mattbrailsford / umbraco-authu

An Umbraco plugin to add an OAuth API endpoint to allow authenticated Members/Users via OAuth
MIT License
71 stars 22 forks source link

Needs to be upgraded to newer JWT implementation #19

Closed JohnBergman closed 6 years ago

JohnBergman commented 6 years ago

The version of the JWT component needs to be updated to use the 5.x series in order to be compatible with many other modern implementions using oAuth (like twilio for example).

I had a go at it, but was not able to make much progress at the moment because of the completely new structure of how JWT is implemented in the new libraries - if anyone can provide a reference that is understandable describing how to upgrade, I'd have another run at it.

biapar commented 6 years ago

Which problems do you have? Maybe with some small changes it can work with JWT v5? Which are the changes from old JWT version?

JohnBergman commented 6 years ago

In JWT 5.x the securitytoken namespace is different, after changing and fixing that along with the signing token - it looks like the token handler and the Create/Read/Write token use a different implementation.

Its possible that is all of the fallout, in my limited time I was not able to get all the way through the needed changes, so I am not sure if there is fallout beyond that.

biapar commented 6 years ago

Which JWT lib Do you use?

JohnBergman commented 6 years ago

I need to upgrade System.IdentityModel.Tokens.Jwt to V5 or newer, preferably 5.1.4 or 5.1.5 (or even 5.2.1)

mattbrailsford commented 6 years ago

Happy to upgrade, wouldn anyone want to do a PR?

biapar commented 6 years ago

@mattbrailsford Can I do this?

mattbrailsford commented 6 years ago

@biapar go for it

biapar commented 6 years ago

Hi, I already use Authu with Umbraco 7.10.x and I had modified the source code with new libraries.

I try to update System.IdentityModel.Tokens.Jwt to 5.x

Microsoft.IdentityModel.Tokens is already 5.1.2.0

This are the lib references at the moment:

<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-3.1.0.0" newVersion="3.1.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Microsoft.Owin.Security.OAuth" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Microsoft.Owin.Security" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-3.1.0.0" newVersion="3.1.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Microsoft.Owin.Security.Cookies" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="MySql.Data" publicKeyToken="c5687fc88969c44d" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-6.9.9.0" newVersion="6.9.9.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-10.0.0.0" newVersion="10.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Microsoft.IdentityModel.Tokens" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-5.1.2.0" newVersion="5.1.2.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Microsoft.IdentityModel.Logging" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-1.1.2.0" newVersion="1.1.2.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-4.0.4.0" newVersion="4.0.4.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="log4net" publicKeyToken="669e0ddf0bb1aa2a" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-2.0.8.0" newVersion="2.0.8.0" />
      </dependentAssembly>
    </assemblyBinding>
mattbrailsford commented 6 years ago

Fixed in commit e74f67b264fa06f90393ddf63c983194fcd73141