private static AuthenticationBuilder AddCodeFlow(AuthenticationBuilder builder, OktaMvcOptions options) { var events = new OpenIdConnectEvents { OnRedirectToIdentityProvider = BeforeRedirectToIdentityProviderAsync, }; JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); builder.AddOpenIdConnect(oidcOptions => OpenIdConnectOptionsHelper.ConfigureOpenIdConnectOptions(options, events, oidcOptions)); return(builder); }
public static AuthenticationBuilder AddOktaMvc(this AuthenticationBuilder builder, OktaMvcOptions options) { if (builder == null) { throw new ArgumentNullException(nameof(builder)); } new OktaMvcOptionsValidator().Validate(options); return(AddCodeFlow(builder, options)); }
private static AuthenticationBuilder AddCodeFlow(AuthenticationBuilder builder, OktaMvcOptions options) { var events = new OpenIdConnectEvents { OnRedirectToIdentityProvider = BeforeRedirectToIdentityProviderAsync, }; if (options.AuthenticationTicketExpiryInMinutes.HasValue) { events.OnTicketReceived = async(context) => { context.Properties.ExpiresUtc = DateTime.UtcNow.AddMinutes(options.AuthenticationTicketExpiryInMinutes.Value); }; } JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); builder.AddOpenIdConnect(oidcOptions => OpenIdConnectOptionsHelper.ConfigureOpenIdConnectOptions(options, events, oidcOptions)); return(builder); }
private static AuthenticationBuilder AddCodeFlow(AuthenticationBuilder builder, OktaMvcOptions options) { var issuer = UrlHelper.CreateIssuerUrl(options.OktaDomain, options.AuthorizationServerId); JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); builder.AddOpenIdConnect(oidcOptions => { oidcOptions.ClientId = options.ClientId; oidcOptions.ClientSecret = options.ClientSecret; oidcOptions.Authority = issuer; oidcOptions.CallbackPath = new PathString(options.CallbackPath); oidcOptions.SignedOutCallbackPath = new PathString(OktaDefaults.SignOutCallbackPath); oidcOptions.ResponseType = OpenIdConnectResponseType.Code; oidcOptions.GetClaimsFromUserInfoEndpoint = options.GetClaimsFromUserInfoEndpoint; oidcOptions.SaveTokens = true; oidcOptions.UseTokenLifetime = false; oidcOptions.BackchannelHttpHandler = new UserAgentHandler(); var hasDefinedScopes = options.Scope?.Any() ?? false; if (hasDefinedScopes) { oidcOptions.Scope.Clear(); foreach (var scope in options.Scope) { oidcOptions.Scope.Add(scope); } } oidcOptions.TokenValidationParameters = new DefaultTokenValidationParameters(options, issuer) { ValidAudience = options.ClientId, NameClaimType = "name", }; }); return(builder); }
/// <summary> /// Configure an OpenIdConnectOptions object based on user's configuration. /// </summary> /// <param name="oktaMvcOptions">The <see cref="OktaMvcOptions"/> options.</param> /// <param name="events">The OpenIdConnect events.</param> /// <param name="oidcOptions">The OpenIdConnectOptions to configure.</param> public static void ConfigureOpenIdConnectOptions(OktaMvcOptions oktaMvcOptions, OpenIdConnectEvents events, OpenIdConnectOptions oidcOptions) { var issuer = UrlHelper.CreateIssuerUrl(oktaMvcOptions.OktaDomain, oktaMvcOptions.AuthorizationServerId); oidcOptions.ClientId = oktaMvcOptions.ClientId; oidcOptions.ClientSecret = oktaMvcOptions.ClientSecret; oidcOptions.Authority = issuer; oidcOptions.CallbackPath = new PathString(oktaMvcOptions.CallbackPath); oidcOptions.SignedOutCallbackPath = new PathString(OktaDefaults.SignOutCallbackPath); oidcOptions.SignedOutRedirectUri = oktaMvcOptions.PostLogoutRedirectUri; oidcOptions.ResponseType = OpenIdConnectResponseType.Code; oidcOptions.GetClaimsFromUserInfoEndpoint = oktaMvcOptions.GetClaimsFromUserInfoEndpoint; oidcOptions.SecurityTokenValidator = new StrictSecurityTokenValidator(); oidcOptions.SaveTokens = true; oidcOptions.UseTokenLifetime = false; oidcOptions.BackchannelHttpHandler = new OktaHttpMessageHandler( "okta-aspnetcore", typeof(OktaAuthenticationOptionsExtensions).Assembly.GetName().Version, oktaMvcOptions); var hasDefinedScopes = oktaMvcOptions.Scope?.Any() ?? false; if (hasDefinedScopes) { oidcOptions.Scope.Clear(); foreach (var scope in oktaMvcOptions.Scope) { oidcOptions.Scope.Add(scope); } } oidcOptions.TokenValidationParameters = new DefaultTokenValidationParameters(oktaMvcOptions, issuer) { ValidAudience = oktaMvcOptions.ClientId, NameClaimType = "name", }; oidcOptions.Events.OnRedirectToIdentityProvider = events.OnRedirectToIdentityProvider; if (oktaMvcOptions.OnTokenValidated != null) { oidcOptions.Events.OnTokenValidated = oktaMvcOptions.OnTokenValidated; } if (oktaMvcOptions.GetClaimsFromUserInfoEndpoint && oktaMvcOptions.OnUserInformationReceived != null) { oidcOptions.Events.OnUserInformationReceived = oktaMvcOptions.OnUserInformationReceived; } if (oktaMvcOptions.GetClaimsFromUserInfoEndpoint) { oidcOptions.ClaimActions.Add(new MapAllClaimsAction()); } if (oktaMvcOptions.OnOktaApiFailure != null) { oidcOptions.Events.OnRemoteFailure = oktaMvcOptions.OnOktaApiFailure; } if (oktaMvcOptions.OnAuthenticationFailed != null) { oidcOptions.Events.OnAuthenticationFailed = oktaMvcOptions.OnAuthenticationFailed; } }