer = issuer is not null,
ValidIssuers = new[] { issuer },
ValidateAudience = audiences.Length > 0,
ValidAudiences = audiences,
ValidateIssuerSigningKey = true,
IssuerSigningKey = GetIssuerSigningKey(_configuration, issuer),
};
}
/// <inheritdoc />
public void Configure(string?name, OpenIdConnectOptions options)
{
if (string.IsNullOrEmpty(name))
{
return;
}
var configSection = _authenticationConfigurationProvider.GetSchemeConfiguration(name);
if (configSection is null || !configSection.GetChildren().Any())
{
return;
}
options.AccessDeniedPath = new PathString(configSection[nameof(options.AccessDeniedPath)] ?? options.AccessDeniedPath.Value);
options.Authority = configSection[nameof(options.Authority)] ?? options.Authority;
options.AutomaticRefreshInterval = StringHelpers.ParseValueOrDefault(configSection[nameof(options.AutomaticRefreshInterval)], _invariantTimeSpanParse, options.AutomaticRefreshInterval);
options.BackchannelTimeout = StringHelpers.ParseValueOrDefault(configSection[nameof(options.BackchannelTimeout)], _invariantTimeSpanParse, options.BackchannelTimeout);
options.CallbackPath = new PathString(configSection[nameof(options.CallbackPath)] ?? options.CallbackPath.Value);
options.ClaimsIssuer = configSection[nameof(options.ClaimsIssuer)] ?? options.ClaimsIssuer;
options.ClientId = configSection[nameof(options.ClientId)] ?? options.ClientId;
options.ClientSecret = configSection[nameof(options.ClientSecret)] ?? options.ClientSecret;
SetCookieFromConfig(configSection.GetSection(nameof(options.CorrelationCookie)), options.CorrelationCookie);
options.DisableTelemetry = StringHelpers.ParseValueOrDefault(configSection[nameof(options.DisableTelemetry)], bool.Parse, options.DisableTelemetry);
options.ForwardAuthenticate = configSection[nameof(options.ForwardAuthenticate)] ?? options.ForwardAuthenticate;
options.ForwardChallenge = configSection[nameof(options.ForwardChallenge)] ?? options.ForwardChallenge;
options.ForwardDefault = configSection[nameof(options.ForwardDefault)] ?? options.ForwardDefault;
options.ForwardForbid = configSection[nameof(options.ForwardForbid)] ?? options.ForwardForbid;
options.ForwardSignIn = configSection[nameof(options.ForwardSignIn)] ?? options.ForwardSignIn;
options.ForwardSignOut = configSection[nameof(options.ForwardSignOut)] ?? options.ForwardSignOut;
options.GetClaimsFromUserInfoEndpoint = StringHelpers.ParseValueOrDefault(configSection[nameof(options.GetClaimsFromUserInfoEndpoint)], bool.Parse, options.GetClaimsFromUserInfoEndpoint);
options.MapInboundClaims = StringHelpers.ParseValueOrDefault(configSection[nameof(options.MapInboundClaims)], bool.Parse, options.MapInboundClaims);
options.MaxAge = StringHelpers.ParseValueOrDefault(configSection[nameof(options.MaxAge)], _invariantNullableTimeSpanParse, options.MaxAge);
options.MetadataAddress = configSection[nameof(options.MetadataAddress)] ?? options.MetadataAddress;
SetCookieFromConfig(configSection.GetSection(nameof(options.NonceCookie)), options.NonceCookie);
options.Prompt = configSection[nameof(options.Prompt)] ?? options.Prompt;
options.RefreshInterval = StringHelpers.ParseValueOrDefault(configSection[nameof(options.RefreshInterval)], _invariantTimeSpanParse, options.RefreshInterval);
options.RefreshOnIssuerKeyNotFound = StringHelpers.ParseValueOrDefault(configSection[nameof(options.RefreshOnIssuerKeyNotFound)], bool.Parse, options.RefreshOnIssuerKeyNotFound);
options.RemoteAuthenticationTimeout = StringHelpers.ParseValueOrDefault(configSection[nameof(options.RemoteAuthenticationTimeout)], _invariantTimeSpanParse, options.RemoteAuthenticationTimeout);
options.RemoteSignOutPath = new PathString(configSection[nameof(options.RemoteSignOutPath)] ?? options.RemoteSignOutPath.Value);
options.RequireHttpsMetadata = StringHelpers.ParseValueOrDefault(configSection[nameof(options.RequireHttpsMetadata)], bool.Parse, options.RequireHttpsMetadata);
options.Resource = configSection[nameof(options.Resource)] ?? options.Resource;
options.ResponseMode = configSection[nameof(options.ResponseMode)] ?? options.ResponseMode;
options.ResponseType = configSection[nameof(options.ResponseType)] ?? options.ResponseType;
options.ReturnUrlParameter = configSection[nameof(options.ReturnUrlParameter)] ?? options.ReturnUrlParameter;
