Added userinfo endpoint usage and api now properly creates necessary claims to start doing database stuff

2021-10-18 11:06:44 -04:00
parent 320d939c76
commit 9e6c7f33a5
13 changed files with 129 additions and 88 deletions
--- a/WebAPI/Auth/OIDCTokenAuthHandler.cs
+++ b/WebAPI/Auth/OIDCTokenAuthHandler.cs
@@ -0,0 +1,69 @@
+using System.Linq;
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
+using Microsoft.Net.Http.Headers;
+using WebAPI.Data;
+
+namespace WebAPI.Auth
+{
+    public class OIDCTokenAuthenticationHandler : AuthenticationHandler<OIDCTokenAuthenticationOptions>
+    {
+        private readonly OIDCService _oidcService;
+        public OIDCTokenAuthenticationHandler(IOptionsMonitor<OIDCTokenAuthenticationOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock, OIDCService oidcService) : base(options, logger, encoder, clock)
+        {
+            _oidcService = oidcService;
+        }
+
+        protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
+        {
+            var bearerToken = Request.Headers[HeaderNames.Authorization].FirstOrDefault() ?? "";
+            if (string.IsNullOrEmpty(bearerToken))
+            {
+                return AuthenticateResult.Fail("no token");
+            }
+
+            var token = bearerToken.Split(" ").ElementAt(1);
+            if (!await _oidcService.ValidateAccessToken(token))
+            {
+                return AuthenticateResult.Fail("failed to validate token");
+            }
+
+            var userInfo = await _oidcService.GetTokenDetails(token);
+            if (userInfo == null)
+            {
+                return AuthenticateResult.Fail("Failed to get info for token");
+            }
+            var identity = new ClaimsIdentity(new[]
+            {
+                new Claim(ClaimTypes.Authentication, token),
+                new Claim(ClaimTypes.Name, userInfo.Name),
+                new Claim(OIDCClaimTypes.Username, userInfo.PreferredUsername),
+                new Claim(OIDCClaimTypes.Subject, userInfo.Sub)
+            }, Scheme.Name);
+            var principal = new ClaimsPrincipal(identity);
+            return AuthenticateResult.Success(new AuthenticationTicket(principal, Scheme.Name));
+        }
+    }
+
+    public class OIDCTokenAuthenticationOptions : AuthenticationSchemeOptions
+    {
+
+    }
+
+    public class OIDCTokenAuthenticationDefaults
+    {
+        public static string DefaultScheme => "OIDCAuthentication";
+    }
+
+    public static class OIDCClaimTypes
+    {
+        public static string Username => "Username";
+        public static string Subject => "Subject";
+    }
+}