public void CreateAnonymousSkillClaimTest() { var sut = SkillValidation.CreateAnonymousSkillClaim(); Assert.Equal(AuthenticationConstants.AnonymousSkillAppId, JwtTokenValidation.GetAppIdFromClaims(sut.Claims)); Assert.Equal(AuthenticationConstants.AnonymousAuthType, sut.AuthenticationType); }
/// <summary> /// Helper to authenticate the header. /// </summary> /// <remarks> /// This code is very similar to the code in <see cref="JwtTokenValidation.AuthenticateRequest(IActivity, string, ICredentialProvider, IChannelProvider, AuthenticationConfiguration, HttpClient)"/>, /// we should move this code somewhere in that library when we refactor auth, for now we keep it private to avoid adding more public static /// functions that we will need to deprecate later. /// </remarks> /// <param name="authHeader">The auth header containing JWT token.</param> /// <param name="cancellationToken">A cancellation token.</param> /// <returns>A <see cref="ClaimsIdentity"/> representing the claims associated with given header.</returns> internal override async Task <ClaimsIdentity> AuthenticateAsync(string authHeader, CancellationToken cancellationToken) { if (string.IsNullOrWhiteSpace(authHeader)) { var isAuthDisabled = await _credentialProvider.IsAuthenticationDisabledAsync().ConfigureAwait(false); if (!isAuthDisabled) { // No auth header. Auth is required. Request is not authorized. throw new UnauthorizedAccessException(); } // In the scenario where auth is disabled, we still want to have the // IsAuthenticated flag set in the ClaimsIdentity. // To do this requires adding in an empty claim. // Since ChannelServiceHandler calls are always a skill callback call, we set the skill claim too. return(SkillValidation.CreateAnonymousSkillClaim()); } // Validate the header and extract claims. return(await JwtTokenValidation.ValidateAuthHeader(authHeader, _credentialProvider, ChannelProvider, "unknown", _authConfiguration).ConfigureAwait(false)); }