private async Task <ActionResult> AuthenticateAltinnStudioToken(string originalToken) { try { if (!_validator.CanReadToken(originalToken)) { return(Unauthorized()); } JwtSecurityToken jwt = _validator.ReadJwtToken(originalToken); if (!jwt.Issuer.Equals("studio") && !jwt.Issuer.Equals("dev-studio")) { return(Unauthorized()); } IEnumerable <SecurityKey> signingKeys = await _designerSigningKeysResolver.GetSigningKeys(jwt.Issuer); TokenValidationParameters validationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKeys = signingKeys, ValidateIssuer = false, ValidateAudience = false, RequireExpirationTime = true, ValidateLifetime = true, ClockSkew = TimeSpan.Zero }; ClaimsPrincipal originalPrincipal = _validator.ValidateToken(originalToken, validationParameters, out _); List <Claim> claims = new List <Claim>(); foreach (Claim claim in originalPrincipal.Claims) { claims.Add(claim); } ClaimsIdentity identity = new ClaimsIdentity(AltinnStudioIdentity); identity.AddClaims(claims); ClaimsPrincipal principal = new ClaimsPrincipal(identity); string serializedToken = await GenerateToken(principal); return(Ok(serializedToken)); } catch (Exception ex) { _logger.LogWarning($"Altinn Studio authentication failed. {ex.Message}"); return(Unauthorized()); } }
private async Task <TokenValidationParameters> GetTokenValidationParameters(string issuer) { TokenValidationParameters tokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, ValidateIssuer = false, ValidateAudience = false, RequireExpirationTime = true, ValidateLifetime = true, ClockSkew = TimeSpan.Zero }; tokenValidationParameters.IssuerSigningKeys = await _signingKeysResolver.GetSigningKeys(issuer); return(tokenValidationParameters); }