public async Task <bool> Validate(IDictionary <string, string> decodedClaims)
{
if (decodedClaims == null)
{
throw new ArgumentNullException(nameof(decodedClaims));
}
if (!decodedClaims.ContainsKey("exp") || !decodedClaims.ContainsKey("access_token"))
{
return(false);
}
// check exp max. 3 hrs
var maxExpiry = _DateTimeProvider.Snapshot.AddHours(_IccPortalConfig.ClaimLifetimeHours).ToUnixTimeU64();
if (!ulong.TryParse(decodedClaims["exp"], out ulong tokenExpiry))
{
return(false);
}
if (tokenExpiry > maxExpiry)
{
_Logger.LogInformation("Token invalid, has longer exp. than configured {claimLifetimeHours} hrs", _IccPortalConfig.ClaimLifetimeHours.ToString());
return(false);
}
return(await _TheIdentityHubService.VerifyToken(decodedClaims["access_token"]));
}
public void VerifyTokenShouldReturnTrueOnValidToken()
{
var validToken = "valid_access_token";
_Server.Reset();
_Server.Given(
Request.Create()
.WithHeader("Authorization", "Bearer " + validToken)
.WithPath("/ggdghornl_test/oauth2/v1/verify").UsingGet()
)
.RespondWith(
Response.Create()
.WithStatusCode(200)
.WithHeader("Content-Type", "application/json")
.WithBody("{\"audience\":1234}")
);
Assert.IsTrue(_TheIdentityHubService.VerifyToken(validToken).Result);
}
public async Task <bool> Validate(IDictionary <string, string> decodedClaims)
{
if (decodedClaims == null)
{
throw new ArgumentNullException(nameof(decodedClaims));
}
if (!decodedClaims.ContainsKey("access_token"))
{
return(false);
}
if (decodedClaims["access_token"] == _TestAccessToken)
{
_Logger.LogWarning("Test JWT Used for authorization!");
return(true);
}
return(await _TheIdentityHubService.VerifyToken(decodedClaims["access_token"]));
}
protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
if (!Request.Headers.TryGetValue("Authorization", out var headerValue))
{
Logger.LogInformation("Missing authorization header.");
return(AuthenticateResult.Fail("Missing authorization header."));
}
if (!AuthenticationHeaderValue.TryParse(headerValue, out var authHeader))
{
Logger.LogInformation("Invalid authorization header.");
return(AuthenticateResult.Fail("Invalid authorization header."));
}
var jwt = authHeader.ToString().Replace("Bearer ", "").Trim();
if (!_JwtService.TryDecode(jwt, out var decodedClaims))
{
return(AuthenticateResult.Fail("Invalid jwt token"));
}
if (!await _TheIdentityHubService.VerifyToken(decodedClaims["access_token"]))
{
return(AuthenticateResult.Fail("Invalid jwt token"));
}
var claims = new[]
{
new Claim(ClaimTypes.NameIdentifier, decodedClaims["id"]),
new Claim(TheIdentityHubClaimTypes.AccessToken, decodedClaims["access_token"]),
};
var identity = new ClaimsIdentity(claims, Scheme.Name);
var principal = new ClaimsPrincipal(identity);
var ticket = new AuthenticationTicket(principal, Scheme.Name);
return(AuthenticateResult.Success(ticket));
}
