private static RSACryptoServiceProvider GetPrivateKey(JwtAuthenticationSettings settings)
{
var certificateFetcher =
settings.RelativeFileCertificate != null
? new FileCertificateFetcher(settings.RelativeFileCertificate)
: settings.StoreCertificate != null
? new StoreByThumbprintCertificateFetcher(settings.StoreCertificate)
: null as ICertificateFetcher;
RSACryptoServiceProvider privateKey = null;
if (certificateFetcher != null)
{
var certificate = certificateFetcher.Fetch();
if (certificate == null)
{
throw new InvalidOperationException(Messages.Exception_UseJwtAuthentication_CertificateNotFound);
}
privateKey = certificate.PrivateKey as RSACryptoServiceProvider;
if (privateKey == null)
{
throw new InvalidOperationException(Messages.Exception_UseJwtAuthentication_NoPrivateKey);
}
}
return(privateKey);
}
/// <summary>
/// Initializes a new instance of the <see cref="JoseJwtFormat" /> class.
/// </summary>
/// <param name="settings">The settings.</param>
/// <param name="privateKey">The private key.</param>
/// <exception cref="System.ArgumentNullException">If settings is null.</exception>
public JoseJwtFormat(JwtAuthenticationSettings settings, RSACryptoServiceProvider privateKey)
{
if (settings == null)
{
throw new ArgumentNullException(nameof(settings));
}
this.settings = settings;
this.privateKey = privateKey;
}
public static IAppBuilder UseJwtAuthentication(
this IAppBuilder app,
JwtAuthenticationSettings settings = null)
{
if (app == null)
{
throw new ArgumentNullException(nameof(app));
}
var s = settings ?? app.GetInstance <JwtAuthenticationSettings>();
if (s == null)
{
throw new InvalidOperationException(Messages.Exception_UseJwtAuthentication_NoSettingsProvided);
}
if (s.RelativeFileCertificate != null && s.StoreCertificate != null)
{
throw new InvalidOperationException(Messages.Exception_UseJwtAuthentication_MultipleOptionsProvided);
}
var privateKey = GetPrivateKey(s);
// Try decoding each secret so it will throw an exception early if there is a configuration problem
s.AllowedServers.ToList().ForEach(server => TextEncodings.Base64Url.Decode(server.Secret));
var authenticationOptions = new OAuthBearerAuthenticationOptions
{
AccessTokenFormat = new JoseJwtFormat(s, privateKey),
AuthenticationType = "Bearer",
Provider = new OAuthBearerAuthenticationProvider
{
OnRequestToken = async context => await RequestToken(context, s),
},
};
return(app.UseOAuthBearerAuthentication(authenticationOptions));
}
private static async Task RequestToken(OAuthRequestTokenContext requestTokenContext, JwtAuthenticationSettings settings)
{
var originalToken = requestTokenContext.Token;
if (!string.IsNullOrWhiteSpace(settings.AuthorizationKey))
{
requestTokenContext.Token = null;
// Late bound to capture originalToken
Func <OAuthRequestTokenContext, string, Task> useHeader = (context, _) =>
{
if (!string.IsNullOrWhiteSpace(originalToken))
{
context.Token = originalToken;
}
return(Task.FromResult <object>(null));
};
var setTokenLookup = new Dictionary <AuthorizationSource, Func <OAuthRequestTokenContext, string, Task> >
{
{ AuthorizationSource.Header, useHeader },
{ AuthorizationSource.Form, UseForm },
{ AuthorizationSource.QueryString, UseQueryString },
};
var authorizationPriority = (settings.AuthorizationPriority.Count > 0)
? settings.AuthorizationPriority
: new[] { AuthorizationSource.Header, AuthorizationSource.Form, AuthorizationSource.QueryString };
// Apply them last to first so that first gets highest priority when setting value
var setTokens = authorizationPriority.Reverse().Select(a => setTokenLookup[a]);
foreach (var setToken in setTokens)
{
await setToken(requestTokenContext, settings.AuthorizationKey);
}
}
}
