[token] integration with wso2is

[Alice52]

wso2is

1. config OAuth function

   • Inbound Authentication Configuration --> OAuth/OpenID Connect Configuration --> Config --> enable Enable Audience Restriction and choose Allowed Grant Types

2. get access token

curl -v -k -X POST --user OAUTH_CLIENT_KEY:OAUTH_CLIENT_SECRET -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -d "grant_type=client_credentials&username=admin&password=admin" https://101.132.45.28:9443/oauth2/token

---

skeleton

0. config

<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="2.2.0" />
<PackageReference Include="RestSharp" Version="106.6.10" />

"JwtBearerConfig": {
    "BaseUrl": "https://localhost:9444",
    "ValidateIssuer": false,
    "ValidateIssuerSigningKey": true,
    "ValidateAudience": true,
    "ValidAudience": "table-operation-buyin-api",
    "ValidateLifetime": true,
    "RequireExpirationTime": true
  }

1. register in startup

public JwtBearerConfig JwtBearerConfig { get; set; }
private const string jwksPath = "/oauth2/jwks";

public Startup(IConfiguration configuration, IHostingEnvironment env)
{
    Configuration = configuration;
    JwtBearerConfig = new JwtBearerConfig();
    Configuration.GetSection("JwtBearerConfig").Bind(JwtBearerConfig);
}

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    app.UseAuthentication();
}

public void ConfigureServices(IServiceCollection services)
{
    ConfigureAuthentication(services);
}

private void ConfigureAuthentication(IServiceCollection services)
{
    IRestClient restClient = new RestClient(JwtBearerConfig.BaseUrl);
    restClient.RemoteCertificateValidationCallback = (sender, certificate, chain, sslPolicyErrors) => true;
    IRestRequest restRequest = new RestRequest(jwksPath, Method.GET);
    string response = restClient.Execute(restRequest).Content;
    AuthenticationCode authenticationCodes = JsonUtil.DeserializeObject<AuthenticationCode>(response);
    JsonWebKey[] jsonWebKey = authenticationCodes.Keys;

    services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddJwtBearer(options =>
            {
                options.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateIssuer = JwtBearerConfig.ValidateIssuer,
                    ValidateIssuerSigningKey = JwtBearerConfig.ValidateIssuerSigningKey,
                    IssuerSigningKeys = jsonWebKey,
                    ValidateAudience = JwtBearerConfig.ValidateAudience,
                    ValidAudience = JwtBearerConfig.ValidAudience,
                    ValidateLifetime = JwtBearerConfig.ValidateLifetime,
                    RequireExpirationTime = JwtBearerConfig.RequireExpirationTime
                };
            });
}

class AuthenticationCode
{
    public JsonWebKey[] Keys { get; set; }
}

• usage

[Authorize] // used in class or method

---

reference

1. https://github.com/Alice52/java-ocean/blob/feat-zack/common/oauth/jwt-token.md
2. sample