Authentication finally moved to the dotnet way in webapi, ready to be added to to deal with users and such

Introspection access point properly uses basic auth of client id and secret to access
2021-10-14 20:54:58 -04:00
parent 0dffa6e516
commit 320d939c76
9 changed files with 176 additions and 19 deletions
--- a/WebAPI/Auth/OIDCAuthHandler.cs
+++ b/WebAPI/Auth/OIDCAuthHandler.cs
@@ -0,0 +1,58 @@
+using System.Linq;
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using Microsoft.Net.Http.Headers;
+using WebAPI.Data;
+
+namespace WebAPI.Auth
+{
+    public class OIDCTokenAuthenticationHandler : AuthenticationHandler<OIDCTokenAuthenticationOptions>
+    {
+        private readonly OIDCService _oidcService;
+        public OIDCTokenAuthenticationHandler(IOptionsMonitor<OIDCTokenAuthenticationOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock, OIDCService oidcService) : base(options, logger, encoder, clock)
+        {
+            _oidcService = oidcService;
+        }
+
+        protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
+        {
+            var bearerToken = Request.Headers[HeaderNames.Authorization].FirstOrDefault() ?? "";
+            if (string.IsNullOrEmpty(bearerToken))
+            {
+                return AuthenticateResult.Fail("no token");
+            }
+
+            var token = bearerToken.Split(" ").ElementAt(1);
+            if (!await _oidcService.ValidateAccessToken(token))
+            {
+                return AuthenticateResult.Fail("failed to validate token");
+            }
+
+            var identity = new ClaimsIdentity(new[]
+            {
+                new Claim(ClaimTypes.Authentication, token)
+            }, Scheme.Name);
+            var principal = new ClaimsPrincipal(identity);
+            return AuthenticateResult.Success(new AuthenticationTicket(principal, Scheme.Name));
+        }
+    }
+
+    public class OIDCTokenAuthenticationOptions : AuthenticationSchemeOptions
+    {
+        public string OIDCIntrospectionEndpoint { get; set; }
+        public string OIDCClientId { get; set; }
+        public string OIDCClientSecret { get; set; }
+        
+    }
+
+    public class OIDCTokenAuthenticationDefaults
+    {
+        public static string DefaultScheme => "OIDCAuthentication";
+    }
+}