public async Task Invoke(HttpContext httpContext) { if (AuthenticationHeaderValue.TryParse(httpContext.Request.Headers["Authorization"], out var auth) && string.Equals(auth.Scheme, "Bearer", StringComparison.OrdinalIgnoreCase)) { using var kubernetes = new Kubernetes(KubernetesClientConfiguration.BuildDefaultConfig()); var tokenReview = await kubernetes.CreateTokenReviewAsync( new V1TokenReview( new V1TokenReviewSpec(token: auth.Parameter))); if (tokenReview.Status.Authenticated.GetValueOrDefault()) { var identity = new ClaimsIdentity("Kubernetes"); identity.AddClaim(new Claim(identity.NameClaimType, tokenReview.Status.User.Username)); foreach (var group in tokenReview.Status.User.Groups) { identity.AddClaim(new Claim(identity.RoleClaimType, group)); } httpContext.User = new ClaimsPrincipal(identity); } } await next.Invoke(httpContext); }