public async Task <IActionResult> AuthByApiKey([FromQuery] string apiKey, [FromQuery] string redirectURL = null)
{
var secure = _settings.CookieSecure ? "Secure;" : "";
var expires = _settings.CookieExpiryDays == 0 ? "" : $"Expires={DateTime.UtcNow.AddDays(_settings.CookieExpiryDays).ToString("ddd, dd MMM yyyy HH:mm:ss 'GMT'")};";
var user = User.Identity;
// Auth user
if (user == null)
{
if (String.IsNullOrWhiteSpace(redirectURL))
{
return(BadRequest());
}
Response.Headers.Add("Set-Cookie", $"{_settings.TokenName}={false}; Domain={_settings.CookieDomain}; SameSite={_settings.SameSite}; Path={_settings.CookiePath};{secure} HttpOnly");
return(Redirect(redirectURL));
}
var client = await _dataRepository.GetClientByApiKey(apiKey);
// Auth API Key
if (client == null)
{
if (String.IsNullOrWhiteSpace(redirectURL))
{
return(BadRequest());
}
Response.Headers.Add("Set-Cookie", $"{_settings.TokenName}={false}; Domain={_settings.CookieDomain}; SameSite={_settings.SameSite}; Path={_settings.CookiePath};{secure} HttpOnly");
return(Redirect(redirectURL));
}
var token = _jwtHelper.Create(user, client.Audience, client.AppGroupRegexes);
Response.Headers.Add("Set-Cookie", $"{client.TokenName}={token};{expires} Domain={client.CookieDomain}; SameSite={_settings.SameSite}; Path={client.CookiePath};{secure} HttpOnly");
if (String.IsNullOrWhiteSpace(redirectURL))
{
return(Ok());
}
return(Redirect(redirectURL));
}