public static AuthenticationBuilder AddKeycloakAuth(this AuthenticationBuilder builder, KeycloakAuthenticationOptions configOptions)
{
return(builder.AddJwtBearer(o =>
{
o.Authority = configOptions.Authority;
o.Audience = configOptions.Audience;
o.RequireHttpsMetadata = false;
o.IncludeErrorDetails = true;
o.Events = new JwtBearerEvents()
{
OnAuthenticationFailed = context =>
{
var env = context.HttpContext.RequestServices.GetRequiredService <IWebHostEnvironment>();
context.NoResult();
context.Response.StatusCode = 500;
context.Response.ContentType = "text/plain";
if (env.IsDevelopment())
{
return context.Response.WriteAsync(context.Exception.ToString());
}
return context.Response.WriteAsync("An error occured processing your authentication.");
},
OnTokenValidated = context =>
{
var principal = context.Principal;
var db = context.HttpContext.RequestServices.GetRequiredService <IAuthorizationRepo>();
var dbUser = db.GetUser(principal.FindFirstValue("idir_guid"));
if (dbUser == null)
{
// create user here
var newUser = new TraUser();
newUser.Username = principal.FindFirstValue("preferred_username");
var dir = principal.FindFirstValue("preferred_username").Split("@");
if (dir.Count() > 1)
{
newUser.Directory = dir[1];
}
else
{
newUser.Directory = "";
}
newUser.RoleId = db.GetRole("USER").RoleId;
newUser.Email = principal.FindFirstValue(ClaimTypes.Email);
var fullName = principal.FindFirstValue("idir_displayName").Split(",");
newUser.Lname = fullName[0];
var firstName = fullName[1].TrimStart();
newUser.Fname = firstName.Remove(firstName.LastIndexOf(" "));
newUser.Description = "Hello, I'm new to TransAction";
newUser.Guid = principal.FindFirstValue("idir_guid");
newUser.RegionId = db.GetRegion("HQ").RegionId;
newUser.IsFreeAgent = false;
db.CreateUser(newUser);
if (!db.Save())
{
context.NoResult();
context.Response.StatusCode = 500;
context.Response.ContentType = "text/plain";
return context.Response.WriteAsync("Unable to create new user in the database");
}
}
else
{
List <Claim> claims = new List <Claim>();
switch (dbUser.Role.Name.ToLower())
{
case "admin":
claims.Add(new Claim(AuthorizationTypes.TRA_CLAIM_TYPE, AuthorizationTypes.ADMIN_CLAIM));
break;
default:
claims.Add(new Claim(AuthorizationTypes.TRA_CLAIM_TYPE, AuthorizationTypes.LOGIN_CLAIM));
break;
}
var appIdentity = new ClaimsIdentity(claims);
principal.AddIdentity(appIdentity);
}
return Task.CompletedTask;
}
};
}));
}
public static AuthenticationBuilder AddKeycloakAuth(this AuthenticationBuilder builder, KeycloakAuthenticationOptions configOptions)
{
return(builder.AddJwtBearer(o =>
{
o.Authority = configOptions.Authority;
o.Audience = configOptions.Audience;
o.RequireHttpsMetadata = false;
o.IncludeErrorDetails = true;
o.TokenValidationParameters = new TokenValidationParameters()
{
ValidateAudience = false,
ValidateIssuerSigningKey = true,
ValidateIssuer = true,
ValidIssuer = configOptions.Authority,
ValidateLifetime = true
};
o.Events = new JwtBearerEvents()
{
OnAuthenticationFailed = context =>
{
IHostingEnvironment env = context.HttpContext.RequestServices.GetRequiredService <IHostingEnvironment>();
context.NoResult();
context.Response.StatusCode = 500;
context.Response.ContentType = "text/plain";
if (env.IsDevelopment())
{
return context.Response.WriteAsync(context.Exception.ToString());
}
return context.Response.WriteAsync("An error occured processing your authentication.");
},
OnTokenValidated = context =>
{
var principal = context.Principal;
var db = context.HttpContext.RequestServices.GetRequiredService <IAuthorizationRepo>();
var dbUser = db.GetUser(principal.FindFirstValue("preferred_username"));
if (dbUser == null)
{
// create user here
}
else
{
//
// TODO handle user create exceptions
//
List <Claim> claims = new List <Claim>();
switch (dbUser.Role.Name)
{
case "teamlead":
claims.Add(new Claim(AuthorizationTypes.TRA_CLAIM_TYPE, AuthorizationTypes.EDIT_TEAM_CLAIM));
break;
case "admin":
claims.Add(new Claim(AuthorizationTypes.TRA_CLAIM_TYPE, AuthorizationTypes.EDIT_TEAM_CLAIM));
claims.Add(new Claim(AuthorizationTypes.TRA_CLAIM_TYPE, AuthorizationTypes.ADMIN_CLAIM));
break;
default:
claims.Add(new Claim(AuthorizationTypes.TRA_CLAIM_TYPE, AuthorizationTypes.LOGIN_CLAIM));
break;
}
if (dbUser.Team != null)
{
claims.Add(new Claim(AuthorizationTypes.TEAM_ID_CLAIM, dbUser.Team.TeamId.ToString()));
}
claims.Add(new Claim(AuthorizationTypes.USER_ID_CLAIM, dbUser.UserId.ToString()));
var appIdentity = new ClaimsIdentity(claims);
principal.AddIdentity(appIdentity);
}
return Task.CompletedTask;
}
};
}));
}
