private async Task<ID2LPrincipal> AuthenticateHelper( string cookie, string xsrfToken, string bearerToken, AuthenticationMode authMode ) { bool cookieExists = !string.IsNullOrEmpty( cookie ); bool bearerTokenExists = !string.IsNullOrEmpty( bearerToken ); if( !cookieExists && !bearerTokenExists ) { return ANONYMOUS_PRINCIPAL; } string token = bearerTokenExists ? bearerToken : cookie; IAccessToken accessToken = await m_accessTokenValidator .ValidateAsync( token ) .SafeAsync(); // TODO .. we should consider doing the xsrf check without validating the jwt bool isXsrfSafe = IsXsrfSafe( cookie, xsrfToken, accessToken, authMode ); if( !isXsrfSafe ) { throw new XsrfException( "Request is lacking XSRF protection" ); } ID2LPrincipal principal = new D2LPrincipal( accessToken ); return principal; }
private async Task<ID2LPrincipal> AuthenticateHelper( string bearerToken ) { if( string.IsNullOrEmpty( bearerToken ) ) { return ANONYMOUS_PRINCIPAL; } IAccessToken accessToken = await m_accessTokenValidator .ValidateAsync( bearerToken ) .SafeAsync(); ID2LPrincipal principal = new D2LPrincipal( accessToken ); return principal; }