public static async Task <OidcDataManager> CreateCachedContext(IKeycloakParameters options,
bool preload = true)
{
var newContext = new OidcDataManager(options);
OidcManagerCache[options.AuthenticationType + CachedContextPostfix] = newContext;
if (preload)
{
await newContext.ValidateCachedContextAsync();
}
return(newContext);
}
public bool TryValidateToken(string jwt, IKeycloakParameters options, OidcDataManager uriManager, out SecurityToken rToken)
{
try
{
rToken = ValidateToken(jwt, options, uriManager);
return true;
}
catch (Exception)
{
rToken = null;
return false;
}
}
public bool TryValidateToken(string jwt, IKeycloakParameters options, OidcDataManager uriManager, out SecurityToken rToken)
{
try
{
rToken = ValidateToken(jwt, options, uriManager);
return(true);
}
catch (Exception)
{
rToken = null;
return(false);
}
}
private static async Task <OidcDataManager> CreateCachedContext(IOwinContext context, IKeycloakParameters options,
bool preload = true)
{
var newContext = new OidcDataManager(context, options);
var realmPrefix = GetRealmPrefix(context);
OidcManagerCache[realmPrefix + options.AuthenticationType + CachedContextPostfix] = newContext;
if (preload)
{
await newContext.ValidateCachedContextAsync();
}
return(newContext);
}
public static async Task<SecurityToken> ValidateTokenRemote(string jwt, OidcDataManager uriManager)
{
// This should really only be used on access tokens...
var uri = new Uri(uriManager.TokenValidationEndpoint, "?access_token=" + jwt);
try
{
var client = new HttpClient();
var response = await client.GetAsync(uri);
if (!response.IsSuccessStatusCode) throw new Exception();
return new JwtSecurityToken(jwt); // TODO: Get this from returned JSON
}
catch (Exception)
{
throw new SecurityTokenValidationException("Remote Token Validation Failed");
}
}
public SecurityToken ValidateToken(string jwt, IKeycloakParameters options, OidcDataManager uriManager)
{
var tokenValidationParameters = new TokenValidationParameters
{
ValidateLifetime = true,
RequireExpirationTime = true,
ValidateIssuer = !options.DisableIssuerValidation,
ValidateAudience = !options.DisableAudienceValidation,
ValidateIssuerSigningKey = !options.DisableTokenSignatureValidation,
RequireSignedTokens = !options.AllowUnsignedTokens,
ValidIssuer = uriManager.GetIssuer(),
ClockSkew = options.TokenClockSkew,
ValidAudiences = new List<string> {"null", options.ClientId},
IssuerSigningTokens = uriManager.GetJsonWebKeys().GetSigningTokens(),
AuthenticationType = options.AuthenticationType // Not used
};
return ValidateToken(jwt, tokenValidationParameters);
}
public SecurityToken ValidateToken(string jwt, IKeycloakParameters options, OidcDataManager uriManager)
{
var tokenValidationParameters = new TokenValidationParameters
{
ValidateLifetime = true,
RequireExpirationTime = true,
ValidateIssuer = !options.DisableIssuerValidation,
ValidateAudience = !options.DisableAudienceValidation,
ValidateIssuerSigningKey = !options.DisableTokenSignatureValidation,
RequireSignedTokens = !options.AllowUnsignedTokens,
ValidIssuer = uriManager.GetIssuer(),
ClockSkew = options.TokenClockSkew,
ValidAudiences = new List <string> {
"null", options.ClientId
},
IssuerSigningKeys = uriManager.GetJsonWebKeys().GetSigningKeys(),
};
return(ValidateToken(jwt, tokenValidationParameters));
}
public static async Task <SecurityToken> ValidateTokenRemote(string jwt, OidcDataManager uriManager)
{
// This should really only be used on access tokens...
var uri = new Uri(uriManager.TokenValidationEndpoint, "?access_token=" + jwt);
try
{
var client = new HttpClient();
var response = await client.GetAsync(uri);
if (!response.IsSuccessStatusCode)
{
throw new Exception();
}
return(new JwtSecurityToken(jwt)); // TODO: Get this from returned JSON
}
catch (Exception)
{
throw new SecurityTokenValidationException("Remote Token Validation Failed");
}
}
public static async Task<OidcDataManager> CreateCachedContext(IKeycloakParameters options,
bool preload = true)
{
var newContext = new OidcDataManager(options);
OidcManagerCache[options.AuthenticationType + CachedContextPostfix] = newContext;
if (preload) await newContext.ValidateCachedContextAsync();
return newContext;
}
public async Task <SecurityToken> ValidateTokenAsync(string jwt, IKeycloakParameters options)
{
var uriManager = await OidcDataManager.GetCachedContextAsync(options);
return(ValidateToken(jwt, options, uriManager));
}
public static async Task <SecurityToken> ValidateTokenRemote(IOwinContext context, string jwt, IKeycloakParameters options)
{
var uriManager = await OidcDataManager.GetCachedContextAsync(context, options);
return(await ValidateTokenRemote(jwt, uriManager));
}
