private async Task <ActionResult> AuthenticateAltinnStudioToken(string originalToken)
        {
            try
            {
                if (!_validator.CanReadToken(originalToken))
                {
                    return(Unauthorized());
                }

                JwtSecurityToken jwt = _validator.ReadJwtToken(originalToken);

                if (!jwt.Issuer.Equals("studio") && !jwt.Issuer.Equals("dev-studio"))
                {
                    return(Unauthorized());
                }

                IEnumerable <SecurityKey> signingKeys = await _designerSigningKeysResolver.GetSigningKeys(jwt.Issuer);

                TokenValidationParameters validationParameters = new TokenValidationParameters
                {
                    ValidateIssuerSigningKey = true,
                    IssuerSigningKeys        = signingKeys,
                    ValidateIssuer           = false,
                    ValidateAudience         = false,
                    RequireExpirationTime    = true,
                    ValidateLifetime         = true,
                    ClockSkew = TimeSpan.Zero
                };

                ClaimsPrincipal originalPrincipal = _validator.ValidateToken(originalToken, validationParameters, out _);

                List <Claim> claims = new List <Claim>();
                foreach (Claim claim in originalPrincipal.Claims)
                {
                    claims.Add(claim);
                }

                ClaimsIdentity identity = new ClaimsIdentity(AltinnStudioIdentity);
                identity.AddClaims(claims);
                ClaimsPrincipal principal = new ClaimsPrincipal(identity);

                string serializedToken = await GenerateToken(principal);

                return(Ok(serializedToken));
            }
            catch (Exception ex)
            {
                _logger.LogWarning($"Altinn Studio authentication failed. {ex.Message}");
                return(Unauthorized());
            }
        }
Exemplo n.º 2
0
        private async Task <TokenValidationParameters> GetTokenValidationParameters(string issuer)
        {
            TokenValidationParameters tokenValidationParameters = new TokenValidationParameters
            {
                ValidateIssuerSigningKey = true,
                ValidateIssuer           = false,
                ValidateAudience         = false,
                RequireExpirationTime    = true,
                ValidateLifetime         = true,
                ClockSkew = TimeSpan.Zero
            };

            tokenValidationParameters.IssuerSigningKeys = await _signingKeysResolver.GetSigningKeys(issuer);

            return(tokenValidationParameters);
        }