private static void AddBtcPayServerAuthenticationSchemes(this IServiceCollection services, IConfiguration configuration) { JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); JwtSecurityTokenHandler.DefaultOutboundClaimTypeMap.Clear(); services.AddAuthentication() .AddJwtBearer(options => { //Disabled so that Tor works witt JWT auth options.RequireHttpsMetadata = false; options.TokenValidationParameters.ValidateAudience = false; //we do not validate the issuer directly because btcpay can be accessed through multiple urls that we cannot predetermine options.TokenValidationParameters.ValidateIssuer = false; options.TokenValidationParameters.IssuerSigningKey = OpenIddictExtensions.GetSigningKey(configuration); options.IncludeErrorDetails = true; options.Events = new JwtBearerEvents() { OnTokenValidated = async context => { var routeData = context.HttpContext.GetRouteData(); var identity = ((ClaimsIdentity)context.Principal.Identity); if (context.Principal.IsInRole(Roles.ServerAdmin)) { identity.AddClaim(new Claim(Policies.CanModifyServerSettings.Key, "true")); } if (context.HttpContext.GetStoreData() != null || !routeData.Values.TryGetValue("storeId", out var storeId)) { return; } var userManager = context.HttpContext.RequestServices .GetService <UserManager <ApplicationUser> >(); var storeRepository = context.HttpContext.RequestServices .GetService <StoreRepository>(); var userid = userManager.GetUserId(context.Principal); if (!string.IsNullOrEmpty(userid)) { var store = await storeRepository.FindStore((string)storeId, userid); if (store == null) { context.Fail("Could not authorize you against store access"); } else { context.HttpContext.SetStoreData(store); identity.AddClaims(store.GetClaims()); } } } }; }) .AddCookie() .AddBitpayAuthentication(); }
private static void AddBtcPayServerAuthenticationSchemes(this IServiceCollection services, IConfiguration configuration) { JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); JwtSecurityTokenHandler.DefaultOutboundClaimTypeMap.Clear(); services.AddAuthentication() .AddJwtBearer(options => { //Disabled so that Tor works witt JWT auth options.RequireHttpsMetadata = false; options.TokenValidationParameters.ValidateAudience = false; //we do not validate the issuer directly because btcpay can be accessed through multiple urls that we cannot predetermine options.TokenValidationParameters.ValidateIssuer = false; options.TokenValidationParameters.IssuerSigningKey = OpenIddictExtensions.GetSigningKey(configuration); options.IncludeErrorDetails = true; }) .AddCookie() .AddBitpayAuthentication(); }