options.SaveTokens = StringHelpers.ParseValueOrDefault(configSection[nameof(options.SaveTokens)], bool.Parse, options.SaveTokens);
ClearAndSetListOption(options.Scope, configSection.GetSection(nameof(options.Scope)));
options.SignedOutCallbackPath = new PathString(configSection[nameof(options.SignedOutCallbackPath)] ?? options.SignedOutCallbackPath.Value);
options.SignedOutRedirectUri = configSection[nameof(options.SignedOutRedirectUri)] ?? options.SignedOutRedirectUri;
options.SignInScheme = configSection[nameof(options.SignInScheme)] ?? options.SignInScheme;
options.SignOutScheme = configSection[nameof(options.SignOutScheme)] ?? options.SignOutScheme;
options.SkipUnrecognizedRequests = StringHelpers.ParseValueOrDefault(configSection[nameof(options.SkipUnrecognizedRequests)], bool.Parse, options.SkipUnrecognizedRequests);
options.UsePkce = StringHelpers.ParseValueOrDefault(configSection[nameof(options.UsePkce)], bool.Parse, options.UsePkce);
options.UseTokenLifetime = StringHelpers.ParseValueOrDefault(configSection[nameof(options.UseTokenLifetime)], bool.Parse, options.UseTokenLifetime);
}
/// <inheritdoc />
public void Configure(string?name, JwtBearerOptions options)
{
if (string.IsNullOrEmpty(name))
{
return;
}
var configSection = _authenticationConfigurationProvider.GetSchemeConfiguration(name);
if (configSection is null || !configSection.GetChildren().Any())
{
return;
}
var issuer = configSection[nameof(TokenValidationParameters.ValidIssuer)];
var issuers = configSection.GetSection(nameof(TokenValidationParameters.ValidIssuers)).GetChildren().Select(iss => iss.Value).ToList();
if (issuer is not null)
{
issuers.Add(issuer);
}
var audience = configSection[nameof(TokenValidationParameters.ValidAudience)];
var audiences = configSection.GetSection(nameof(TokenValidationParameters.ValidAudiences)).GetChildren().Select(aud => aud.Value).ToList();
if (audience is not null)
{
audiences.Add(audience);
}
options.Authority = configSection[nameof(options.Authority)] ?? options.Authority;
options.BackchannelTimeout = StringHelpers.ParseValueOrDefault(configSection[nameof(options.BackchannelTimeout)], _invariantTimeSpanParse, options.BackchannelTimeout);
options.Challenge = configSection[nameof(options.Challenge)] ?? options.Challenge;
options.ForwardAuthenticate = configSection[nameof(options.ForwardAuthenticate)] ?? options.ForwardAuthenticate;
options.ForwardChallenge = configSection[nameof(options.ForwardChallenge)] ?? options.ForwardChallenge;
options.ForwardDefault = configSection[nameof(options.ForwardDefault)] ?? options.ForwardDefault;
options.ForwardForbid = configSection[nameof(options.ForwardForbid)] ?? options.ForwardForbid;
options.ForwardSignIn = configSection[nameof(options.ForwardSignIn)] ?? options.ForwardSignIn;
options.ForwardSignOut = configSection[nameof(options.ForwardSignOut)] ?? options.ForwardSignOut;
options.IncludeErrorDetails = StringHelpers.ParseValueOrDefault(configSection[nameof(options.IncludeErrorDetails)], bool.Parse, options.IncludeErrorDetails);
options.MapInboundClaims = StringHelpers.ParseValueOrDefault(configSection[nameof(options.MapInboundClaims)], bool.Parse, options.MapInboundClaims);
options.MetadataAddress = configSection[nameof(options.MetadataAddress)] ?? options.MetadataAddress;
options.RefreshInterval = StringHelpers.ParseValueOrDefault(configSection[nameof(options.RefreshInterval)], _invariantTimeSpanParse, options.RefreshInterval);
options.RefreshOnIssuerKeyNotFound = StringHelpers.ParseValueOrDefault(configSection[nameof(options.RefreshOnIssuerKeyNotFound)], bool.Parse, options.RefreshOnIssuerKeyNotFound);
options.RequireHttpsMetadata = StringHelpers.ParseValueOrDefault(configSection[nameof(options.RequireHttpsMetadata)], bool.Parse, options.RequireHttpsMetadata);
options.SaveToken = StringHelpers.ParseValueOrDefault(configSection[nameof(options.SaveToken)], bool.Parse, options.SaveToken);
options.TokenValidationParameters = new()
{
ValidateIssuer = issuers.Count > 0,
ValidIssuers = issuers,
ValidateAudience = audiences.Count > 0,
ValidAudiences = audiences,
ValidateIssuerSigningKey = true,
IssuerSigningKeys = GetIssuerSigningKeys(configSection, issuers),
};
}
