public AuthMiddleware( // ReSharper disable once UnusedParameter.Local RequestDelegate requestDelegate, // Required by ASP.NET IConfigurationManager <OpenIdConnectConfiguration> openIdCfgMan, IClientAuthConfig config, ILogger log) { this.requestDelegate = requestDelegate; this.openIdCfgMan = openIdCfgMan; this.config = config; this.log = log; this.authRequired = config.AuthRequired; // This will show in development mode, or in case auth is turned off if (!this.authRequired) { this.log.Warn("### AUTHENTICATION IS DISABLED! ###", () => { }); this.log.Warn("### AUTHENTICATION IS DISABLED! ###", () => { }); this.log.Warn("### AUTHENTICATION IS DISABLED! ###", () => { }); } else { this.log.Info("Auth config", () => new { this.config.AuthType, this.config.JwtIssuer, this.config.JwtAudience, this.config.JwtAllowedAlgos, this.config.JwtClockSkew }); this.tokenValidationParams = new TokenValidationParameters { // Validate the token signature RequireSignedTokens = true, ValidateIssuerSigningKey = true, IssuerSigningKeys = this.GetSigningKeys(), // Validate the token issuer ValidateIssuer = true, ValidIssuer = this.config.JwtIssuer, // Validate the token audience ValidateAudience = true, ValidAudience = this.config.JwtAudience, // Validate token lifetime ValidateLifetime = true, ClockSkew = this.config.JwtClockSkew }; } // TODO ~devis: this is a temporary solution for public preview only // TODO ~devis: remove this approach and use the service to service authentication // https://github.com/Azure/pcs-auth-dotnet/issues/18 // https://github.com/Azure/azure-iot-pcs-remote-monitoring-dotnet/issues/11 this.log.Warn("### Service to service authentication is not available in public preview ###", () => { }); this.log.Warn("### Service to service authentication is not available in public preview ###", () => { }); this.log.Warn("### Service to service authentication is not available in public preview ###", () => { }); }
public CorsSetup( IClientAuthConfig config, ILogger logger) { this.config = config; this.log = logger; }
public Config(IConfigData configData) { this.Port = configData.GetInt(PORT_KEY); this.ServicesConfig = new ServicesConfig { StorageAdapterApiUrl = configData.GetString(STORAGE_ADAPTER_URL_KEY), DeviceSimulationApiUrl = configData.GetString(DEVICE_SIMULATION_URL_KEY), TelemetryApiUrl = configData.GetString(TELEMETRY_URL_KEY), SeedTemplate = configData.GetString(SEED_TEMPLATE_KEY), AzureMapsKey = configData.GetString(AZURE_MAPS_KEY) }; this.ClientAuthConfig = new ClientAuthConfig { // By default CORS is disabled CorsWhitelist = configData.GetString(CORS_WHITELIST_KEY, string.Empty), // By default Auth is required AuthRequired = configData.GetBool(AUTH_REQUIRED_KEY, true), // By default auth type is JWT AuthType = configData.GetString(AUTH_TYPE_KEY, "JWT"), // By default the only trusted algorithms are RS256, RS384, RS512 JwtAllowedAlgos = configData.GetString(JWT_ALGOS_KEY, "RS256,RS384,RS512").Split(','), JwtIssuer = configData.GetString(JWT_ISSUER_KEY), JwtAudience = configData.GetString(JWT_AUDIENCE_KEY), // By default the allowed clock skew is 2 minutes JwtClockSkew = TimeSpan.FromSeconds(configData.GetInt(JWT_CLOCK_SKEW_KEY, 120)), }; }
