public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
{
validatedToken = null;
var clientId = Environment.GetEnvironmentVariable("GOOGLE_CLIENT_ID");
var payload = GoogleJsonWebSignature.ValidateAsync(securityToken, new GoogleJsonWebSignature.ValidationSettings
{
Audience = new[] { clientId }
}).Result;
var claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, payload.Name),
new Claim(ClaimTypes.Name, payload.Name),
new Claim(JwtRegisteredClaimNames.FamilyName, payload.FamilyName),
new Claim(JwtRegisteredClaimNames.GivenName, payload.GivenName),
new Claim(JwtRegisteredClaimNames.Email, payload.Email),
new Claim(JwtRegisteredClaimNames.Sub, payload.Subject),
new Claim(JwtRegisteredClaimNames.Iss, payload.Issuer)
};
try
{
var principle = new ClaimsPrincipal(new ClaimsIdentity(claims, "Bearer"));
return(principle);
}
catch (Exception e)
{
throw new ApiException(this.apiResultService.InternalServerErrorResult(e));
}
}
public async Task <JsonResult> IdTokenVerification(string idToken, int clientTimezoneOffset)
{
var payload = await GoogleJsonWebSignature.ValidateAsync(idToken,
new GoogleJsonWebSignature.ValidationSettings()
{
IssuedAtClockTolerance = TimeSpan.FromDays(1) // for cases when server's time different from UTC time (google time).
});
if (payload != null)
{
var member = _memberService.GetByEmail(payload.Email);
if (member != null)
{
FormsAuthentication.SetAuthCookie(member.Username, true);
_timezoneOffsetProvider.SetTimezoneOffset(clientTimezoneOffset);
if (!_memberServiceHelper.IsFirstLoginPerformed(member))
{
SendWelcomeNotification(member.Key);
_memberServiceHelper.SetFirstLoginPerformed(member);
}
return(Json(new GoogleAuthResultModel()
{
Url = DefaultRedirectUrl,
Success = true
}));
}
}
return(Json(new GoogleAuthResultModel()));
}
public async Task <NewExternalUserViewModel> GetUserViewModelUserFromGoogleToken(string googleIdToken)
{
var googleTokenSettings = new GoogleJsonWebSignature.ValidationSettings()
{
Audience = new List <string>()
{
"680869894998-hujg19vbq0lhmhc8vf8ldmc1dnepvrti.apps.googleusercontent.com"
}
};
try
{
var validToken = await GoogleJsonWebSignature.ValidateAsync(googleIdToken, googleTokenSettings);
var user = new NewExternalUserViewModel()
{
AuthenticationTypeId = (int)AuthenticationType.GoogleApi,
Email = validToken.Email,
FirstName = validToken.Name,
LastName = validToken.GivenName,
Password = GenerateRandomPasswordForSocialUser(),
Username = validToken.Email
};
return(user);
}
catch (InvalidJwtException ex)
{
Console.WriteLine(ex.Message + ex.StackTrace);
throw;
}
}
/*admin authentication => check account, if there is admin account in the system, generate the token*/
public async Task <Account> AuthenticateAsync(string _token)
{
try
{
//get admin information from google account
GoogleJsonWebSignature.Payload validPayload = await GoogleJsonWebSignature.ValidateAsync(_token);
var admin = _dbContext.accounts.FirstOrDefault(x => x.Email.ToLower() == validPayload.Email.ToLower() && x.Role == Role.Admin);
//if there is admin account in this system
if (admin != null)
{
//generate token
var _user = GetToken(admin.Id_account);
return(_user);
}
//if there is no admin account in this system
else
{
return(null);
}
}
catch (Exception)
{
//error
Console.WriteLine("Error check admin");
return(null);
}
}
public async System.Threading.Tasks.Task <ENTITIES.CustomModels.Authen.Gmail> GetUserDetailsAsync(string providerToken)
{
GoogleJsonWebSignature.Payload payload = await GoogleJsonWebSignature.ValidateAsync(providerToken);
if (!payload.Audience.Equals("24917390994-co652l6gu3eeoqaf96oc9h4av23eprot.apps.googleusercontent.com"))
{
return(null);
}
if (!payload.Issuer.Equals("accounts.google.com") && !payload.Issuer.Equals("https://accounts.google.com"))
{
return(null);
}
if (payload.ExpirationTimeSeconds == null)
{
return(null);
}
else
{
DateTime now = DateTime.Now.ToUniversalTime();
DateTime expiration = DateTimeOffset.FromUnixTimeSeconds((long)payload.ExpirationTimeSeconds).DateTime;
if (now > expiration)
{
return(null);
}
}
return(new ENTITIES.CustomModels.Authen.Gmail
{
email = payload.Email,
id = payload.Subject,
name = payload.Name,
imageurl = payload.Picture
});
}
/// <summary>
/// Sends the jwt token to Google's Servers to be validated.
