private string createAccessToken(CTWhoami whoami, List <string> scopes, FunctionContext <dynamic> fc) { RsaSecurityKey rsaKey = new RsaSecurityKey(this.privateRSAKey); rsaKey.KeyId = this.keyId; var signingCredentials = new SigningCredentials(rsaKey, SecurityAlgorithms.RsaSha256) { CryptoProviderFactory = new CryptoProviderFactory { CacheSignatureProviders = false } }; var now = DateTime.Now; var unixTimeSeconds = new DateTimeOffset(now).ToUnixTimeSeconds(); var claims = BuildClaims(whoami, unixTimeSeconds.ToString(), scopes); var jwt = new JwtSecurityToken( audience: "ct.test.", issuer: "CT_IDP", claims: claims, notBefore: now, expires: now.AddSeconds(JWTService.Expires_In_AccessToken), signingCredentials: signingCredentials ); return(new JwtSecurityTokenHandler().WriteToken(jwt)); }
public async Task <Tokens> BuildJWTToken(CTWhoami whoami, List <string> scopes, FunctionContext <dynamic> fc) { await checkKeys(fc); string idToken = createIDToken(whoami, scopes, fc); string accessToken = createAccessToken(whoami, scopes, fc); string refreshToken = createRefreshToken(fc, accessToken); return(Tokens.BuildTokens(idToken, accessToken, refreshToken, JWTService.Expires_In_AccessToken)); }
public Task <Tokens> CreateNewTokenFromAccessToken(FunctionContext <dynamic> fc, string accessToken) { JwtSecurityTokenHandler jsth = new JwtSecurityTokenHandler(); JwtSecurityToken token = jsth.ReadJwtToken(accessToken); CTWhoami cTWhoami = new CTWhoami(); cTWhoami.firstName = token.Claims.First(claim => claim.Type == "firstname").Value; cTWhoami.lastName = token.Claims.First(claim => claim.Type == "lastname").Value; cTWhoami.email = token.Claims.First(claim => claim.Type == "email").Value; List <string> scopes = token.Claims.Where(claim => claim.Type == "scopes").Select(fclaim => fclaim.Value).ToList(); return(this.BuildJWTToken(cTWhoami, scopes, fc)); }
private Claim[] BuildClaims(CTWhoami whoami, string timeStamp, List <string> scopes) { List <Claim> claims = new List <Claim>(); claims.Add(new Claim(JwtRegisteredClaimNames.Iat, timeStamp, ClaimValueTypes.Integer64)); claims.Add(new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())); claims.Add(new Claim("firstname", whoami.firstName)); claims.Add(new Claim("lastname", whoami.lastName)); claims.Add(new Claim("email", whoami.email)); if (scopes.Count() > 0) { claims.AddRange(scopes.Select(val => new Claim("scopes", val))); } return(claims.ToArray()); }
public static async Task <IActionResult> Run( [HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = null)] HttpRequest req, [Table("PublicKeys")] CloudTable cloudTable, ILogger log) { log.LogInformation("Login requestes"); FunctionContext <dynamic> fc = new FunctionContext <dynamic>(log, req, cloudTable); string requestBody = await new StreamReader(req.Body).ReadToEndAsync(); dynamic data = JsonConvert.DeserializeObject(requestBody); if (data == null) { return(new BadRequestObjectResult("No Payload available")); } fc.PayLoad = data; string username = data.username; string password = data.password; if (String.IsNullOrEmpty(username) || String.IsNullOrEmpty(password)) { return(new BadRequestObjectResult("Nix username or password")); } string ctURL = System.Environment.GetEnvironmentVariable("CT_URL"); CTLoginService service = new CTLoginService(ctURL); LoginResult lr = await service.DoLogin(username, password, httpClient); log.LogInformation("Result: " + lr.Error); if (!lr.Error) { CTWhoami cTWhoami = await service.GetWhoAmi(lr.SetCookieHeader, httpClient); List <CTGroupContainer> groups = await service.GetGroups(lr.SetCookieHeader, cTWhoami.id, httpClient); List <string> scopes = groups.Select(gc => "ct_group_" + gc.group.domainIdentifier).ToList(); Tokens tokens = await jwtService.BuildJWTToken(cTWhoami, scopes, fc); return(new OkObjectResult(tokens)); } return(new UnauthorizedResult()); }