Add project files.
This commit is contained in:
@@ -0,0 +1,69 @@
|
||||
namespace MyOffice.Web.Identity.ExternalProviders;
|
||||
|
||||
using Domain;
|
||||
using Microsoft.Extensions.Options;
|
||||
using Microsoft.IdentityModel.Protocols;
|
||||
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
|
||||
using Microsoft.IdentityModel.Tokens;
|
||||
using System.IdentityModel.Tokens.Jwt;
|
||||
using System.Text;
|
||||
using Core.Extensions;
|
||||
using Core.Identity;
|
||||
|
||||
public class ExternalProviderValidatorAuth0 : IExternalProviderValidator
|
||||
{
|
||||
private readonly ExternalProvidersConfig _externalProvidersConfig;
|
||||
private readonly ILogger<ExternalProviderValidatorAuth0> _logger;
|
||||
|
||||
public ExternalProviderValidatorAuth0(
|
||||
ILogger<ExternalProviderValidatorAuth0> logger,
|
||||
IOptions<ExternalProvidersConfig> externalProvidersConfig
|
||||
)
|
||||
{
|
||||
_externalProvidersConfig = externalProvidersConfig.Value;
|
||||
_logger = logger;
|
||||
|
||||
Provider = ExternalProvidersConst.PROVIDER_AUTH0;
|
||||
IsConfigured = _externalProvidersConfig.IsAuth0Configured();
|
||||
}
|
||||
|
||||
public string Provider { get; }
|
||||
public bool IsConfigured { get; }
|
||||
|
||||
public async Task<ExternalProviderValidatorResult> ValidateAsync(string token)
|
||||
{
|
||||
var auth0Domain = _externalProvidersConfig.Auth0!.Domain!;
|
||||
var secretKey = _externalProvidersConfig.Auth0!.SecretKey!;
|
||||
var securityKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(secretKey));
|
||||
var configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(
|
||||
$"{auth0Domain}.well-known/openid-configuration", new OpenIdConnectConfigurationRetriever());
|
||||
var openIdConfig = await configurationManager.GetConfigurationAsync(CancellationToken.None);
|
||||
|
||||
var validations = new TokenValidationParameters
|
||||
{
|
||||
ValidIssuer = auth0Domain,
|
||||
ValidAudiences = new[] { _externalProvidersConfig.Auth0!.ClientId },
|
||||
IssuerSigningKeys = openIdConfig.SigningKeys,
|
||||
TokenDecryptionKey = securityKey
|
||||
};
|
||||
|
||||
var tokenHandler = new JwtSecurityTokenHandler();
|
||||
var user = tokenHandler.ValidateToken(token, validations, out var validatedToken);
|
||||
if (user.Identity?.IsAuthenticated != true)
|
||||
{
|
||||
return ExternalProviderValidatorResult.Failed();
|
||||
}
|
||||
|
||||
var email = user.Claims.GetEmail();
|
||||
var emailVerified = user.Claims.GetValue("email_verified").AsBool();
|
||||
var fullName = user.Claims.GetValue("name")?.ToString();
|
||||
var externalId = user.Claims.GetSID();
|
||||
|
||||
if (email == null || externalId == null)
|
||||
{
|
||||
return ExternalProviderValidatorResult.Failed();
|
||||
}
|
||||
|
||||
return ExternalProviderValidatorResult.Success(email, emailVerified, externalId, fullName);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,36 @@
|
||||
namespace MyOffice.Web.Identity.ExternalProviders;
|
||||
|
||||
using MyOffice.Core.Identity;
|
||||
using Domain;
|
||||
using Google.Apis.Auth;
|
||||
using Microsoft.Extensions.Options;
|
||||
|
||||
public class ExternalProviderValidatorGoogle : IExternalProviderValidator
|
||||
{
|
||||
private readonly ExternalProvidersConfig _externalProvidersConfig;
|
||||
|
||||
public ExternalProviderValidatorGoogle(
|
||||
IOptions<ExternalProvidersConfig> externalProvidersConfig
|
||||
)
|
||||
{
|
||||
_externalProvidersConfig = externalProvidersConfig.Value;
|
||||
|
||||
Provider = ExternalProvidersConst.PROVIDER_GOOGLE;
|
||||
IsConfigured = _externalProvidersConfig.IsGoogleConfigured();
|
||||
}
|
||||
|
||||
public string Provider { get; }
|
||||
public bool IsConfigured { get; }
|
||||
|
||||
public async Task<ExternalProviderValidatorResult> ValidateAsync(string token)
|
||||
{
|
||||
var settings = new GoogleJsonWebSignature.ValidationSettings()
|
||||
{
|
||||
Audience = new List<string>() { _externalProvidersConfig.Google!.ClientId! }
|
||||
};
|
||||
var result = await GoogleJsonWebSignature.ValidateAsync(token, settings);
|
||||
if (!result.EmailVerified) return ExternalProviderValidatorResult.Failed();
|
||||
|
||||
return ExternalProviderValidatorResult.Success(result.Email, result.EmailVerified, result.Subject, result.Name);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,7 @@
|
||||
namespace MyOffice.Web.Identity.ExternalProviders;
|
||||
|
||||
public class ExternalProvidersConst
|
||||
{
|
||||
public const string PROVIDER_GOOGLE = "google";
|
||||
public const string PROVIDER_AUTH0 = "auth0";
|
||||
}
|
||||
Reference in New Issue
Block a user