ghstahl

foreach (var exchange in exchanges)
{
    services.Configure<PipelineExchangeOptions>(exchange.ExchangeName, options =>
    {
        options.PreProcessors = exchange.Preprocessors;
    });
    services.AddTransient<ITokenExchangeHandler>(x =>
    {
        var tokenExchangeHandler = x.GetRequiredService<PipelineTokenExchangeHandler>();
        tokenExchangeHandler.Configure(exchange);

ghstahl

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: kubewebapp-deployment
spec:
  replicas: 2
  selector:
    matchLabels:
      app: kubewebapp
  template:

ghstahl

{
	"issuer": "https://accounts.google.com",
	"authorization_endpoint": "https://localhost:6001/connect/authorize",
	"token_endpoint": "https://localhost:6001/connect/token",
	"userinfo_endpoint": "https://openidconnect.googleapis.com/v1/userinfo",
	"revocation_endpoint": "https://oauth2.googleapis.com/revoke",
	"jwks_uri": "https://www.googleapis.com/oauth2/v3/certs",
	"response_types_supported": ["code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token", "none"],
	"subject_types_supported": ["public"],
	"id_token_signing_alg_values_supported": ["RS256"],

ghstahl

using System;
using System.Collections.Generic;
using System.Collections.Specialized;
using System.Globalization;
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using IdentityModel;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;

ghstahl

Keybase proof

I hereby claim:

• I am ghstahl on github.
• I am ghstahl (https://keybase.io/ghstahl) on keybase.
• I have a public key ASB9Dis5iMFoUSYXBkRAEKIWVPL--pjwojBGE5WE-rzMbwo

To claim this, I am signing this object:

ghstahl

using Azure.Security.KeyVault.Keys;
using Azure.Security.KeyVault.Secrets;
using System;

namespace Common
{
    public class AzureKeyVaultClients : IAzureKeyVaultClients
    {
        private AzureKeyVaultTokenCredential _azureKeyVaultTokenCredential;

ghstahl

services.AddIdentity<IdentityUser,IdentityRole>(options => options.SignIn.RequireConfirmedAccount = true)
    .AddEntityFrameworkStores<ApplicationDbContext>()
    .AddDefaultTokenProviders();
// services.AddDefaultIdentity must be adding its own fake
// Switched to services.AddIdentity<IdentityUser,IdentityRole>, and now I have to add it.
services.AddScoped<IEmailSender, FakeEmailSender>(); 

services.AddScoped<IUserClaimsPrincipalFactory<IdentityUser>, SeedSessionClaimsPrincipalFactory>();

ghstahl

app.UseSession();            
app.UseAuthentication();            
app.UseAuthorization();            
app.UseMiddleware<AuthSessionValidationMiddleware>();

ghstahl

var sessionKey = GuidN;
var identity = await base.GenerateClaimsAsync(user);
identity.AddClaim(new Claim(".sessionKey", sessionKey));
HttpContext.Session.SetString(sessionKey, sessionKey);

ghstahl

public async Task<IActionResult> OnGetCallbackAsync(
   string returnUrl = null, 
   string remoteError = null)
{
   returnUrl = returnUrl ?? Url.Content("~/");
   if (remoteError != null)
   {
      ErrorMessage = $"Error from external provider: {remoteError}";
      return RedirectToPage("./Login", new {ReturnUrl = returnUrl});
   }