private static List <SchemeRecord> SchemeRecords(Oauth2Section oauth2Section, List <string> schemes) { var authSchemes = oauth2Section.Authorities.Where(c => schemes.Any(c2 => c2 == c.Scheme)); List <SchemeRecord> schemeRecords = new List <SchemeRecord>(); foreach (var authScheme in authSchemes) { Func <TokenValidatedContext, Task> tokenValidationHandler = context => { ClaimsIdentity identity = context.Principal.Identity as ClaimsIdentity; if (identity != null) { // Add the access_token as a claim, as we may actually need it var accessToken = context.SecurityToken as JwtSecurityToken; if (accessToken != null) { identity.AddClaim(new Claim("access_token", accessToken.RawData)); } } return(Task.CompletedTask); }; var schemeRecord = new SchemeRecord() { Name = authScheme.Scheme, JwtBearerOptions = options => { options.Authority = authScheme.Authority; options.RequireHttpsMetadata = false; options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = true, ValidateAudience = false, ValidateLifetime = true, ValidateIssuerSigningKey = true }; options.Events = new JwtBearerEvents { OnMessageReceived = context => Task.CompletedTask, OnTokenValidated = tokenValidationHandler }; } }; schemeRecords.Add(schemeRecord); } return(schemeRecords); }
// This method gets called by the runtime. Use this method to add services to the container. public IServiceProvider ConfigureServices(IServiceCollection services) { services.AddLogging(); services.AddObjectContainer(); // use this vs a static to cache class data. services.AddOptions(); services.AddDistributedMemoryCache(); services.AddGraphQLPlayRollup(this); services.AddGraphQLOrders(); services.AddCors(options => { options.AddPolicy("CorsPolicy", corsBuilder => corsBuilder .AllowAnyOrigin() .AllowAnyMethod() .AllowAnyHeader() .AllowCredentials()); }); services.Configure <CookiePolicyOptions>(options => { // This lambda determines whether user consent for non-essential cookies is needed for a given request. options.CheckConsentNeeded = context => true; options.MinimumSameSitePolicy = SameSiteMode.None; }); services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2); services.AddAuthorization(options => { options.AddPolicy("Daffy Duck", policy => { policy.RequireClaim("client_namespace", "Daffy Duck"); }); }); var scheme = Configuration["authValidation:scheme"]; var section = Configuration.GetSection("InMemoryOAuth2ConfigurationStore:oauth2"); var oauth2Section = new Oauth2Section(); section.Bind(oauth2Section); var query = from item in oauth2Section.Authorities where item.Scheme == scheme select item; var wellknownAuthority = query.FirstOrDefault(); var authority = wellknownAuthority.Authority; List <SchemeRecord> schemeRecords = new List <SchemeRecord>() { new SchemeRecord() { Name = scheme, JwtBearerOptions = options => { options.Authority = authority; options.RequireHttpsMetadata = false; options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = true, ValidateAudience = false, ValidateLifetime = true, ValidateIssuerSigningKey = true }; options.Events = new JwtBearerEvents { OnMessageReceived = context => { return(Task.CompletedTask); }, OnTokenValidated = context => { ClaimsIdentity identity = context.Principal.Identity as ClaimsIdentity; if (identity != null) { // Add the access_token as a claim, as we may actually need it var accessToken = context.SecurityToken as JwtSecurityToken; if (accessToken != null) { if (identity != null) { identity.AddClaim(new Claim("access_token", accessToken.RawData)); } } } return(Task.CompletedTask); } }; } }, }; services.AddAuthentication("Bearer") .AddMultiAuthorityAuthentication(schemeRecords); services.AddHttpContextAccessor(); services.TryAddSingleton <IActionContextAccessor, ActionContextAccessor>(); services.TryAddTransient <IDefaultHttpClientFactory, DefaultHttpClientFactory>(); // Build the intermediate service provider then return it services.AddSwaggerGen(c => { c.SwaggerDoc("v1", new Info { Title = "GraphQLPlayApiOnly", Version = "v1" }); // Set the comments path for the Swagger JSON and UI. var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml"; var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile); c.IncludeXmlComments(xmlPath); }); return(services.BuildServiceProvider()); }
// This method gets called by the runtime. Use this method to add services to the container. public IServiceProvider ConfigureServices(IServiceCollection services) { services.AddLogging(); services.AddObjectContainer(); // use this vs a static to cache class data. services.AddOptions(); services.Configure <ArbitraryIdentityExtensionGrantOptions>(options => { options.IdentityProvider = "Demo"; }); services.AddDistributedMemoryCache(); services.AddGraphQLPlayRollup(this); services.AddExtensionGrantsRollup(this); services.AddGraphQLDiscoveryTypes(); services.AddInMemoryDiscoveryHubStore(); services.AddGraphQLAuthRequiredQuery(); services.AddCors(options => { options.AddPolicy("CorsPolicy", corsBuilder => corsBuilder .AllowAnyOrigin() .AllowAnyMethod() .AllowAnyHeader() .AllowCredentials()); }); services.Configure <CookiePolicyOptions>(options => { // This lambda determines whether user consent for non-essential cookies is needed for a given request. options.CheckConsentNeeded = context => true; options.MinimumSameSitePolicy = SameSiteMode.None; }); services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2); services.AddAuthorization(options => { options.AddPolicy("Daffy Duck", policy => { policy.RequireClaim("client_namespace", "Daffy Duck"); }); }); // var scheme = Configuration["authValidation:scheme"]; var schemes = Configuration .GetSection("authValidation:schemes") .Get <List <string> >(); var section = Configuration.GetSection("InMemoryOAuth2ConfigurationStore:oauth2"); var oauth2Section = new Oauth2Section(); section.Bind(oauth2Section); var schemeRecords = SchemeRecords(oauth2Section, schemes); services.AddAuthentication("Bearer") .AddMultiAuthorityAuthentication(schemeRecords); services.AddHttpContextAccessor(); services.TryAddSingleton <IActionContextAccessor, ActionContextAccessor>(); services.TryAddTransient <IDefaultHttpClientFactory, DefaultHttpClientFactory>(); // Build the intermediate service provider then return it services.AddSwaggerGen(config => { config.SwaggerDoc("v1", new Info { Title = "GraphQLPlayTokenExchangeOnlyApp", Version = "v1" }); // Set the comments path for the Swagger JSON and UI. var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml"; var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile); config.IncludeXmlComments(xmlPath); config.OperationFilter <MultiAuthorityOperationFilter>(); }); services.AddInMemoryAppIdentityConfiguration(new AppIdentityConfigurationModel() { MaxAppIdLength = Guid.NewGuid().ToString().Length * 2, MaxMachineIdLength = Guid.NewGuid().ToString().Length * 2, MaxSubjectLength = Guid.NewGuid().ToString().Length * 2 }); return(services.BuildServiceProvider()); }