public Config(IConfigData configData) { this.Port = configData.GetInt(PORT_KEY); this.ServicesConfig = new ServicesConfig { JwtUserIdFrom = configData.GetString(JWT_USER_ID_FROM_KEY, "oid").Split(','), JwtNameFrom = configData.GetString(JWT_NAME_FROM_KEY, "given_name,family_name").Split(','), JwtEmailFrom = configData.GetString(JWT_EMAIL_FROM_KEY, "email").Split(','), JwtRolesFrom = configData.GetString(JWT_ROLES_FROM_KEY, "roles"), PoliciesFolder = MapRelativePath(configData.GetString(POLICIES_FOLDER_KEY)), AadEndpointUrl = configData.GetString(AAD_ENDPOINT_URL, DEFAULT_AAD_ENDPOINT_URL), AadTenantId = configData.GetString(AAD_TENANT_ID, String.Empty), AadApplicationId = configData.GetString(AAD_APPLICATION_ID, String.Empty), AadApplicationSecret = configData.GetString(AAD_APPLICATION_SECRET, String.Empty), ArmEndpointUrl = configData.GetString(ARM_ENDPOINT_URL, DEFAULT_ARM_ENDPOINT_URL), }; this.ClientAuthConfig = new ClientAuthConfig { // By default CORS is disabled CorsWhitelist = configData.GetString(CORS_WHITELIST_KEY, string.Empty), // By default Auth is required AuthRequired = configData.GetBool(AUTH_REQUIRED_KEY, true), // By default auth type is JWT AuthType = configData.GetString(AUTH_TYPE_KEY, "JWT"), // By default the only trusted algorithms are RS256, RS384, RS512 JwtAllowedAlgos = configData.GetString(JWT_ALGOS_KEY, "RS256,RS384,RS512").Split(','), JwtIssuer = configData.GetString(JWT_ISSUER_KEY, String.Empty), JwtAudience = configData.GetString(JWT_AUDIENCE_KEY, String.Empty), // By default the allowed clock skew is 2 minutes JwtClockSkew = TimeSpan.FromSeconds(configData.GetInt(JWT_CLOCK_SKEW_KEY, 120)), }; }
public Config(IConfigData configData) { this.Port = configData.GetInt(PORT_KEY); this.ServicesConfig = new ServicesConfig { MessagesConfig = new StorageConfig( configData.GetString(MESSAGES_DB_DATABASE_KEY), configData.GetString(MESSAGES_DB_COLLECTION_KEY)), AlarmsConfig = new StorageConfig( configData.GetString(ALARMS_DB_DATABASE_KEY), configData.GetString(ALARMS_DB_COLLECTION_KEY)), StorageType = configData.GetString(STORAGE_TYPE_KEY), DocumentDbConnString = configData.GetString(DOCUMENTDB_CONNSTRING_KEY), DocumentDbThroughput = configData.GetInt(DOCUMENTDB_RUS_KEY), StorageAdapterApiUrl = configData.GetString(STORAGE_ADAPTER_API_URL_KEY), StorageAdapterApiTimeout = configData.GetInt(STORAGE_ADAPTER_API_TIMEOUT_KEY) }; this.ClientAuthConfig = new ClientAuthConfig { // By default CORS is disabled CorsWhitelist = configData.GetString(CORS_WHITELIST_KEY, string.Empty), // By default Auth is required AuthRequired = configData.GetBool(AUTH_REQUIRED_KEY, true), // By default auth type is JWT AuthType = configData.GetString(AUTH_TYPE_KEY, "JWT"), // By default the only trusted algorithms are RS256, RS384, RS512 JwtAllowedAlgos = configData.GetString(JWT_ALGOS_KEY, "RS256,RS384,RS512").Split(','), JwtIssuer = configData.GetString(JWT_ISSUER_KEY, String.Empty), JwtAudience = configData.GetString(JWT_AUDIENCE_KEY, String.Empty), // By default the allowed clock skew is 2 minutes JwtClockSkew = TimeSpan.FromSeconds(configData.GetInt(JWT_CLOCK_SKEW_KEY, 120)), }; }
