/// <summary> /// Add configuration from the OIDC configuration, including issuer validation and signature requirement. /// </summary> /// <param name="builder"></param> /// <param name="metadataAddress"></param> /// <returns></returns> public static TokenValidationPolicyBuilder AddOpenIdConfiguration(this TokenValidationPolicyBuilder builder, string metadataAddress) { var retriever = new OpenIdConnectConfigurationRetriever(); var config = retriever.GetConfiguration(metadataAddress, new HttpDocumentRetriever(), CancellationToken.None); builder.RequireIssuer(config.Issuer); return(builder.RequireSignature(config.JwksUri)); }
public static TokenValidationPolicyBuilder RequireNonce(this TokenValidationPolicyBuilder builder) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } return(builder.AddValidator(new RequireNonceValidator())); }
public static TokenValidationPolicyBuilder RequireSecurityEventToken(this TokenValidationPolicyBuilder builder) { if (builder == null) { throw new System.ArgumentNullException(nameof(builder)); } builder.RequireClaim(SetClaims.EventsUtf8); return(builder); }
public static TokenValidationPolicyBuilder RequireAuthenticationContextClassReference(this TokenValidationPolicyBuilder builder, string requiredAcr) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } return(builder.AddValidator(new AuthenticationContextClassReferenceValidator(requiredAcr))); }
/// <summary>Configure the signature behavior with Key Vault for a specific <paramref name="client"/>.</summary> public static TokenValidationPolicyBuilder RequireSignatureWithKeyVault(this TokenValidationPolicyBuilder builder, KeyClient client, SignatureAlgorithm algorithm, long minimumRefreshInterval = CachedKeyProvider.DefaultMinimumRefreshInterval, long automaticRefreshInterval = CachedKeyProvider.DefaultAutomaticRefreshInterval) => builder.RequireSignature(client.VaultUri.ToString(), new KeyVaultKeyProvider(client, minimumRefreshInterval, automaticRefreshInterval), algorithm);
/// <summary>Configure the signature behavior with Key Vault for a specific <paramref name="vaultUri"/>.</summary> public static TokenValidationPolicyBuilder RequireSignatureWithKeyVault(this TokenValidationPolicyBuilder builder, string vaultUri, TokenCredential credentials, SignatureAlgorithm algorithm, long minimumRefreshInterval = CachedKeyProvider.DefaultMinimumRefreshInterval, long automaticRefreshInterval = CachedKeyProvider.DefaultAutomaticRefreshInterval) => builder.RequireSignature(vaultUri, new KeyVaultKeyProvider(vaultUri, credentials, minimumRefreshInterval, automaticRefreshInterval), algorithm);