lundi 27 avril 2020

Keeping Startup clean with options and multiple Jwt bearers

I am trying to keep the Startup as clean as possible. The API receives a JWT token currently only from Google (but in future also Apple I think) but I allow to specify multiple IdPs, you can place it into the config file.

When a user logs in, I check if it is already registered, if no I save user details, in both cases I exchange the token with a self-issued Jwt (it is like a flag, if you have my token I am sure you are in my database).

I am avoiding doing manual (with the libraries) checks on the Jwt token, I have created a policy that excludes self-issued Schema on the login endpoint.

Now the problem: how I can add multiple Schemas with named options? This is my current code:

Startup.cs

services.AddAuthentication().AddJwtBearer();
services.ConfigureOptions<ConfigureAuthenticationOptions>();
services.ConfigureOptions<ConfigureJwtBearerOptions>();

services.AddAuthorization();
services.ConfigureOptions<ConfigureAuthorizationOptions>();

ConfigureJwtBearerOptions.cs

using MakersPortal.Core.Dtos.Configuration;
using MakersPortal.Core.Services;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.Extensions.Options;
using Microsoft.IdentityModel.Tokens;

namespace MakersPortal.WebApi.Options
{
    public class ConfigureJwtBearerOptions : IConfigureNamedOptions<JwtBearerOptions>
    {
        private readonly IKeyManager _keyManager;
        private readonly JwtIssuerDto _issuer;

        public ConfigureJwtBearerOptions(IKeyManager keyManager, JwtIssuerDto issuer)
        {
            _keyManager = keyManager;
            _issuer = issuer;
        }

        public void Configure(JwtBearerOptions options)
        {
            options.TokenValidationParameters = new TokenValidationParameters
            {
                ValidateIssuerSigningKey = true,
                IssuerSigningKey = _keyManager.GetSecurityKeyFromName("jwt").Result,

                ValidIssuer = _issuer.Issuer,
                ValidateIssuer = true
            };

            options.Audience = _issuer.Audience;
            options.SaveToken = true;
        }

        public void Configure(string name, JwtBearerOptions options)
        {
            Configure(options);
        }
    }
}

Aucun commentaire:

Enregistrer un commentaire