React to API changes in aspnet-contrib/AspNet.Security.OpenIdConnect.Server

939067dfa7

samples/Mvc.Client/Startup.cs

@@ -60,10 +60,6 @@ namespace Mvc.Client {
                 // the different endpoints URIs or the token validation parameters explicitly.
                 options.Authority = "http://localhost:54540/";
 
-                // Note: the resource property represents the different endpoints the
-                // access token should be issued for (values must be space-delimited).
-                options.Resource = "http://localhost:54540/";
-
                 options.Scope.Add("email");
             });
 

samples/Mvc.Server/Controllers/ResourceController.cs

@@ -1,12 +1,12 @@
-using System.Globalization;
-using System.Security.Claims;
+using System.Security.Claims;
+using AspNet.Security.OAuth.Validation;
 using Microsoft.AspNet.Authorization;
 using Microsoft.AspNet.Mvc;
 
 namespace Mvc.Server.Controllers {
     [Route("api")]
     public class ResourceController : Controller {
-        [Authorize(ActiveAuthenticationSchemes = "Bearer")]
+        [Authorize(ActiveAuthenticationSchemes = OAuthValidationDefaults.AuthenticationScheme)]
         [HttpGet("message")]
         public IActionResult GetMessage() {
             var identity = User.Identity as ClaimsIdentity;
@@ -14,13 +14,7 @@ namespace Mvc.Server.Controllers {
                 return HttpBadRequest();
             }
 
-            // Note: identity is the ClaimsIdentity representing the resource owner
-            // and identity.Actor is the identity corresponding to the client
-            // application the access token has been issued to (delegation).
-            return Content(string.Format(
-                CultureInfo.InvariantCulture,
-                "{0} has been successfully authenticated via {1}",
-                identity.Name, identity.Actor.Name));
+            return Content($"{identity.Name} has been successfully authenticated.");
         }
     }
 }

samples/Mvc.Server/Startup.cs

@@ -53,11 +53,20 @@ namespace Mvc.Server {
 
             // Add a middleware used to validate access
             // tokens and protect the API endpoints.
-            app.UseJwtBearerAuthentication(options => {
-                options.Audience = "http://localhost:54540/";
-                options.Authority = "http://localhost:54540/";
-                options.RequireHttpsMetadata = false;
-            });
+            app.UseOAuthValidation();
+
+            // Alternatively, you can also use the introspection middleware.
+            // Using it is recommended if your resource server is in a
+            // different application/separated from the authorization server.
+            // 
+            // app.UseOAuthIntrospection(options => {
+            //     options.AutomaticAuthenticate = true;
+            //     options.AutomaticChallenge = true;
+            //     options.Authority = "http://localhost:54540/";
+            //     options.Audience = "resource_server";
+            //     options.ClientId = "resource_server";
+            //     options.ClientSecret = "875sqd4s5d748z78z7ds1ff8zz8814ff88ed8ea4z4zzd";
+            // });
 
             app.UseIdentity();
 
@@ -82,6 +91,15 @@ namespace Mvc.Server {
 
                 // Add Mvc.Client to the known applications.
                 if (!context.Applications.Any()) {
+                    // Note: when using the introspection middleware, your resource server
+                    // MUST be registered as an OAuth2 client and have valid credentials.
+                    // 
+                    // context.Applications.Add(new Application {
+                    //     Id = "resource_server",
+                    //     DisplayName = "Main resource server",
+                    //     Secret = "875sqd4s5d748z78z7ds1ff8zz8814ff88ed8ea4z4zzd"
+                    // });
+
                     context.Applications.Add(new Application {
                         Id = "myClient",
                         DisplayName = "My client application",

samples/Mvc.Server/project.json

@@ -2,10 +2,12 @@
     "webroot": "wwwroot",
 
     "dependencies": {
+        "AspNet.Security.OAuth.Introspection": "1.0.0-*",
+        "AspNet.Security.OAuth.Validation": "1.0.0-*",
+
         "EntityFramework.MicrosoftSqlServer": "7.0.0-*",
 
         "Microsoft.AspNet.Authentication.Google": "1.0.0-*",
-        "Microsoft.AspNet.Authentication.JwtBearer": "1.0.0-*",
         "Microsoft.AspNet.Authentication.Twitter": "1.0.0-*",
         "Microsoft.AspNet.Diagnostics": "1.0.0-*",
         "Microsoft.AspNet.IISPlatformHandler": "1.0.0-*",

src/OpenIddict.Core/OpenIddictDefaults.cs

@@ -1,14 +0,0 @@
-/*
- * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
- * See https://github.com/openiddict/core for more information concerning
- * the license and the contributors participating to this project.
- */
-
-namespace OpenIddict {
-    public static class OpenIddictDefaults {
-        /// <summary>
-        /// Gets the default authentication scheme used by OpenIddict.
-        /// </summary>
-        public const string AuthenticationScheme = "OpenIddict";
-    }
-}

src/OpenIddict.Core/OpenIddictManager.cs

@@ -4,6 +4,7 @@ using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using AspNet.Security.OpenIdConnect.Extensions;
+using AspNet.Security.OpenIdConnect.Server;
 using CryptoHelper;
 using Microsoft.AspNet.Http;
 using Microsoft.AspNet.Identity;
@@ -56,7 +57,7 @@ namespace OpenIddict {
             }
 
             var identity = new ClaimsIdentity(
-                OpenIddictDefaults.AuthenticationScheme,
+                OpenIdConnectServerDefaults.AuthenticationScheme,
                 Options.ClaimsIdentity.UserNameClaimType,
                 Options.ClaimsIdentity.RoleClaimType);
 

src/OpenIddict.Core/OpenIddictOptions.cs

@@ -9,7 +9,6 @@ using AspNet.Security.OpenIdConnect.Server;
 namespace OpenIddict {
     public class OpenIddictOptions : OpenIdConnectServerOptions {
         public OpenIddictOptions() {
-            AuthenticationScheme = OpenIddictDefaults.AuthenticationScheme;
             ApplicationCanDisplayErrors = true;
         }
     }