/// </summary>
/// <returns>
/// The payload received from Google, or null if the token is invalid.
/// </returns>
/// <param name="token">A JWT.</param>
/// <param name="env">The environment, used to check if validation should be skipped.</param>
public static async Task <GoogleJsonWebSignature.Payload> ValidateUser(string token, IAppEnvironment env)
{
if (env.SkipValidation == "true")
{
return(new GoogleJsonWebSignature.Payload()
{
Name = "Smitty Jensens",
GivenName = "Smitty",
FamilyName = "Jensens",
Email = "*****@*****.**",
Subject = "123456789109876543210", // Subject is longer than Int64
});
}
try
{
var settings = new GoogleJsonWebSignature.ValidationSettings()
{
Audience = new string[] { env.Audience },
};
var validPayload = await GoogleJsonWebSignature.ValidateAsync(token);
return(validPayload);
}
catch
{
return(null);
}
}
public async Task Validate_Signature_Time()
{
var clockInvalid1 = new MockClock()
{
UtcNow = new DateTime(2017, 5, 31, 10, 22, 0, DateTimeKind.Utc)
};
var clockValid1 = new MockClock()
{
UtcNow = new DateTime(2017, 5, 31, 10, 24, 0, DateTimeKind.Utc)
};
var clockValid2 = new MockClock()
{
UtcNow = new DateTime(2017, 5, 31, 11, 22, 0, DateTimeKind.Utc)
};
var clockInvalid2 = new MockClock()
{
UtcNow = new DateTime(2017, 5, 31, 11, 24, 0, DateTimeKind.Utc)
};
Assert.NotNull(await GoogleJsonWebSignature.ValidateInternalAsync(JwtGoogleSigned, MakeSettings(clockValid1), GoogleCertsJson, false));
Assert.NotNull(await GoogleJsonWebSignature.ValidateInternalAsync(JwtGoogleSigned, MakeSettings(clockValid2), GoogleCertsJson, false));
var ex1 = await Assert.ThrowsAsync <InvalidJwtException>(() =>
GoogleJsonWebSignature.ValidateInternalAsync(JwtGoogleSigned, MakeSettings(clockInvalid1), GoogleCertsJson, false));
Assert.Equal("JWT is not yet valid.", ex1.Message);
var ex2 = await Assert.ThrowsAsync <InvalidJwtException>(() =>
GoogleJsonWebSignature.ValidateInternalAsync(JwtGoogleSigned, MakeSettings(clockInvalid2), GoogleCertsJson, false));
Assert.Equal("JWT has expired.", ex2.Message);
}
public async Task <IActionResult> RunAsync(
[HttpTrigger(AuthorizationLevel.Anonymous, "delete", Route = "timeEntries")]
HttpRequest req, ILogger log)
{
if (!req.Headers.ContainsKey("auth"))
{
return(new BadRequestObjectResult("Missing auth header"));
}
try
{
var validPayload = await GoogleJsonWebSignature.ValidateAsync(req.Headers["auth"]);
var timeString = req.Query["dateTime"];
var date = DateTime.Parse(timeString);
var keyId = req.Query["key"];
var times = await _timeEntryService.DeleteTimeEntry(validPayload.Email, date, keyId);
