private async Task <AuthenticationResult> Authorize(HttpContext httpContext, Common.IanvsContext ianvsContext)
{
if (ianvsContext.SecurityRequirement?.Scopes?.Length > 0)
{
if (ianvsContext.Principal == null)
{
return(new AuthenticationResult()
{
Authenticated = false,
Error = "Missing Principal"
});
}
string[] grantedScopes = ianvsContext.Principal.Claims?.First(c => c.Type == "scope")?.Value.Split(' ') ?? new string[] { };
if (grantedScopes.Length == 0)
{
return(new AuthenticationResult()
{
Authenticated = false,
Error = "No Scopes Granted"
});
}
List <string> missingScopes = ianvsContext.SecurityRequirement.Scopes.ToList()
.Except(grantedScopes.ToList())
.ToList();
if (missingScopes?.Count > 0)
{
return(new AuthenticationResult()
{
Authenticated = false,
Error = "Missing Scopes"
});
}
}
return(new AuthenticationResult()
{
Authenticated = true
});
}
private async Task <AuthenticationResult> Authenticate(HttpContext httpContext, Common.IanvsContext ianvsContext,
IIanvsConfigurationStore ianvsConfiguration, AuthenticatorFactory authenticatorFactory)
{
// If multiple schemes are defined on the operation, only one can apply to the request; check which one
foreach (Ianvs::SecurityRequirement securityRequirement in ianvsContext.Security)
{
Ianvs::SecurityScheme schemeDefinition = ianvsConfiguration.SecuritySchemes?
.Find(s => s.Name == securityRequirement.SchemeName);
if (schemeDefinition != null)
{
ianvsContext.SecurityScheme = schemeDefinition;
IAuthenticationHandler authenticator = authenticatorFactory.GetAuthenticator(ianvsContext.SecurityScheme);
if (authenticator.CanAuthenticate(httpContext, ianvsContext))
{
ianvsContext.SecurityRequirement = securityRequirement;
return(await authenticator.Authenticate(httpContext, ianvsContext));
}
ianvsContext.SecurityScheme = null;
}
}
// Couldn't apply security requirements
return(new AuthenticationResult()
{
Authenticated = false,
Error = "No Matching Security Scheme"
});
}
private List <Common.SecurityRequirement> GetSecurityRequirements(Common.IanvsContext ianvsContext)
{
return(ianvsContext.MatchedOperation.Security ?? ianvsContext.MatchedEndpoint.Security ?? null);
}
