protected override async Task <AuthenticationTicket> AuthenticateCoreAsync() { // Bearer token authentication override if (Options.EnableBearerTokenAuth) { // Try to authenticate via bearer token auth if (Request.Headers.ContainsKey(Constants.BearerTokenHeader)) { var bearerAuthArr = Request.Headers[Constants.BearerTokenHeader].Trim().Split(new[] { ' ' }, 2); if ((bearerAuthArr.Length == 2) && bearerAuthArr[0].ToLowerInvariant() == "bearer") { try { var authResponse = new TokenResponse(bearerAuthArr[1], null, null); var kcIdentity = await KeycloakIdentity.ConvertFromTokenResponseAsync(Options, authResponse); var identity = await kcIdentity.ToClaimsIdentityAsync(); SignInAsAuthentication(identity, null, Options.SignInAsAuthenticationType); return(new AuthenticationTicket(identity, new AuthenticationProperties())); } catch (Exception) { // ignored } } } // If bearer token auth is forced, skip standard auth if (Options.ForceBearerTokenAuth) { return(null); } } return(null); }
public static async Task <ClaimsIdentity> GetKeycloakIdentityAsync(string username, string password) { if (Options == null) { throw new ArgumentNullException("options"); } if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password)) { throw new InvalidCredentialException("username or password is empty."); } var uriManager = await OidcDataManager.GetCachedContextAsync(Options); var response = SendHttpPostRequest(uriManager.GetTokenEndpoint(), uriManager.BuildROPCAccessTokenEndpointContent(username, password)); var result = await response.Content.ReadAsStringAsync(); var tokenrespones = new TokenResponse(result); var claimidentity = await KeycloakIdentity.ConvertFromTokenResponseAsync(Options, tokenrespones); var identity = await claimidentity.ToClaimsIdentityAsync(); return(new ClaimsIdentity(identity.Claims, Options.SignInAsAuthenticationSchema, identity.NameClaimType, identity.RoleClaimType)); }