From cc91bc80c9e64bbcb18fe551d123c27d5bd2de5a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Chalet?= Date: Sat, 12 Dec 2015 05:25:12 +0100 Subject: [PATCH] React to API changes in aspnet-contrib/AspNet.Security.OpenIdConnect.Server https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/commit/939067dfa7e50e020b5cbc09c84213f7174f3ab8 --- samples/Mvc.Client/Startup.cs | 4 --- .../Controllers/ResourceController.cs | 14 +++------- samples/Mvc.Server/Startup.cs | 28 +++++++++++++++---- samples/Mvc.Server/project.json | 4 ++- src/OpenIddict.Core/OpenIddictDefaults.cs | 14 ---------- src/OpenIddict.Core/OpenIddictManager.cs | 3 +- src/OpenIddict.Core/OpenIddictOptions.cs | 1 - 7 files changed, 32 insertions(+), 36 deletions(-) delete mode 100644 src/OpenIddict.Core/OpenIddictDefaults.cs diff --git a/samples/Mvc.Client/Startup.cs b/samples/Mvc.Client/Startup.cs index 5e94e6eb..0b0d1fc9 100644 --- a/samples/Mvc.Client/Startup.cs +++ b/samples/Mvc.Client/Startup.cs @@ -60,10 +60,6 @@ namespace Mvc.Client { // the different endpoints URIs or the token validation parameters explicitly. options.Authority = "http://localhost:54540/"; - // Note: the resource property represents the different endpoints the - // access token should be issued for (values must be space-delimited). - options.Resource = "http://localhost:54540/"; - options.Scope.Add("email"); }); diff --git a/samples/Mvc.Server/Controllers/ResourceController.cs b/samples/Mvc.Server/Controllers/ResourceController.cs index 1a7d75b2..47a4813f 100644 --- a/samples/Mvc.Server/Controllers/ResourceController.cs +++ b/samples/Mvc.Server/Controllers/ResourceController.cs @@ -1,12 +1,12 @@ -using System.Globalization; -using System.Security.Claims; +using System.Security.Claims; +using AspNet.Security.OAuth.Validation; using Microsoft.AspNet.Authorization; using Microsoft.AspNet.Mvc; namespace Mvc.Server.Controllers { [Route("api")] public class ResourceController : Controller { - [Authorize(ActiveAuthenticationSchemes = "Bearer")] + [Authorize(ActiveAuthenticationSchemes = OAuthValidationDefaults.AuthenticationScheme)] [HttpGet("message")] public IActionResult GetMessage() { var identity = User.Identity as ClaimsIdentity; @@ -14,13 +14,7 @@ namespace Mvc.Server.Controllers { return HttpBadRequest(); } - // Note: identity is the ClaimsIdentity representing the resource owner - // and identity.Actor is the identity corresponding to the client - // application the access token has been issued to (delegation). - return Content(string.Format( - CultureInfo.InvariantCulture, - "{0} has been successfully authenticated via {1}", - identity.Name, identity.Actor.Name)); + return Content($"{identity.Name} has been successfully authenticated."); } } } \ No newline at end of file diff --git a/samples/Mvc.Server/Startup.cs b/samples/Mvc.Server/Startup.cs index 508c4644..3e1ebea5 100644 --- a/samples/Mvc.Server/Startup.cs +++ b/samples/Mvc.Server/Startup.cs @@ -53,11 +53,20 @@ namespace Mvc.Server { // Add a middleware used to validate access // tokens and protect the API endpoints. - app.UseJwtBearerAuthentication(options => { - options.Audience = "http://localhost:54540/"; - options.Authority = "http://localhost:54540/"; - options.RequireHttpsMetadata = false; - }); + app.UseOAuthValidation(); + + // Alternatively, you can also use the introspection middleware. + // Using it is recommended if your resource server is in a + // different application/separated from the authorization