return(new OkObjectResult(times));
}
catch (InvalidJwtException ex)
{
log.LogError(ex.ToString());
return(new UnauthorizedResult());
}
}
public async Task <IActionResult> ExternalLogin([FromBody] UserExternalLoginRequest request)
{
if (ModelState.IsValid)
{
try
{
var tokenIsValid = await GoogleJsonWebSignature.ValidateAsync(
request.Token,
new GoogleJsonWebSignature.ValidationSettings()
{
ForceGoogleCertRefresh = true, Audience = new string[] { _configuration["googleclientid"] }
});
var googleToken = new JwtSecurityTokenHandler().ReadJwtToken(request.Token);
var email = googleToken.Claims.First(c => c.Type == "email").Value;
var user = await _userManager.FindByEmailAsync(email);
if (user != null)
{
await _signInManager.SignInAsync(user, false);
var token = await GenerateToken(email, user);
return(Ok(new { token }));
}
}
catch (InvalidJwtException ex)
{
ModelState.AddModelError("token", "Token is not valid Google Apps token");
}
}
return(BadRequest(ModelState.Values.SelectMany(e => e.Errors)));
}
//[EnableCors("MyCors")]
public async Task <IActionResult> GoogleLogin([FromBody] string tokenId)
{
try
{
var payload = GoogleJsonWebSignature.ValidateAsync(tokenId,
new GoogleJsonWebSignature.ValidationSettings()
{
ExpirationTimeClockTolerance = TimeSpan.FromSeconds(20),
Clock = new AccurateClock(),
IssuedAtClockTolerance = TimeSpan.FromSeconds(20)
}).Result;
if (payload.Audience.ToString() != _config["GoogleAud:secrete"].ToString())
{
return(NotFound(new { message = "Somethong wen wrong" }));
}
var user = await Authenticate(payload);
var tokenString = BuildToken(user);
return(Ok(new { token = tokenString }));
}
catch (Exception ex)
{
Logger.LogError(ex);
return(NotFound(new { message = "Somethong wen wrong" }));
}
}
public async Task<UserDto> Post(UserDto userDto)
{
// todo:
//var settings = new GoogleJsonWebSignature.ValidationSettings
//{
// HostedDomain = "http://localhost:4200"
//};
bool valid = false;
try
{
if (userDto.socialProvider == "GOOGLE")
{
var validPayload = await GoogleJsonWebSignature.ValidateAsync(Request.Headers["Authorization"]);
// todo: more validation?
valid = validPayload != null;
}
if (userDto.socialProvider == "FACEBOOK")
{
valid = await ValidateFacebookJwt(Request.Headers["Authorization"]);
}
}
catch (Exception exc)
{
logger.LogError(exc.ToString());
}
if (!valid)
return null;
return GetOrCreateLogin(userDto);
}
public async Task <ActionResult> StudentLogin()
{
// The user is already authenticated, so this call won't
// trigger login, but it allows us to access token related values.
