OAuth
OAuth 2.0 client/server and JWT supports.
In Trivial.Security
namespace of Trivial.dll
library.
Authentication
You can use following additional models for OAuth and app key.
TokenInfo
The access token and other properties.AppAccessingKey
The app identifier and secret key.
You can access the resources required access token authentication by using an instance of the OAuthClient
class with the AppAccessingKey
instance, scope and authorization URI. Following is an example for WNS.
// Inialize a new instance of OAuth client
// with client identifier, client secret, authorization URI and scope.
var oauth = new OAuthClient(
"client_id", // Client ID.
"client_secret", // Client secret.
new Uri("https://login.live.com/accesstoken.srf"),
"notify.windows.com");
// Get access token.
var token = await oauth.ResolveTokenAsync(new ClientTokenRequestBody());
// Then you can create the JSON HTTP web client when you need,
// And it will set the access token and its type into the authorization header of HTTP request.
var httpClient = oauth.Create<ResponseBody>();
// And, of course, you can get the access token cache by following property.
token = oauth.Token;
JWT
You can create a JSON web token to get an authorization header in HTTP request by initializing a new instance of the JsonWebToken
class.
// Create a hash signature provider.
var sign = HashSignatureProvider.CreateHS512("a secret string");
// Create a payload.
// Supports any type. So you can define your customized model class to use.
// Or even use Trivial.Text.JsonObject or Newtonsoft.Json.Linq.JObject class.
var model = new JsonWebTokenPayload
{
Id = Guid.NewGuid().ToString("n"),
Subject = "user-or-other-subject-id",
Issuer = "example"
};
// Create a JWT instance
// by plusing a JsonWebTokenPayload (or a JsonObjectNode)
// and the signature provider instance.
var jwt = model + sign;
// Get the JWT string encoded.
var jwtStr = jwt.ToEncodedString();
// Or get authenticiation header value for HttpClient class using.
var header = jwt.ToAuthenticationHeaderValue();
You can parse a JWT string as following way.
var jwtSame = JsonWebToken<JsonWebTokenPayload>.Parse(jwtStr, sign); // jwtSame.ToEncodedString() == jwtStr
Or use a parser to get details before sign validation.
var parser = new JsonWebToken<Model>.Parser(jwtStr);
// Verify.
var isVerified = parser.Verify(sign);
// Get payload model.
var payload = parser.GetPayload();
// Convert to a JWT instance.
var jwt = parser.ToToken(sign, true);
Following are the signature providers. You can call one of these function and pass the secret as a parameter.
Algorithm Name | Function Name |
---|---|
HS512 | HashSignatureProvider.CreateHS512 |
HS384 | HashSignatureProvider.CreateHS384 |
HS256 | HashSignatureProvider.CreateHS256 |
RS512 | RSASignatureProvider.CreateRS512 |
RS384 | RSASignatureProvider.CreateRS384 |
RS256 | RSASignatureProvider.CreateRS256 |
You can also initialize a new instance of the KeyedSignatureProvider
class for your own signature provider.
See JWT.IO to test JWT or get details.
Token request route
In server side, you can use or inherit class TokenRequestRoute<T>
to parse and process the token info request.
// Create a route and register the handlers.
var route = new TokenRequestRoute<UserInfo>();
route.Register((PasswordTokenRequestBody req, CancellationToken cancellationToken)
=> UserManager.LoginByPasswordAsync(req.UserName, req.Password));
route.Register((RefreshTokenRequestBody req, CancellationToken cancellationToken)
=> UserManager.LoginByRefreshTokenAsync(req.RefreshToken));
// Then you can handle following login request.
var resp = await route.SignInAsync(tokenReq);