server. + // + // app.UseOAuthIntrospection(options => { + // options.AutomaticAuthenticate = true; + // options.AutomaticChallenge = true; + // options.Authority = "http://localhost:54540/"; + // options.Audience = "resource_server"; + // options.ClientId = "resource_server"; + // options.ClientSecret = "875sqd4s5d748z78z7ds1ff8zz8814ff88ed8ea4z4zzd"; + // }); app.UseIdentity(); @@ -82,6 +91,15 @@ namespace Mvc.Server { // Add Mvc.Client to the known applications. if (!context.Applications.Any()) { + // Note: when using the introspection middleware, your resource server + // MUST be registered as an OAuth2 client and have valid credentials. + // + // context.Applications.Add(new Application { + // Id = "resource_server", + // DisplayName = "Main resource server", + // Secret = "875sqd4s5d748z78z7ds1ff8zz8814ff88ed8ea4z4zzd" + // }); + context.Applications.Add(new Application { Id = "myClient", DisplayName = "My client application", diff --git a/samples/Mvc.Server/project.json b/samples/Mvc.Server/project.json index ab65b732..8e7b13b7 100644 --- a/samples/Mvc.Server/project.json +++ b/samples/Mvc.Server/project.json @@ -2,10 +2,12 @@ "webroot": "wwwroot", "dependencies": { + "AspNet.Security.OAuth.Introspection": "1.0.0-*", + "AspNet.Security.OAuth.Validation": "1.0.0-*", + "EntityFramework.MicrosoftSqlServer": "7.0.0-*", "Microsoft.AspNet.Authentication.Google": "1.0.0-*", - "Microsoft.AspNet.Authentication.JwtBearer": "1.0.0-*", "Microsoft.AspNet.Authentication.Twitter": "1.0.0-*", "Microsoft.AspNet.Diagnostics": "1.0.0-*", "Microsoft.AspNet.IISPlatformHandler": "1.0.0-*", diff --git a/src/OpenIddict.Core/OpenIddictDefaults.cs b/src/OpenIddict.Core/OpenIddictDefaults.cs deleted file mode 100644 index 00c453ac..00000000 --- a/src/OpenIddict.Core/OpenIddictDefaults.cs +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0) - * See https://github.com/openiddict/core for more information concerning - * the license and the contributors participating to this project. - */ - -namespace OpenIddict { - public static class OpenIddictDefaults { - /// - /// Gets the default authentication scheme used by OpenIddict. - /// - public const string AuthenticationScheme = "OpenIddict"; - } -} diff --git a/src/OpenIddict.Core/OpenIddictManager.cs b/src/OpenIddict.Core/OpenIddictManager.cs index af68d05c..656a55a2 100644 --- a/src/OpenIddict.Core/OpenIddictManager.cs +++ b/src/OpenIddict.Core/OpenIddictManager.cs @@ -4,6 +4,7 @@ using System.Linq; using System.Security.Claims; using System.Threading.Tasks; using AspNet.Security.OpenIdConnect.Extensions; +using AspNet.Security.OpenIdConnect.Server; using CryptoHelper; using Microsoft.AspNet.Http; using Microsoft.AspNet.Identity; @@ -56,7 +57,7 @@ namespace OpenIddict { } var identity = new ClaimsIdentity( - OpenIddictDefaults.AuthenticationScheme, + OpenIdConnectServerDefaults.AuthenticationScheme, Options.ClaimsIdentity.UserNameClaimType, Options.ClaimsIdentity.RoleClaimType); diff --git a/src/OpenIddict.Core/OpenIddictOptions.cs b/src/OpenIddict.Core/OpenIddictOptions.cs index 0ca215bf..3ec60ca0 100644 --- a/src/OpenIddict.Core/OpenIddictOptions.cs +++ b/src/OpenIddict.Core/OpenIddictOptions.cs @@ -9,7 +9,6 @@ using AspNet.Security.OpenIdConnect.Server; namespace OpenIddict { public class OpenIddictOptions : OpenIdConnectServerOptions { public OpenIddictOptions() { - AuthenticationScheme = OpenIddictDefaults.AuthenticationScheme; ApplicationCanDisplayErrors = true; } }