ghstahl

{
	"issuer": "https://accounts.google.com",
	"authorization_endpoint": "https://localhost:6001/connect/authorize",
	"token_endpoint": "https://localhost:6001/connect/token",
	"userinfo_endpoint": "https://openidconnect.googleapis.com/v1/userinfo",
	"revocation_endpoint": "https://oauth2.googleapis.com/revoke",
	"jwks_uri": "https://www.googleapis.com/oauth2/v3/certs",
	"response_types_supported": ["code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token", "none"],
	"subject_types_supported": ["public"],
	"id_token_signing_alg_values_supported": ["RS256"],

ghstahl

using System;
using System.Collections.Generic;
using System.Collections.Specialized;
using System.Globalization;
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using IdentityModel;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;

ghstahl

Keybase proof

I hereby claim:

• I am ghstahl on github.
• I am ghstahl (https://keybase.io/ghstahl) on keybase.
• I have a public key ASB9Dis5iMFoUSYXBkRAEKIWVPL--pjwojBGE5WE-rzMbwo

To claim this, I am signing this object:

ghstahl

using Azure.Security.KeyVault.Keys;
using Azure.Security.KeyVault.Secrets;
using System;

namespace Common
{
    public class AzureKeyVaultClients : IAzureKeyVaultClients
    {
        private AzureKeyVaultTokenCredential _azureKeyVaultTokenCredential;

ghstahl

// https://github.com/graphql-dotnet/graphql-dotnet
 
 
    public static class GraphQLStarWarsExtension
    {
        public static void RegisterGraphQLTypes(this ContainerBuilder builder)
        {
            builder.RegisterInstance(new DocumentExecuter()).As<IDocumentExecuter>();
            builder.RegisterInstance(new DocumentWriter()).As<IDocumentWriter>();
            builder.RegisterInstance(new StarWarsData()).As<StarWarsData>();

ghstahl

public async Task<IActionResult> OnGetCallbackAsync(
   string returnUrl = null, 
   string remoteError = null)
{
   returnUrl = returnUrl ?? Url.Content("~/");
   if (remoteError != null)
   {
      ErrorMessage = $"Error from external provider: {remoteError}";
      return RedirectToPage("./Login", new {ReturnUrl = returnUrl});
   }

ghstahl

var sessionKey = GuidN;
var identity = await base.GenerateClaimsAsync(user);
identity.AddClaim(new Claim(".sessionKey", sessionKey));
HttpContext.Session.SetString(sessionKey, sessionKey);

ghstahl

app.UseSession();            
app.UseAuthentication();            
app.UseAuthorization();            
app.UseMiddleware<AuthSessionValidationMiddleware>();

ghstahl

services.AddIdentity<IdentityUser,IdentityRole>(options => options.SignIn.RequireConfirmedAccount = true)
    .AddEntityFrameworkStores<ApplicationDbContext>()
    .AddDefaultTokenProviders();
// services.AddDefaultIdentity must be adding its own fake
// Switched to services.AddIdentity<IdentityUser,IdentityRole>, and now I have to add it.
services.AddScoped<IEmailSender, FakeEmailSender>(); 

services.AddScoped<IUserClaimsPrincipalFactory<IdentityUser>, SeedSessionClaimsPrincipalFactory>();

ghstahl

public interface ICustomTokenRequestManager
{
  void AddTokenRequestFunction(string key, Func<ManagedToken, IServiceProvider,IOAuth2CredentialManager, CancellationToken, Task<ManagedToken>> func);
  Func<ManagedToken, IServiceProvider,IOAuth2CredentialManager, CancellationToken, Task<ManagedToken>> GetTokenRequestFunc(string key);
}