AuthenticateResult auth = await HttpContext.AuthenticateAsync();
string idToken = auth.Properties.GetTokenValue(OpenIdConnectParameterNames.IdToken);
try
{
// Verify the current user logging in with Google server
// if the ID is invalid, an exception is thrown
Payload currentUser = await
GoogleJsonWebSignature.ValidateAsync(idToken);
string userName = currentUser.Name;
string eMail = currentUser.Email;
HttpContext.Session.SetString("LoginID", userName + " / " + eMail);
HttpContext.Session.SetString("Role", "Student");
HttpContext.Session.SetString("LoginTime", DateTime.Now.ToString()); // dd-MMM-yy HH:mm:ss tt
return(RedirectToAction("Index", "Book"));
}
catch (Exception e)
{
// Token ID is may be tempered with, force user to logout
return(RedirectToAction("LogOut"));
}
}
public async Task <IActionResult> GoogleAuth([FromBody] GoogleAuthDTO auth)
{
try
{
var payload = await GoogleJsonWebSignature.ValidateAsync(auth.TokenId,
new GoogleJsonWebSignature.ValidationSettings()
{
Audience = new [] { _configuration.GetSection("Authentication:Google")["ClientId"] }
});
var connectedUser = (await _repository.ListAsync(new UserByGoogleIdSpecification(payload.Subject))).SingleOrDefault();
if (connectedUser is null)
{
connectedUser = await _repository.AddAsync(new User()
{
FirstName = payload.GivenName,
LastName = payload.FamilyName,
GoogleId = payload.Subject,
ImageUrl = payload.Picture,
Email = payload.Email
});
}
return(Ok(_mapper.Map <User, UserDTO>(connectedUser)));
}
catch
{
return(StatusCode(403, "Google token id isn't valid"));
}
}
public async Task GetGoogleCerts()
{
// Verifies certs are downloaded and loaded into RSAs
var certs = await GoogleJsonWebSignature.GetGoogleCertsAsync(SystemClock.Default, false, null);
Assert.NotEmpty(certs);
}
public async System.Threading.Tasks.Task <ClaimsPrincipal> ValidateJwtStringAsync(string authToken)
{
try
{
var payload = await GoogleJsonWebSignature.ValidateAsync(authToken);
var claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, payload.Name),
new Claim(ClaimTypes.Name, payload.Name),
new Claim(JwtRegisteredClaimNames.FamilyName, payload.FamilyName),
new Claim(JwtRegisteredClaimNames.GivenName, payload.GivenName),
new Claim(JwtRegisteredClaimNames.Email, payload.Email),
new Claim(JwtRegisteredClaimNames.Sub, payload.Subject),
new Claim(JwtRegisteredClaimNames.Iss, payload.Issuer),
};
var principal = new ClaimsPrincipal();
principal.AddIdentity(new ClaimsIdentity(claims));
return(principal);
}
catch (Exception e)
{
throw;
}
}
public override async Task <ExternAuthUser> GetUserInfoAsync(string token)
{
// Get user information
//var googleUser = await WebClient.RequestAsync<GoogleUser>(new WebRequestContext()
//{
// MethodType = WebMethodType.GET,
// BaseUrl = UserInfoUrl,
// QueryParamGroup = "id_token={id_token}",
// QueryParamData = new { id_token = token },
//});
var validPayload = await GoogleJsonWebSignature.ValidateAsync(token);
if (validPayload == null)
{
return(null);
}
return(new ExternAuthUser
{
SNSProvider = SNSProviderType.Google,
Id = Singleton.Get <CryptoFacade>().SHA_256.ComputeHash(validPayload.Subject),
Email = validPayload.Email,
FirstName = validPayload.GivenName,
LastName = validPayload.FamilyName,
PictureUrl = validPayload.Picture,
});
#endregion Implement Abstract Method
}
public async Task CreateOrFindAndLoginUser(string idToken)
{
var validPayload = await GoogleJsonWebSignature.ValidateAsync(idToken);
var user = await _userManager.FindByEmailAsync(validPayload.Email);
if (user != null)
{
await _signInManager.SignInAsync(user, true);
}
var newUser = new ApplicationUser
{
EmailConfirmed = true,
Email = validPayload.Email,
UserName = validPayload.Name.Replace(' ', '_'),
