/// <summary> /// Adds the requested minter strategy implementation to the service collection. /// </summary> /// <param name="services"></param> /// <param name="type"></param> public static void AddTokenAuth(this IServiceCollection services, TokenMinterTypes type, IConfiguration configuration) { switch (type) { case TokenMinterTypes.JWS: var options = new MinterOptions(); configuration.Bind("MinterOptions", options); var minter = new JwsMinter(options); services.AddSingleton <ITokenMinter>(minter); _ConfigureForJwtAuth(services, configuration, minter.ValidationParameters, options); break; case TokenMinterTypes.JWE: case TokenMinterTypes.PaSeTo: throw new NotImplementedException(); } }
private static void _ConfigureForJwtAuth(IServiceCollection services, IConfiguration configuration, TokenValidationParameters tokenValidationParameters, MinterOptions minterOptions) { // Add the JWT-speciific ClaimsIdentityCompat to services: services.AddTransient <IClaimIdentityCompat, ClaimsIdentityCompat>(); // Add authentication framework services.AddAuthentication(options => { options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; //options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; }).AddJwtBearer(configureOptions => { configureOptions.ClaimsIssuer = minterOptions.Issuer; configureOptions.TokenValidationParameters = tokenValidationParameters; configureOptions.SaveToken = false; }); // Add claim-based authorization policies. (Done here as we know that we'll be claim-based // as we're configuring for JWTs) services.AddAuthorization(options => { options.AddPolicy( PolicyNames.UserAccess, policy => { policy.RequireClaim(ClaimNames.AccessType, AccessLevelValues.User); }); options.AddPolicy( PolicyNames.DaemonAccess, policy => { policy.RequireClaim(ClaimNames.AccessType, AccessLevelValues.Daemon); }); options.AddPolicy(PolicyNames.AnyAuthenticated, policy => { policy.RequireAuthenticatedUser(); }); }); }
public JwsMinter(MinterOptions options) { Options = options; _securityKey = new SymmetricSecurityKey(_GenerateKey()); _signingCredentials = new SigningCredentials(_securityKey, SecurityAlgorithms.HmacSha256); }