public Config(IConfigData configData) { this.Port = configData.GetInt(PORT_KEY); this.ServicesConfig = new ServicesConfig { JwtUserIdFrom = configData.GetString(JWT_USER_ID_FROM_KEY, "email").Split(','), JwtNameFrom = configData.GetString(JWT_NAME_FROM_KEY, "email").Split(','), JwtEmailFrom = configData.GetString(JWT_EMAIL_FROM_KEY, "email").Split(',') }; this.ClientAuthConfig = new ClientAuthConfig { // By default CORS is disabled CorsWhitelist = configData.GetString(CORS_WHITELIST_KEY, string.Empty), // By default Auth is required AuthRequired = configData.GetBool(AUTH_REQUIRED_KEY, true), // By default auth type is JWT AuthType = configData.GetString(AUTH_TYPE_KEY, "JWT"), // By default the only trusted algorithms are RS256, RS384, RS512 JwtAllowedAlgos = configData.GetString(JWT_ALGOS_KEY, "RS256,RS384,RS512").Split(','), JwtIssuer = configData.GetString(JWT_ISSUER_KEY, String.Empty), JwtAudience = configData.GetString(JWT_AUDIENCE_KEY, String.Empty), // By default the allowed clock skew is 2 minutes JwtClockSkew = TimeSpan.FromSeconds(configData.GetInt(JWT_CLOCK_SKEW_KEY, 120)), }; }
/// <summary> /// Create device code provider with callback /// </summary> /// <param name="config"></param> /// <param name="logger"></param> protected MsalPublicClientBase(IClientAuthConfig config, ILogger logger) { _logger = logger ?? throw new ArgumentNullException(nameof(logger)); _config = config?.Query(AuthProvider.AzureAD) .Select(config => (config, CreatePublicClientApplication(config))) .ToList(); }
/// <summary> /// Create auth provider. Need to also inject the http context accessor /// to be able to get at the http context here. /// </summary> /// <param name="ctx"></param> /// <param name="cache"></param> /// <param name="schemes"></param> /// <param name="config"></param> /// <param name="logger"></param> public MsalUserTokenClient(IHttpContextAccessor ctx, ICache cache, IAuthenticationSchemeProvider schemes, IClientAuthConfig config, ILogger logger) { _schemes = schemes ?? throw new ArgumentNullException(nameof(schemes)); _ctx = ctx ?? throw new ArgumentNullException(nameof(ctx)); _cache = cache ?? throw new ArgumentNullException(nameof(cache)); _logger = logger ?? throw new ArgumentNullException(nameof(logger)); _config = config ?? throw new ArgumentNullException(nameof(config)); }
/// <inheritdoc/> public MsiAuthenticationClient(IClientAuthConfig config, ILogger logger) : base(logger) { _config = config?.Providers? .Where(c => c.Provider == AuthProvider.Msi) .Where(c => !string.IsNullOrEmpty(c.ClientId)) .Select(CreateProvider) .ToList(); }
public Config(IConfigData configData) { this.Port = configData.GetInt(PORT_KEY); this.ServicesConfig = new ServicesConfig { MessagesConfig = new StorageConfig( configData.GetString(MESSAGES_DB_DATABASE_KEY), configData.GetString(MESSAGES_DB_COLLECTION_KEY)), AlarmsConfig = new AlarmsConfig( configData.GetString(ALARMS_DB_DATABASE_KEY), configData.GetString(ALARMS_DB_COLLECTION_KEY), configData.GetInt(ALARMS_DB_MAX_DELETE_RETRIES)), StorageType = configData.GetString(MESSAGES_STORAGE_TYPE), CosmosDbConnString = configData.GetString(COSMOSDB_CONNSTRING_KEY), CosmosDbThroughput = configData.GetInt(COSMOSDB_RUS_KEY), StorageAdapterApiUrl = configData.GetString(STORAGE_ADAPTER_API_URL_KEY), StorageAdapterApiTimeout = configData.GetInt(STORAGE_ADAPTER_API_TIMEOUT_KEY), UserManagementApiUrl = configData.GetString(USER_MANAGEMENT_URL_KEY), TimeSeriesFqdn = configData.GetString(TIME_SERIES_FQDN), TimeSeriesAuthority = configData.GetString(TIME_SERIES_AUTHORITY), TimeSeriesAudience = configData.GetString(TIME_SERIES_AUDIENCE), TimeSeriesExplorerUrl = configData.GetString(TIME_SERIES_EXPLORER_URL), TimeSertiesApiVersion = configData.GetString(TIME_SERIES_API_VERSION), TimeSeriesTimeout = configData.GetString(TIME_SERIES_TIMEOUT), ActiveDirectoryTenant = configData.GetString(AAD_TENANT), ActiveDirectoryAppId = configData.GetString(AAD_APP_ID), ActiveDirectoryAppSecret = configData.GetString(AAD_APP_SECRET), DiagnosticsApiUrl = configData.GetString(DIAGNOSTICS_URL_KEY), DiagnosticsMaxLogRetries = configData.GetInt(DIAGNOSTICS_MAX_LOG_RETRIES), ActionsEventHubConnectionString = configData.GetString(ACTIONS_EVENTHUB_CONNSTRING), ActionsEventHubName = configData.GetString(ACTIONS_EVENTHUB_NAME), LogicAppEndpointUrl = configData.GetString(ACTIONS_LOGICAPP_ENDPOINTURL), BlobStorageConnectionString = configData.GetString(ACTIONS_AZUREBLOB_CONNSTRING), ActionsBlobStorageContainer = configData.GetString(ACTIONS_AZUREBLOB_CONTAINER), SolutionUrl = configData.GetString(SOLUTION_URL), TemplateFolder = AppContext.BaseDirectory + Path.DirectorySeparatorChar + configData.GetString(TEMPLATE_FOLDER) }; this.ClientAuthConfig = new ClientAuthConfig { // By default CORS is disabled CorsWhitelist = configData.GetString(CORS_WHITELIST_KEY, string.Empty), // By default Auth is required AuthRequired = configData.GetBool(AUTH_REQUIRED_KEY, true), // By default auth type is JWT AuthType = configData.GetString(AUTH_TYPE_KEY, "JWT"), // By default the only trusted algorithms are RS256, RS384, RS512 JwtAllowedAlgos = configData.GetString(JWT_ALGOS_KEY, "RS256,RS384,RS512").Split(','), JwtIssuer = configData.GetString(JWT_ISSUER_KEY, String.Empty), JwtAudience = configData.GetString(JWT_AUDIENCE_KEY, String.Empty), // By default the allowed clock skew is 2 minutes JwtClockSkew = TimeSpan.FromSeconds(configData.GetInt(JWT_CLOCK_SKEW_KEY, 120)), // By default the time to live for the OpenId connect token is 7 days OpenIdTimeToLive = TimeSpan.FromDays(configData.GetInt(OPEN_ID_TTL_KEY, 7)) }; }
/// <inheritdoc/> public DevAuthenticationClient(IClientAuthConfig config, ILogger logger) : base(logger) { _config = config?.Providers? .Where(c => c.Provider == AuthProvider.Msi || c.Provider == AuthProvider.AzureAD) .Where(c => c.Audience != null && Regex.IsMatch(c.Audience, @"^[0-9a-zA-Z-.:/]+$")) .SelectMany(CreateProvider) .ToList(); }
/// <inheritdoc/> public MsiAuthenticationClient(IClientAuthConfig config, ILogger logger) : base(logger) { _config = config?.Providers? .Where(c => c.Provider == AuthProvider.Msi) .Where(c => !string.IsNullOrEmpty(c.ClientId)) .Select(c => CreateProvider(c, logger)) .ToList(); if (!_config.Any()) { logger.Information("No managed service identity configured for this service."); } }
/// <summary> /// Create token provider /// </summary> /// <param name="clock"></param> /// <param name="config"></param> /// <param name="oidc"></param> /// <param name="schemes"></param> /// <param name="ctx"></param> /// <param name="logger"></param> public OpenIdUserTokenClient(IClientAuthConfig config, IHttpContextAccessor ctx, IOptionsMonitor <OpenIdConnectOptions> oidc, IAuthenticationSchemeProvider schemes, ISystemClock clock, ILogger logger) { _clock = clock ?? throw new ArgumentNullException(nameof(clock)); _oidc = oidc ?? throw new ArgumentNullException(nameof(oidc)); _schemes = schemes ?? throw new ArgumentNullException(nameof(schemes)); _ctx = ctx ?? throw new ArgumentNullException(nameof(ctx)); _logger = logger ?? throw new ArgumentNullException(nameof(logger)); _config = config ?? throw new ArgumentNullException(nameof(config)); Http = new HttpClientFactory(logger.ForContext <HttpClientFactory>()); }