Name = validPayload.Name,
Currency = "$"
};
var userCreated = await _userManager.CreateAsync(newUser);
if (userCreated.Succeeded)
{
await _signInManager.SignInAsync(newUser, true);
}
else
{
throw new UserCreationException();
}
}
public async Task <IActionResult> Google([FromBody] UserView userView)
{
try
{
var payload = GoogleJsonWebSignature.ValidateAsync(userView.tokenId, new GoogleJsonWebSignature.ValidationSettings()).Result;
var user = await _authService.Authenticate(payload);
SimpleLogger.Log(payload.ExpirationTimeSeconds.ToString());
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Sub, Security.Encrypt(AppSettings.appSettings.JwtEmailEncryption, user.email)),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
};
var key = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(AppSettings.appSettings.JwtSecret));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(String.Empty,
String.Empty,
claims,
expires: DateTime.Now.AddSeconds(55 * 60),
signingCredentials: creds);
return(Ok(new
{
token = new JwtSecurityTokenHandler().WriteToken(token)
}));
}
catch (Exception ex)
{
Helpers.SimpleLogger.Log(ex);
BadRequest(ex.Message);
}
return(BadRequest());
}
public async Task <ActionResult> GoogleLogin(string id_token)
{
GoogleJsonWebSignature.Payload payload = null;
try
{
payload = await GoogleJsonWebSignature.ValidateAsync(id_token, GoogleValidationSetting);
}
catch (Google.Apis.Auth.InvalidJwtException ex)
{
return(Content($"Google.Apis.Auth.InvalidJwtException: { ex.Message}"));
}
catch (Newtonsoft.Json.JsonReaderException ex)
{
return(Content($"Newtonsoft.Json.JsonReaderException: {ex.Message}"));
}
catch (Exception ex)
{
return(Content($"Exception: {ex.Message}"));
}
if (payload == null)
{
return(null);
}
string email = payload.Email;
if (_dbContext.Users.Where(u => u.Email == email).Any()) // if 使用者已存在
{
return(Content(Url.Action("Index", "Users")));
}
return(Content(Url.Action("Register", routeValues: new { email = email })));
}
public async Task <IronToken> Login(UserGoogle user)
{
var googlePublicKey = _configuration["Google:PublicKey"];
var userValidPayload = await GoogleJsonWebSignature.ValidateAsync(user.TokenGoogle, new GoogleJsonWebSignature.ValidationSettings()
{
Audience = new string[] { googlePublicKey }
});
var userBd = await _unitOfWork.Users.GetByEmail(userValidPayload.Email);
if (userBd != null)
{
if (!userBd.GoogleAuth)
{
throw new ValidationException($"User { userValidPayload.Email } was created with default authentication. Use email and Password");
}
}
else
{
var profilePicture = await _fileService.DownloadAndSaveFromUrl(userValidPayload.Picture);
userBd = new User(userValidPayload.Name, userValidPayload.Email, AuthConstants.UserGoogle_FakePassword, eRole.Employee, true);
if (profilePicture.Success)
{
userBd.SetProfilePicture(profilePicture.FileName);
}
await Register(userBd);
}
return(_tokenService.Generate(userBd));
}
public async Task Validate_CertCache()
{
var clock1 = new MockClock()
{
UtcNow = new DateTime(2017, 5, 31, 11, 24, 0, DateTimeKind.Utc)
};
var clock2Cached = new MockClock()
{
UtcNow = clock1.UtcNow + GoogleJsonWebSignature.CertCacheRefreshInterval - TimeSpan.FromSeconds(1)
};
var clock3Uncached = new MockClock()
{
UtcNow = clock1.UtcNow + GoogleJsonWebSignature.CertCacheRefreshInterval + TimeSpan.FromSeconds(1)
};
var rsas1 = await GoogleJsonWebSignature.GetGoogleCertsAsync(clock1, false, GoogleCertsJson);
var rsas2Cached = await GoogleJsonWebSignature.GetGoogleCertsAsync(clock2Cached, false, GoogleCertsJson);
var rsas3Refreshed = await GoogleJsonWebSignature.GetGoogleCertsAsync(clock3Uncached, false, GoogleCertsJson);
