Files
MTSC/MTSC.OAuth2/Models/AccessTokenValidator.cs
T
amacocian 0fe9f9957c Setup OAuth2 support (#20)
* Setup OAuth2 support

* Setup tests project

* Setup OAuth2 unit tests in CI pipeline

* Setup authorizeattribute tests

* Test

* Setup tests for AuthorizeAttribute

* Setup OAuth2 support
Unit Tests coverage

* Add OAuth2 project to release
2022-09-02 16:13:08 +02:00

88 lines
3.5 KiB
C#

using Microsoft.IdentityModel.JsonWebTokens;
using Microsoft.IdentityModel.Tokens;
using MTSC.OAuth2.Exceptions;
using System;
using System.Extensions;
using System.Linq;
using System.Threading.Tasks;
namespace MTSC.OAuth2.Models
{
internal sealed class AccessTokenValidator<T>
{
private readonly OpenIdConfigurationCache openIdConfigurationCache;
private readonly string clientId;
private readonly AuthorizationHttpClientWrapper<T> authorizationHttpClientWrapper;
public AccessTokenValidator(
AuthorizationHttpClientWrapper<T> authorizationHttpClientWrapper,
string clientId,
string openIdConfigurationUri)
{
this.authorizationHttpClientWrapper = authorizationHttpClientWrapper;
this.clientId = clientId;
this.openIdConfigurationCache = OpenIdConfigurationCache.GetForConfigurationUri(openIdConfigurationUri);
}
public async Task<Result<TokenValidationResponse, TokenValidationException>> ValidateAccessToken(string accessToken)
{
var openIdConfiguration = await this.openIdConfigurationCache.GetOpenIdConfiguration(this.authorizationHttpClientWrapper);
try
{
(var validationResult, var jsonWebToken) = await this.ValidateTokenInternal(accessToken, openIdConfiguration);
if (validationResult.Exception is Exception validationException)
{
return new TokenValidationException(validationException);
}
return new TokenValidationResponse { JsonWebToken = jsonWebToken, IsValid = validationResult.IsValid };
}
catch(Exception ex)
{
return new TokenValidationException(ex);
}
}
private async Task<(TokenValidationResult, JsonWebToken)> ValidateTokenInternal(string accessToken, OpenIdConfiguration openIdConfiguration)
{
var jsonWebTokenHandler = new JsonWebTokenHandler();
var token = new JsonWebToken(accessToken);
TokenValidationParameters validationParameters;
if (token.Audiences.Any(audience => audience == this.clientId))
{
validationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateLifetime = true,
ValidateAudience = true,
ValidAlgorithms = openIdConfiguration.SupportedAlgorithms,
ValidAudience = clientId,
ValidIssuer = openIdConfiguration.Issuer,
IssuerSigningKeys = openIdConfiguration.SigningKeys,
ValidateTokenReplay = true,
};
}
else
{
validationParameters = new TokenValidationParameters
{
ValidateLifetime = true,
ValidateAudience = false,
ValidateActor = false,
ValidateIssuer = false,
ValidateIssuerSigningKey = false,
SignatureValidator = (token, parameters) =>
{
var jwt = new JsonWebToken(accessToken);
return jwt;
}
};
}
var validation = await jsonWebTokenHandler.ValidateTokenAsync(accessToken, validationParameters);
return (validation, token);
}
}
}