public Config(IConfigData configData) { this.Port = configData.GetInt(PORT_KEY); var connstring = configData.GetString(IOTHUB_CONNSTRING_KEY); if (connstring.ToLowerInvariant().Contains("your azure iot hub")) { // In order to connect to Azure IoT Hub, the service requires a connection // string. The value can be found in the Azure Portal. For more information see // https://docs.microsoft.com/azure/iot-hub/iot-hub-csharp-csharp-getstarted // to find the connection string value. // The connection string can be stored in the 'appsettings.ini' configuration // file, or in the PCS_IOTHUB_CONNSTRING environment variable. When // working with VisualStudio, the environment variable can be set in the // WebService project settings, under the "Debug" tab. throw new Exception("The service configuration is incomplete. " + "Please provide your Azure IoT Hub connection string. " + "For more information, see the environment variables " + "used in project properties and the 'iothub_connstring' " + "value in the 'appsettings.ini' configuration file."); } this.ServicesConfig = new ServicesConfig { IoTHubConnString = configData.GetString(IOTHUB_CONNSTRING_KEY), DevicePropertiesWhiteList = configData.GetString(DEVICE_PROPERTIES_WHITELIST_KEY), DevicePropertiesTTL = configData.GetInt(DEVICE_PROPERTIES_TTL_KEY), DevicePropertiesRebuildTimeout = configData.GetInt(DEVICE_PROPERTIES_REBUILD_TIMEOUT_KEY), StorageAdapterApiUrl = configData.GetString(STORAGE_ADAPTER_URL_KEY), UserManagementApiUrl = configData.GetString(USER_MANAGEMENT_URL_KEY) }; this.ClientAuthConfig = new ClientAuthConfig { // By default CORS is disabled CorsWhitelist = configData.GetString(CORS_WHITELIST_KEY, string.Empty), // By default Auth is required AuthRequired = configData.GetBool(AUTH_REQUIRED_KEY, true), // By default auth type is JWT AuthType = configData.GetString(AUTH_TYPE_KEY, "JWT"), // By default the only trusted algorithms are RS256, RS384, RS512 JwtAllowedAlgos = configData.GetString(JWT_ALGOS_KEY, "RS256,RS384,RS512").Split(','), JwtIssuer = configData.GetString(JWT_ISSUER_KEY), JwtAudience = configData.GetString(JWT_AUDIENCE_KEY), // By default the allowed clock skew is 2 minutes JwtClockSkew = TimeSpan.FromSeconds(configData.GetInt(JWT_CLOCK_SKEW_KEY, 120)), // By default the time to live for the OpenId connect token is 7 days OpenIdTimeToLive = TimeSpan.FromDays(configData.GetInt(OPEN_ID_TTL_KEY, 7)) }; }
public Config(IConfigData configData) { this.Port = configData.GetInt(PORT_KEY); this.ServicesConfig = new ServicesConfig { MessagesConfig = new StorageConfig( configData.GetString(MESSAGES_DB_DATABASE_KEY), configData.GetString(MESSAGES_DB_COLLECTION_KEY)), AlarmsConfig = new AlarmsConfig( configData.GetString(ALARMS_DB_DATABASE_KEY), configData.GetString(ALARMS_DB_COLLECTION_KEY), configData.GetInt(ALARMS_DB_MAX_DELETE_RETRIES)), StorageType = configData.GetString(MESSAGES_STORAGE_TYPE), CosmosDbConnString = configData.GetString(COSMOSDB_CONNSTRING_KEY), CosmosDbThroughput = configData.GetInt(COSMOSDB_RUS_KEY), StorageAdapterApiUrl = configData.GetString(STORAGE_ADAPTER_API_URL_KEY), StorageAdapterApiTimeout = configData.GetInt(STORAGE_ADAPTER_API_TIMEOUT_KEY), UserManagementApiUrl = configData.GetString(USER_MANAGEMENT_URL_KEY), TimeSeriesFqdn = configData.GetString(TIME_SERIES_FQDN), TimeSeriesAuthority = configData.GetString(TIME_SERIES_AUTHORITY), TimeSeriesAudience = configData.GetString(TIME_SERIES_AUDIENCE), TimeSeriesExplorerUrl = configData.GetString(TIME_SERIES_EXPLORER_URL), TimeSertiesApiVersion = configData.GetString(TIME_SERIES_API_VERSION), TimeSeriesTimeout = configData.GetString(TIME_SERIES_TIMEOUT), ActiveDirectoryTenant = configData.GetString(AAD_TENANT), ActiveDirectoryAppId = configData.GetString(AAD_APP_ID), ActiveDirectoryAppSecret = configData.GetString(AAD_APP_SECRET), DiagnosticsApiUrl = configData.GetString(DIAGNOSTICS_URL_KEY), DiagnosticsMaxLogRetries = configData.GetInt(DIAGNOSTICS_MAX_LOG_RETRIES) }; this.ClientAuthConfig = new ClientAuthConfig { // By default CORS is disabled CorsWhitelist = configData.GetString(CORS_WHITELIST_KEY, string.Empty), // By default Auth is required AuthRequired = configData.GetBool(AUTH_REQUIRED_KEY, true), // By default auth type is JWT AuthType = configData.GetString(AUTH_TYPE_KEY, "JWT"), // By default the only trusted algorithms are RS256, RS384, RS512 JwtAllowedAlgos = configData.GetString(JWT_ALGOS_KEY, "RS256,RS384,RS512").Split(','), JwtIssuer = configData.GetString(JWT_ISSUER_KEY, String.Empty), JwtAudience = configData.GetString(JWT_AUDIENCE_KEY, String.Empty), // By default the allowed clock skew is 2 minutes JwtClockSkew = TimeSpan.FromSeconds(configData.GetInt(JWT_CLOCK_SKEW_KEY, 120)), }; }
public AuthMiddleware( // ReSharper disable once UnusedParameter.Local RequestDelegate requestDelegate, // Required by ASP.NET IConfigurationManager <OpenIdConnectConfiguration> openIdCfgMan, IClientAuthConfig config, IUserManagementClient userManagementClient, ILogger log) { this.requestDelegate = requestDelegate; this.openIdCfgMan = openIdCfgMan; this.config = config; this.log = log; this.authRequired = config.AuthRequired; this.tokenValidationInitialized = false; this.tokenValidationExpiration = DateTime.UtcNow; this.userManagementClient = userManagementClient; // This will show in development mode, or in case auth is turned off if (!this.authRequired) { this.log.Warn("### AUTHENTICATION IS DISABLED! ###", () => { }); this.log.Warn("### AUTHENTICATION IS DISABLED! ###", () => { }); this.log.Warn("### AUTHENTICATION IS DISABLED! ###", () => { }); } else { this.log.Info("Auth config", () => new { this.config.AuthType, this.config.JwtIssuer, this.config.JwtAudience, this.config.JwtAllowedAlgos, this.config.JwtClockSkew, this.config.OpenIdTimeToLive }); this.InitializeTokenValidationAsync(CancellationToken.None).Wait(); } // TODO ~devis: this is a temporary solution for public preview only // TODO ~devis: remove this approach and use the service to service authentication // https://github.com/Azure/pcs-auth-dotnet/issues/18 // https://github.com/Azure/azure-iot-pcs-remote-monitoring-dotnet/issues/11 this.log.Warn("### Service to service authentication is not available in public preview ###", () => { }); this.log.Warn("### Service to service authentication is not available in public preview ###", () => { }); this.log.Warn("### Service to service authentication is not available in public preview ###", () => { }); }
