1
+ using System . IdentityModel . Tokens . Jwt ;
2
+ using Microsoft . AspNetCore . Authentication . JwtBearer ;
3
+ using Microsoft . Net . Http . Headers ;
4
+
5
+ namespace Microsoft . Extensions . DependencyInjection ;
6
+
7
+ public static class AuthenticationExtensions
8
+ {
9
+ public static IServiceCollection AddApiAuthentication ( this IServiceCollection services , IConfiguration configuration )
10
+ {
11
+ // Clear all the claim type mappings
12
+ JwtSecurityTokenHandler . DefaultInboundClaimTypeMap . Clear ( ) ;
13
+
14
+ var schemeNames = new TokenAuthority [ ] {
15
+ new TokenAuthority { Name = "Auth0" , Issuer = configuration [ "Auth0:Authority" ] } ,
16
+ new TokenAuthority { Name = "Okta" , Issuer = configuration [ "Okta:Authority" ] } ,
17
+ } ;
18
+
19
+ services
20
+ . AddAuthentication ( JwtBearerDefaults . AuthenticationScheme )
21
+ . AddJwtBearer ( options =>
22
+ {
23
+ options . ForwardDefaultSelector = context =>
24
+ {
25
+ string authorization = context . Request . Headers [ HeaderNames . Authorization ] ;
26
+
27
+ if ( ! string . IsNullOrEmpty ( authorization ) )
28
+ {
29
+ if ( authorization . StartsWith ( JwtBearerDefaults . AuthenticationScheme , StringComparison . OrdinalIgnoreCase ) )
30
+ {
31
+ var token = authorization . Substring ( JwtBearerDefaults . AuthenticationScheme . Length + 1 ) . Trim ( ) ;
32
+ var jwtHandler = new JwtSecurityTokenHandler ( ) ;
33
+
34
+ if ( jwtHandler . CanReadToken ( token ) )
35
+ {
36
+ var jwtToken = jwtHandler . ReadJwtToken ( token ) ;
37
+ var authority = schemeNames . FirstOrDefault ( scheme => string . Equals ( scheme . Issuer , jwtToken . Issuer ) ) ;
38
+
39
+ return authority ? . Name ;
40
+ }
41
+ }
42
+ }
43
+
44
+ return null ;
45
+ } ;
46
+ } )
47
+ . AddJwtBearer ( "Auth0" , options =>
48
+ {
49
+ options . Authority = configuration [ "Auth0:Authority" ] ;
50
+ options . RefreshOnIssuerKeyNotFound = true ;
51
+
52
+ options . TokenValidationParameters . IgnoreTrailingSlashWhenValidatingAudience = true ;
53
+ options . TokenValidationParameters . ValidateActor = false ;
54
+ options . TokenValidationParameters . ValidateAudience = false ;
55
+ options . TokenValidationParameters . ValidateIssuer = false ;
56
+ options . TokenValidationParameters . ValidateLifetime = true ;
57
+ } )
58
+ . AddJwtBearer ( "Okta" , options =>
59
+ {
60
+ options . Authority = configuration [ "Okta:Authority" ] ;
61
+ options . RefreshOnIssuerKeyNotFound = true ;
62
+
63
+ options . TokenValidationParameters . IgnoreTrailingSlashWhenValidatingAudience = true ;
64
+ options . TokenValidationParameters . ValidateActor = false ;
65
+ options . TokenValidationParameters . ValidateAudience = false ;
66
+ options . TokenValidationParameters . ValidateIssuer = false ;
67
+ options . TokenValidationParameters . ValidateLifetime = true ;
68
+ } ) ;
69
+
70
+ return services ;
71
+ }
72
+ }
0 commit comments