public ClientAssertionTokenClientConfigurationService(IOptions <AccessTokenManagementOptions> accessTokenManagementOptions, IOptionsMonitor <OpenIdConnectOptions> oidcOptions, IAuthenticationSchemeProvider schemeProvider, IPrivateKeyJwtGenerator privateKeyJwtGenerator, FinastraConfiguration finastraConfiguration ) : base(accessTokenManagementOptions, oidcOptions, schemeProvider) { _privateKeyJwtGenerator = privateKeyJwtGenerator; _finastraConfiguration = finastraConfiguration; }
public AccountsHttpClient(HttpClient httpClient, FinastraConfiguration finastraConfiguration) { _httpClient = httpClient; _httpClient.BaseAddress = new Uri($"{finastraConfiguration.ApiConfiguration.BaseUrl}/retail-us/me/account/v1/accounts/"); }
public AccountModel(IAccountsHttpClient accountsHttpClient, FinastraConfiguration finastraConfiguration) { _accountsHttpClient = accountsHttpClient; FinastraConfiguration = finastraConfiguration; }
public FfdcHttpClient(HttpClient httpClient, FinastraConfiguration finastraConfiguration) { _httpClient = httpClient; _httpClient.BaseAddress = new Uri(finastraConfiguration.ApiConfiguration.BaseUrl); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.AddRazorPages(); services.AddHttpContextAccessor(); var finastraConfiguration = new FinastraConfiguration(); var finastraConfigSection = Configuration.GetSection("Finastra"); finastraConfigSection.Bind(finastraConfiguration); #region Configuration of Configuration -) services.Configure <FinastraConfiguration>(finastraConfigSection); services.AddSingleton <IValidateOptions <FinastraConfiguration>, ConfigurationValidator>(); services.TryAddSingleton(provider => provider.GetRequiredService <IOptions <FinastraConfiguration> >().Value); #endregion // service providing private_key_jwt services.AddPrivateKeyJwtGenerator(o => { o.TokenEndpoint = finastraConfiguration.Oauth2Configuration.Issuer; // Finastra is validating against Issuer o.TokenLifeTimeInMinutes = finastraConfiguration.Oauth2Configuration.PrivateKeyJwtExpirationTimeInMinutes; } ); #region B2B token management service configuration //for B2B private_key_jwt auth method - register custom client assertion configuration if (finastraConfiguration.Oauth2Configuration.ClientAuthenticationMethod == ClientAuthenticationMethod.private_key_jwt) { services.AddTransient <ITokenClientConfigurationService, ClientAssertionTokenClientConfigurationService>(); }// client_credentials will use DefaultTokenClientConfigurationService registered on next line services.AddAccessTokenManagement(o => { // Here we can register either one client token service or many, depending on configuration // and business needs. // This sample registers one client named "finastra_login_service" per auth type. //in case of client_secret method - need to provide tokenEndpoint, clientId, secret. if (finastraConfiguration.Oauth2Configuration.ClientAuthenticationMethod == ClientAuthenticationMethod.client_secret) { o.Client.Clients.Add("finastra_login_service", new ClientCredentialsTokenRequest { Address = finastraConfiguration.Oauth2Configuration.TokenEndpoint, ClientId = finastraConfiguration.Oauth2Configuration.B2B.ClientId, ClientSecret = finastraConfiguration.Oauth2Configuration.B2B.ClientSecret }); } else { // this token client configured to use private_jwt method. // in this case we need only tokenEndpoint - credentials set via private_key_jwt. // ClientAssertion added in ClientAssertionTokenClientConfigurationService.GetClientCredentialsRequestAsync // see class ClientAssertionTokenClientConfigurationService o.Client.Clients.Add("finastra_login_service", new ClientCredentialsTokenRequest { Address = finastraConfiguration.Oauth2Configuration.TokenEndpoint }); } }); // B2B flow config. Typed client registration and link to TokenManagementService. services.AddHttpClient <IFfdcHttpClient, FfdcHttpClient>() .AddClientAccessTokenHandler("finastra_login_service"); ////alternative way - use custom httpMessageHandler for outbound requests. ////This sample implementation can use service discovery, instead of explicit token, issuer addresses. //services.AddPrivateKeyJwtHttpClient(o => //{ // o.AuthorityEndpoint = finastraConfiguration.Oauth2Configuration.AuthorityEndpoint; //}); #endregion #region B2C OIDC config start services.AddAuthentication(o => { o.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; o.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; }) .AddCookie() .AddOpenIdConnect(o => { o.ClientId = finastraConfiguration.Oauth2Configuration.B2C.ClientId; o.ClientSecret = finastraConfiguration.Oauth2Configuration.B2C.ClientSecret; o.Authority = finastraConfiguration.Oauth2Configuration.AuthorityEndpoint; o.CallbackPath = "/signin-oidc"; // this path or your custom one should be registered in FFDC application configuration. See FFDC application registration doc. o.SaveTokens = true; o.ResponseType = OpenIdConnectResponseType.Code; // Indicates a Query Response see: http://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthResponse. // other variant - form POST. o.ResponseMode = OpenIdConnectResponseMode.Query; o.Events.OnAuthorizationCodeReceived = context => { if (finastraConfiguration.Oauth2Configuration.ClientAuthenticationMethod == ClientAuthenticationMethod.client_secret) { return(Task.CompletedTask); //for client secret no need to set clientAssertion. } var tokenGenerator = context.HttpContext.RequestServices.GetService <IPrivateKeyJwtGenerator>(); context.TokenEndpointRequest.ClientAssertionType = OidcConstants.ClientAssertionTypes.JwtBearer; context.TokenEndpointRequest.ClientAssertion = tokenGenerator.CreateClientAuthJwt(new PrivateKeyJwtOptions { ClientId = finastraConfiguration.Oauth2Configuration.B2C.ClientId, JwkKeyId = finastraConfiguration.Oauth2Configuration.B2B.JwkKeyId, PrivateKeyPath = finastraConfiguration.Oauth2Configuration.B2B.PrivateKey //other params if they are different in config }); return(Task.CompletedTask); }; }); //B2C http client registration and attach userAccessTokenHandler //OAUTH configuration is taken from OpenIdConnect Config above services.AddHttpClient <IAccountsHttpClient, AccountsHttpClient>() .AddUserAccessTokenHandler(); #endregion }
public UtcDateTimeModel(IFfdcHttpClient ffdcHttpClient, FinastraConfiguration finastraConfiguration) { _ffdcHttpClient = ffdcHttpClient; FinastraConfiguration = finastraConfiguration; }
public IndexModel(ILogger <IndexModel> logger, FinastraConfiguration configuration) { _logger = logger; FinastraConfiguration = configuration; }