var rsas4Forced = await GoogleJsonWebSignature.GetGoogleCertsAsync(clock3Uncached, true, GoogleCertsJson);
Assert.NotNull(rsas1);
Assert.Same(rsas1, rsas2Cached);
Assert.NotSame(rsas1, rsas3Refreshed);
Assert.NotSame(rsas3Refreshed, rsas4Forced);
}
public async Task <IActionResult> AdminAuthenticate([FromBody] Token token)
{
TimeZoneInfo zone = TimeZoneInfo.FindSystemTimeZoneById("SE Asia Standard Time");
DateTime dateTime = TimeZoneInfo.ConvertTime(DateTime.Now, zone);
try
{
GoogleJsonWebSignature.Payload validPayload = await GoogleJsonWebSignature.ValidateAsync(token._Token);
var admin = await _adminService.AuthenticateAsync(token._Token);
//there is admin account return back to this function
//if there is admin return to this function
if (admin != null)
{
Log.Information("Admin access {name}., {DateTime}.", admin.Name, dateTime);
return(Ok(admin.Token));
}
// there is no admin return to this function
else
{
Log.Information("Access Denied {DateTime}.", dateTime);
return(BadRequest("Access Denied."));
}
}
catch
{
//error
Log.Information("Error Admin Authentication");
return(NotFound("Error Admin Authentication"));
}
}
public async Task <IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = "timeEntries")] HttpRequest req,
ILogger log)
{
if (!req.Headers.ContainsKey("auth"))
{
return(new BadRequestObjectResult("Missing auth header"));
}
try
{
var validPayload = await GoogleJsonWebSignature.ValidateAsync(req.Headers["auth"]);
if (!req.Query.ContainsKey("startDate") || !req.Query.ContainsKey("endDate"))
{
return(new BadRequestObjectResult("Query params missing, must pass startDate and endDate"));
}
var startDate = DateTime.Parse(req.Query["startDate"]);
var endDate = DateTime.Parse(req.Query["endDate"]);
var times = await _timeEntryService.GetTimes(validPayload.Email, startDate, endDate);
return(new OkObjectResult(times));
}
catch (InvalidJwtException ex)
{
log.LogError(ex.ToString());
return(new UnauthorizedResult());
}
}
public async Task <IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = "timeEntries")] HttpRequest req,
ILogger log)
{
if (!req.Headers.ContainsKey("auth"))
{
return(new BadRequestObjectResult("Missing auth header"));
}
try
{
var validPayload = await GoogleJsonWebSignature.ValidateAsync(req.Headers["auth"]);
string data = await req.ReadAsStringAsync();
var timeEntryCreationRequest = JsonConvert.DeserializeObject <TimeEntryDto>(data);
await _timeEntryService.InsertEntry(validPayload.Email, timeEntryCreationRequest);
return(new OkResult());
}
catch (InvalidJwtException ex)
{
log.LogError(ex.ToString());
return(new UnauthorizedResult());
}
}
public async Task <IActionResult> Google([FromBody] GoogleAuthModel model)
{
Log.Information("userView = " + model.tokenId);
GoogleJsonWebSignature.Payload payload =
await GoogleJsonWebSignature.ValidateAsync(model.tokenId, new GoogleJsonWebSignature.ValidationSettings());
var authRequest = new AuthentificateRequestGoogle()
{
User = payload,
GroupId = model.GroupId
};
var authResult = await _userSerice.AuthentificateWithGoogle(authRequest, ipAddress());
if (authResult == null)
{
return(BadRequest("Group is not match user group!"));
}
setTokenCookie(authResult.RefreshToken);
return(Ok(new AuthentificateDto
{
Id = authResult.Student.Id,
Group = authResult.Student.Group.Group_Name,
Username = authResult.Student.Username,
FirstName = authResult.Student.FirstName,
LastName = authResult.Student.LastName,
Token = authResult.JwtToken,
RefreshToken = authResult.RefreshToken
}));
}
public async Task <IActionResult> TokenSignin([FromBody] string idToken)
{
try {
var payload = await GoogleJsonWebSignature.ValidateAsync(idToken);
var userEmail = payload.Email;
if (!await _userManager.IsRegisteredAsync(userEmail))
{
