public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { string clientId; string clientSecret; //first try to get the client details from the Authorization Basic header if (!context.TryGetBasicCredentials(out clientId, out clientSecret)) { //no details in the Authorization Header so try to find matching post values context.TryGetFormCredentials(out clientId, out clientSecret); } if (string.IsNullOrWhiteSpace(clientId) || string.IsNullOrWhiteSpace(clientSecret)) { context.SetError("client_not_authorized", "invalid client details"); return Task.FromResult<object>(null); } var dataLayer = new RepoManager(new DataLayerDapper()).DataLayer; var audienceDto = dataLayer.GetAudience(clientId); if (audienceDto == null || !clientSecret.Equals(audienceDto.Secret)) { context.SetError("unauthorized_client", "unauthorized client"); return Task.FromResult<object>(null); } context.Validated(); return Task.FromResult<object>(null); }
public void ConfigureOAuth(IAppBuilder app) { var audiences = new RepoManager(new DataLayerDapper()).DataLayer.GetAll(); var jwtAudiences = new List<string>(); var tokenProviders = new List<IIssuerSecurityTokenProvider>(); var issuer = ConfigurationHelper.GetAppSetting("TokenIssuer"); foreach (var audienceTemp in audiences) { jwtAudiences.Add(audienceTemp.ClientId); tokenProviders.Add(new SymmetricKeyIssuerSecurityTokenProvider(issuer, TextEncodings.Base64Url.Decode(audienceTemp.Secret))); } app.UseJwtBearerAuthentication( new JwtBearerAuthenticationOptions { AuthenticationMode = AuthenticationMode.Active, AllowedAudiences = jwtAudiences, IssuerSecurityTokenProviders = tokenProviders }); }