public Config(IConfigData configData) { this.Port = configData.GetInt(PORT_KEY); this.ServicesConfig = new ServicesConfig { StorageAdapterApiUrl = configData.GetString(STORAGE_ADAPTER_URL_KEY), DeviceSimulationApiUrl = configData.GetString(DEVICE_SIMULATION_URL_KEY), TelemetryApiUrl = configData.GetString(TELEMETRY_URL_KEY), SolutionType = configData.GetString(SOLUTION_TYPE_KEY), SeedTemplate = configData.GetString(SEED_TEMPLATE_KEY), AzureMapsKey = configData.GetString(AZURE_MAPS_KEY), UserManagementApiUrl = configData.GetString(USER_MANAGEMENT_URL_KEY), Office365LogicAppUrl = configData.GetString(OFFICE365_LOGIC_APP_URL_KEY), ResourceGroup = configData.GetString(RESOURCE_GROUP_KEY), SubscriptionId = configData.GetString(SUBSCRIPTION_ID_KEY), ManagementApiVersion = configData.GetString(MANAGEMENT_API_VERSION_KEY), ArmEndpointUrl = configData.GetString(ARM_ENDPOINT_URL_KEY) }; this.ClientAuthConfig = new ClientAuthConfig { // By default CORS is disabled CorsWhitelist = configData.GetString(CORS_WHITELIST_KEY, string.Empty), // By default Auth is required AuthRequired = configData.GetBool(AUTH_REQUIRED_KEY, true), // By default auth type is JWT AuthType = configData.GetString(AUTH_TYPE_KEY, "JWT"), // By default the only trusted algorithms are RS256, RS384, RS512 JwtAllowedAlgos = configData.GetString(JWT_ALGOS_KEY, "RS256,RS384,RS512").Split(','), JwtIssuer = configData.GetString(JWT_ISSUER_KEY), JwtAudience = configData.GetString(JWT_AUDIENCE_KEY), // By default the allowed clock skew is 2 minutes JwtClockSkew = TimeSpan.FromSeconds(configData.GetInt(JWT_CLOCK_SKEW_KEY, 120)), // By default the time to live for the OpenId connect token is 7 days OpenIdTimeToLive = TimeSpan.FromDays(configData.GetInt(OPEN_ID_TTL_KEY, 7)) }; }
/// <summary> /// Create interactive token provider with callback /// </summary> /// <param name="config"></param> /// <param name="logger"></param> public MsalInteractiveClient(IClientAuthConfig config, ILogger logger) : base(config, logger) { }
/// <summary> /// Create console output device code based token provider /// </summary> /// <param name="config"></param> /// <param name="logger"></param> public ClientCredentialClient(IClientAuthConfig config, ILogger logger) { _logger = logger ?? throw new ArgumentNullException(nameof(logger)); _config = config ?? throw new ArgumentNullException(nameof(config)); Http = new HttpClientFactory(logger.ForContext <HttpClientFactory>()); }
/// <summary> /// Create auth provider. Need to also inject the http context accessor /// to be able to get at the http context here. /// </summary> /// <param name="ctx"></param> /// <param name="config"></param> public PassThroughBearerToken(IHttpContextAccessor ctx, IClientAuthConfig config = null) { _providers = config?.Providers?.Select(s => s.Provider).Distinct().ToList(); _ctx = ctx ?? throw new ArgumentNullException(nameof(ctx)); }
/// <summary> /// Create console output device code based token provider /// </summary> /// <param name="config"></param> /// <param name="logger"></param> public MsalDeviceCodeClient(IClientAuthConfig config, ILogger logger) : this(new ConsolePrompt(), config, logger) { }
/// <summary> /// Create device code provider with callback /// </summary> /// <param name="prompt"></param> /// <param name="config"></param> /// <param name="logger"></param> public MsalDeviceCodeClient(IDeviceCodePrompt prompt, IClientAuthConfig config, ILogger logger) : base(config, logger) { _prompt = prompt ?? throw new ArgumentNullException(nameof(prompt)); }