await _userManager.RegisterNewAsync(new User {
UserName = payload.Name,
Email = userEmail
});
}
var userClaims = await GetClaims(payload.Email, payload.Picture);
var token = GenerateJwtSecurityToken(userClaims);
return(Ok(new {
token = token.TokenString,
expiration = token.Expiration,
success = true
}));
}
catch (InvalidJwtException e) {
return(BadRequest(e.Message));
}
}
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
{
validatedToken = null;
try
{
var payload = GoogleJsonWebSignature.ValidateAsync(securityToken, new GoogleJsonWebSignature.ValidationSettings()
{
Audience = new[] { _clientId }
}).Result; // here is where I delegate to Google to validate
var claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, payload.Name),
new Claim(ClaimTypes.Name, payload.Name),
new Claim(JwtRegisteredClaimNames.FamilyName, payload.FamilyName),
new Claim(JwtRegisteredClaimNames.GivenName, payload.GivenName),
new Claim(JwtRegisteredClaimNames.Email, payload.Email),
new Claim(JwtRegisteredClaimNames.Sub, payload.Subject),
new Claim(JwtRegisteredClaimNames.Iss, payload.Issuer),
};
var principle = new ClaimsPrincipal();
principle.AddIdentity(new ClaimsIdentity(claims, JwtBearerDefaults.AuthenticationScheme));
return(principle);
}
catch (Exception e)
{
throw;
}
}
public async Task <ExternalLoginInfo> LoginFromModel(ExternalLoginModel model)
{
try
{
await GoogleJsonWebSignature.ValidateAsync(model.IdToken,
new GoogleJsonWebSignature.ValidationSettings {
ExpirationTimeClockTolerance = TimeSpan.FromSeconds(30)
});
}
catch (Exception ex)
{
throw new ExternalLoginException($"Google authentication failed: {ex.Message}", ex);
}
var tokenInfoReq = new Oauth2Service.TokeninfoRequest(_oauth2Service)
{
IdToken = model.IdToken
};
var tokenInfo = await tokenInfoReq.ExecuteAsync();
return(new ExternalLoginInfo {
Provider = this,
UserId = tokenInfo.UserId,
UserEmail = tokenInfo.Email
});
}
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
{
validatedToken = null;
var payload = GoogleJsonWebSignature.ValidateAsync(securityToken, new GoogleJsonWebSignature.ValidationSettings()).Result; // here is where I delegate to Google to validate
var claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, payload.Name),
new Claim(ClaimTypes.Name, payload.Name),
new Claim(JwtRegisteredClaimNames.FamilyName, payload.FamilyName),
new Claim(JwtRegisteredClaimNames.GivenName, payload.GivenName),
new Claim(JwtRegisteredClaimNames.Email, payload.Email),
new Claim(JwtRegisteredClaimNames.Sub, payload.Subject),
new Claim(JwtRegisteredClaimNames.Iss, payload.Issuer),
};
try
{
var principle = new ClaimsPrincipal();
principle.AddIdentity(new ClaimsIdentity(claims, "jwt-google"));
return(principle);
}
catch (Exception e)
{
Console.WriteLine(e);
throw;
}
}
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
{
//TODO clean up https://andrewlock.net/a-look-behind-the-jwt-bearer-authentication-middleware-in-asp-net-core/
validatedToken = null;
var payload = GoogleJsonWebSignature.ValidateAsync(securityToken, new GoogleJsonWebSignature.ValidationSettings()).Result;
var claims = new List <Claim>
{
new Claim(ClaimTypes.NameIdentifier, payload.Name),
new Claim(ClaimTypes.Name, payload.Name),
new Claim(JwtRegisteredClaimNames.FamilyName, payload.FamilyName),
new Claim(JwtRegisteredClaimNames.GivenName, payload.GivenName),
new Claim(JwtRegisteredClaimNames.Email, payload.Email),
new Claim(JwtRegisteredClaimNames.Sub, payload.Subject),
new Claim(JwtRegisteredClaimNames.Iss, payload.Issuer),
};
try
{
var principle = new ClaimsPrincipal();
principle.AddIdentity(new ClaimsIdentity(claims, "Password"));
return(principle);
}
catch (Exception e)
{
Console.WriteLine(e);
throw;
}
}
