public static CombinedAuthenticationOptions FromIdentityServerAuthenticationOptions(IdentityServerAuthenticationOptions options)
{
var combinedOptions = new CombinedAuthenticationOptions()
{
TokenRetriever = options.TokenRetriever,
AuthenticationScheme = options.AuthenticationScheme,
PassThruOptions = new NopAuthenticationOptions()
{
AuthenticationScheme = options.AuthenticationScheme,
AutomaticAuthenticate = options.AutomaticAuthenticate,
AutomaticChallenge = options.AutomaticChallenge
}
};
switch (options.SupportedTokens)
{
case SupportedTokens.Jwt:
combinedOptions.JwtBearerOptions = ConfigureJwt(options);
break;
case SupportedTokens.Reference:
combinedOptions.IntrospectionOptions = ConfigureIntrospection(options);
break;
case SupportedTokens.Both:
combinedOptions.JwtBearerOptions = ConfigureJwt(options);
combinedOptions.IntrospectionOptions = ConfigureIntrospection(options);
break;
default:
throw new Exception("SupportedTokens has invalid value");
}
combinedOptions.ScopeValidationOptions = new ScopeValidationOptions
{
AllowedScopes = new string[] { }
};
if (options.ValidateScope)
{
var allowedScopes = new List <string>();
if (options.AllowedScopes != null && options.AllowedScopes.Any())
{
allowedScopes.AddRange(options.AllowedScopes);
}
if (allowedScopes.Any())
{
combinedOptions.ScopeValidationOptions = new ScopeValidationOptions
{
AllowedScopes = allowedScopes,
AuthenticationScheme = options.AuthenticationScheme
};
}
}
return(combinedOptions);
}
public IdentityServerAuthenticationMiddleware(RequestDelegate next, IApplicationBuilder app, CombinedAuthenticationOptions options, ILogger <IdentityServerAuthenticationMiddleware> logger)
{
_options = options;
_logger = logger;
// building pipeline for introspection middleware
if (options.IntrospectionOptions != null)
{
var introspectionBuilder = app.New();
introspectionBuilder.UseOAuth2IntrospectionAuthentication(options.IntrospectionOptions);
introspectionBuilder.Run(ctx => next(ctx));
_introspectionNext = introspectionBuilder.Build();
}
// building pipeline for JWT bearer middleware
if (options.JwtBearerOptions != null)
{
var jwtBuilder = app.New();
jwtBuilder.UseJwtBearerAuthentication(options.JwtBearerOptions);
jwtBuilder.Run(ctx => next(ctx));
_jwtNext = jwtBuilder.Build();
}
// building pipeline for no token
var nopBuilder = app.New();
nopBuilder.UseMiddleware <NopAuthenticationMiddleware>(Options.Create(options.PassThruOptions));
nopBuilder.Run(ctx => next(ctx));
_nopNext = nopBuilder.Build();
}
public IdentityServerAuthenticationMiddleware(RequestDelegate next, IApplicationBuilder app, CombinedAuthenticationOptions options, ILogger<IdentityServerAuthenticationMiddleware> logger)
{
_next = next;
_options = options;
_logger = logger;
// building pipeline for introspection middleware
if (options.IntrospectionOptions != null)
{
var introspectionBuilder = app.New();
introspectionBuilder.UseOAuth2IntrospectionAuthentication(options.IntrospectionOptions);
introspectionBuilder.Run(ctx => next(ctx));
_introspectionNext = introspectionBuilder.Build();
}
// building pipeline for JWT bearer middleware
if (options.JwtBearerOptions != null)
{
var jwtBuilder = app.New();
jwtBuilder.UseJwtBearerAuthentication(options.JwtBearerOptions);
jwtBuilder.Run(ctx => next(ctx));
_jwtNext = jwtBuilder.Build();
}
// building pipeline for no token
var nopBuilder = app.New();
var nopOptions = new NopAuthenticationOptions
{
AuthenticationScheme = options.AuthenticationScheme
};
nopBuilder.UseMiddleware<NopAuthenticationMiddleware>(nopOptions);
nopBuilder.Run(ctx => next(ctx));
_nopNext = nopBuilder.Build();
}
public static IApplicationBuilder UseIdentityServerAuthentication(this IApplicationBuilder app, IdentityServerAuthenticationOptions options)
{
var combinedOptions = new CombinedAuthenticationOptions();
combinedOptions.TokenRetriever = options.TokenRetriever;
combinedOptions.AuthenticationScheme = options.AuthenticationScheme;
switch (options.SupportedTokens)
{
case SupportedTokens.Jwt:
combinedOptions.JwtBearerOptions = ConfigureJwt(options);
break;
case SupportedTokens.Reference:
combinedOptions.IntrospectionOptions = ConfigureIntrospection(options);
break;
case SupportedTokens.Both:
combinedOptions.JwtBearerOptions = ConfigureJwt(options);
combinedOptions.IntrospectionOptions = ConfigureIntrospection(options);
break;
default:
throw new Exception("SupportedTokens has invalid value");
}
app.UseMiddleware<IdentityServerAuthenticationMiddleware>(app, combinedOptions);
var allowedScopes = new List<string>();
if (!string.IsNullOrWhiteSpace(options.ScopeName))
{
allowedScopes.Add(options.ScopeName);
}
if (options.AdditionalScopes != null && options.AdditionalScopes.Any())
{
allowedScopes.AddRange(options.AdditionalScopes);
}
if (allowedScopes.Any())
{
var scopeOptions = new ScopeValidationOptions
{
AllowedScopes = allowedScopes,
AuthenticationScheme = options.AuthenticationScheme
};
app.AllowScopes(scopeOptions);
}
return app;
}
public static CombinedAuthenticationOptions FromIdentityServerAuthenticationOptions(IdentityServerAuthenticationOptions options)
{
var combinedOptions = new CombinedAuthenticationOptions();
combinedOptions.TokenRetriever = options.TokenRetriever;
combinedOptions.AuthenticationScheme = options.AuthenticationScheme;
switch (options.SupportedTokens)
{
case SupportedTokens.Jwt:
combinedOptions.JwtBearerOptions = ConfigureJwt(options);
break;
case SupportedTokens.Reference:
combinedOptions.IntrospectionOptions = ConfigureIntrospection(options);
break;
case SupportedTokens.Both:
combinedOptions.JwtBearerOptions = ConfigureJwt(options);
combinedOptions.IntrospectionOptions = ConfigureIntrospection(options);
break;
default:
throw new Exception("SupportedTokens has invalid value");
}
if (options.ValidateScope)
{
var allowedScopes = new List <string>();
if (!string.IsNullOrWhiteSpace(options.ScopeName))
{
allowedScopes.Add(options.ScopeName);
}
if (options.AdditionalScopes != null && options.AdditionalScopes.Any())
{
allowedScopes.AddRange(options.AdditionalScopes);
}
if (allowedScopes.Any())
{
var scopeOptions = new ScopeValidationOptions
{
AllowedScopes = allowedScopes,
AuthenticationScheme = options.AuthenticationScheme
};
combinedOptions.ScopeValidationOptions = scopeOptions;
}
else
{
var scopeOptions = new ScopeValidationOptions
{
AllowedScopes = new string[] { }
};
combinedOptions.ScopeValidationOptions = scopeOptions;
}
}
return(combinedOptions);
}
