/// <summary>
/// Adds JWT middleware and configuration for using UAA or Pivotal SSO for bearer token authentication
/// </summary>
/// <param name="builder">Your <see cref="AuthenticationBuilder"/></param>
/// <param name="authenticationScheme">An identifier for this authentication mechanism. Default value is <see cref="JwtBearerDefaults.AuthenticationScheme"/></param>
/// <param name="displayName">Sets a display name for this auth scheme. Defaults to <see cref="JwtBearerDefaults.AuthenticationScheme"/></param>
/// <param name="config">Your application configuration. Be sure to include the <see cref="CloudFoundryConfigurationProvider"/></param>
/// <returns><see cref="AuthenticationBuilder"/> configured to use JWT Bearer tokens from UAA or Pivotal SSO</returns>
public static AuthenticationBuilder AddCloudFoundryJwtBearer(this AuthenticationBuilder builder, string authenticationScheme, string displayName, IConfiguration config)
{
builder.AddJwtBearer(authenticationScheme, displayName, (options) =>
{
var cloudFoundryOptions = new CloudFoundryJwtBearerOptions();
var securitySection = config.GetSection(CloudFoundryDefaults.SECURITY_CLIENT_SECTION_PREFIX);
securitySection.Bind(cloudFoundryOptions);
var info = config.GetSingletonServiceInfo <SsoServiceInfo>();
CloudFoundryJwtBearerConfigurer.Configure(info, options, cloudFoundryOptions);
});
return(builder);
}
internal static void Configure(SsoServiceInfo si, JwtBearerOptions jwtOptions, CloudFoundryJwtBearerOptions options)
{
if (jwtOptions == null || options == null)
{
return;
}
if (si != null)
{
options.JwtKeyUrl = si.AuthDomain + CloudFoundryDefaults.JwtTokenUri;
}
jwtOptions.ClaimsIssuer = options.ClaimsIssuer;
jwtOptions.BackchannelHttpHandler = CloudFoundryHelper.GetBackChannelHandler(options.ValidateCertificates);
jwtOptions.TokenValidationParameters = CloudFoundryHelper.GetTokenValidationParameters(options.TokenValidationParameters, options.JwtKeyUrl, jwtOptions.BackchannelHttpHandler, options.ValidateCertificates);
jwtOptions.SaveToken = options.SaveToken;
}
