| | | 1 | | using System.Security.Claims; |
| | | 2 | | using Kestrun.Claims; |
| | | 3 | | using Kestrun.Hosting; |
| | | 4 | | using Microsoft.AspNetCore.Authentication.JwtBearer; |
| | | 5 | | using Microsoft.IdentityModel.Tokens; |
| | | 6 | | |
| | | 7 | | namespace Kestrun.Authentication; |
| | | 8 | | |
| | | 9 | | /// <summary> |
| | | 10 | | /// Options for JWT-based authentication. |
| | | 11 | | /// </summary> |
| | | 12 | | public class JwtAuthOptions : JwtBearerOptions, IOpenApiAuthenticationOptions, IClaimsCommonOptions, IAuthenticationHost |
| | | 13 | | { |
| | | 14 | | /// <summary> |
| | | 15 | | /// If true, allows cookie authentication over insecure HTTP connections. |
| | | 16 | | /// </summary> |
| | 0 | 17 | | public bool AllowInsecureHttp { get; set; } |
| | | 18 | | |
| | | 19 | | private Serilog.ILogger? _logger; |
| | | 20 | | /// <inheritdoc/> |
| | | 21 | | public Serilog.ILogger Logger |
| | | 22 | | { |
| | 0 | 23 | | get => _logger ?? (Host is null ? Serilog.Log.Logger : Host.Logger); set => _logger = value; |
| | | 24 | | } |
| | | 25 | | |
| | | 26 | | /// <summary> |
| | | 27 | | /// Gets or sets the token validation parameters. |
| | | 28 | | /// </summary> |
| | 2 | 29 | | public TokenValidationParameters? ValidationParameters { get; set; } |
| | | 30 | | |
| | | 31 | | /// <inheritdoc/> |
| | 6 | 32 | | public string? DisplayName { get; set; } |
| | | 33 | | |
| | | 34 | | /// <inheritdoc/> |
| | 9 | 35 | | public bool GlobalScheme { get; set; } |
| | | 36 | | |
| | | 37 | | /// <inheritdoc/> |
| | 9 | 38 | | public string? Description { get; set; } |
| | | 39 | | |
| | | 40 | | /// <inheritdoc/> |
| | 30 | 41 | | public string[] DocumentationId { get; set; } = []; |
| | | 42 | | |
| | | 43 | | /// <inheritdoc/> |
| | 9 | 44 | | public bool Deprecated { get; set; } |
| | | 45 | | |
| | | 46 | | /// <inheritdoc/> |
| | 15 | 47 | | public KestrunHost Host { get; set; } = default!; |
| | | 48 | | |
| | | 49 | | /// <summary> |
| | | 50 | | /// Configuration for claim policy enforcement. |
| | | 51 | | /// </summary> |
| | 13 | 52 | | public ClaimPolicyConfig? ClaimPolicy { get; set; } |
| | | 53 | | |
| | | 54 | | /// <summary> |
| | | 55 | | /// After credentials are valid, this is called to add extra Claims. |
| | | 56 | | /// Parameters: HttpContext, username → IEnumerable of extra claims. |
| | | 57 | | /// </summary> |
| | 9 | 58 | | public Func<HttpContext, string, Task<IEnumerable<Claim>>>? IssueClaims { get; set; } |
| | | 59 | | |
| | | 60 | | /// <summary> |
| | | 61 | | /// Settings for the claims issuing code, if using a script. |
| | | 62 | | /// </summary> |
| | | 63 | | /// <remarks> |
| | | 64 | | /// This allows you to specify the language, code, and additional imports/refs for claims issuance. |
| | | 65 | | /// </remarks> |
| | 19 | 66 | | public AuthenticationCodeSettings IssueClaimsCodeSettings { get; set; } = new(); |
| | | 67 | | |
| | | 68 | | /// <summary> |
| | | 69 | | /// Gets or sets the claim policy configuration. |
| | | 70 | | /// </summary> |
| | | 71 | | /// <remarks> |
| | | 72 | | /// This allows you to define multiple authorization policies based on claims. |
| | | 73 | | /// Each policy can specify a claim type and allowed values. |
| | | 74 | | /// </remarks> |
| | 2 | 75 | | public ClaimPolicyConfig? ClaimPolicyConfig { get; set; } |
| | | 76 | | |
| | | 77 | | /// <summary> |
| | | 78 | | /// Helper to copy values from a user-supplied JwtBearerOptions instance to the instance |
| | | 79 | | /// created by the framework inside AddJwtBearer(). Reassigning the local variable (opts = source) would |
| | | 80 | | /// not work because only the local reference changes – the framework keeps the original instance. |
| | | 81 | | /// </summary> |
| | | 82 | | /// <param name="target">The target options to copy to.</param> |
| | | 83 | | /// <exception cref="ArgumentNullException">Thrown when source or target is null.</exception> |
| | | 84 | | /// <remarks> |
| | | 85 | | /// Only copies primitive properties and references. Does not clone complex objects like CookieBuilder. |
| | | 86 | | /// </remarks> |
| | | 87 | | public void ApplyTo(JwtAuthOptions target) |
| | | 88 | | { |
| | 3 | 89 | | ApplyTo((JwtBearerOptions)target); |
| | 3 | 90 | | target.GlobalScheme = GlobalScheme; |
| | 3 | 91 | | target.Description = Description; |
| | 3 | 92 | | target.DocumentationId = DocumentationId; |
| | 3 | 93 | | target.DisplayName = DisplayName; |
| | 3 | 94 | | target.Host = Host; |
| | 3 | 95 | | target.ClaimPolicy = ClaimPolicy; |
| | 3 | 96 | | target.IssueClaims = IssueClaims; |
| | 3 | 97 | | target.IssueClaimsCodeSettings = IssueClaimsCodeSettings; |
| | 3 | 98 | | target.Deprecated = Deprecated; |
| | 3 | 99 | | } |
| | | 100 | | |
| | | 101 | | /// <summary> |
| | | 102 | | /// Helper to copy values from this JwtAuthOptions instance to a target JwtBearerOptions instance. |
| | | 103 | | /// </summary> |
| | | 104 | | /// <param name="target">The target JwtBearerOptions instance to copy values to.</param> |
| | | 105 | | public void ApplyTo(JwtBearerOptions target) |
| | | 106 | | { |
| | | 107 | | // Paths & return URL |
| | 3 | 108 | | target.TokenValidationParameters = TokenValidationParameters; |
| | 3 | 109 | | target.MapInboundClaims = MapInboundClaims; |
| | 3 | 110 | | target.SaveToken = SaveToken; |
| | 3 | 111 | | target.IncludeErrorDetails = IncludeErrorDetails; |
| | 3 | 112 | | target.RefreshOnIssuerKeyNotFound = RefreshOnIssuerKeyNotFound; |
| | 3 | 113 | | target.RequireHttpsMetadata = RequireHttpsMetadata; |
| | 3 | 114 | | target.MetadataAddress = MetadataAddress; |
| | 3 | 115 | | target.Authority = Authority; |
| | 3 | 116 | | target.Audience = Audience; |
| | 3 | 117 | | target.Challenge = Challenge; |
| | 3 | 118 | | } |
| | | 119 | | } |