Skip to content

Commit

Permalink
Merge pull request #138 from DuendeSoftware/anders/AzFnFix
Browse files Browse the repository at this point in the history 
Call GetConfigurationAsync after RequestRefresh
  • Loading branch information
@AndersAbel
AndersAbel authored Jul 28, 2023
2 parents 588e62f + f86ade2 commit 324eb74
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 35 deletions.
2 changes: 1 addition & 1 deletion various/JwtSecuredAzureFunction/Client/Client.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net5.0</TargetFramework>
<TargetFramework>net6.0</TargetFramework>
</PropertyGroup>

<ItemGroup>
Expand Down
2 changes: 1 addition & 1 deletion various/JwtSecuredAzureFunction/JwtSecuredFunction/JwtSecuredFunction.csproj
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>net5.0</TargetFramework>
<TargetFramework>net6.0</TargetFramework>
<AzureFunctionsVersion>v3</AzureFunctionsVersion>
<OutputType>Exe</OutputType>
</PropertyGroup>
Expand Down
62 changes: 29 additions & 33 deletions various/JwtSecuredAzureFunction/JwtSecuredFunction/Token.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
using Microsoft.IdentityModel.Protocols;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using Microsoft.IdentityModel.Tokens;
using System;
using System.Linq;
using System.Security.Claims;
using System.Threading;
Expand All @@ -30,6 +31,22 @@ static Token()
);
}

public static async Task<TokenValidationResult> ValidateTokenAsync(string token)
{
var handler = new JsonWebTokenHandler();

var config = await ConfigurationManager.GetConfigurationAsync(CancellationToken.None);

var validationParameter = new TokenValidationParameters()
{
ValidIssuer = Authority,
ValidAudience = "api",
IssuerSigningKeys = config.SigningKeys
};

return handler.ValidateToken(token, validationParameter);
}

public static async Task<ClaimsIdentity> ValidateAsync(HttpHeadersCollection headers, ILogger logger)
{
var found = headers.TryGetValues("Authorization", out var headerValues);
Expand All @@ -45,46 +62,25 @@ public static async Task<ClaimsIdentity> ValidateAsync(HttpHeadersCollection hea
logger.LogInformation("Invalid authorization header.");
return null;
}

var config = await ConfigurationManager.GetConfigurationAsync(CancellationToken.None);

var validationParameter = new TokenValidationParameters()
var result = await ValidateTokenAsync(values[1]);

if (result.Exception is SecurityTokenSignatureKeyNotFoundException)
{
ValidIssuer = Authority,
ValidAudience = "api",
IssuerSigningKeys = config.SigningKeys
};
logger.LogInformation("Trying to refresh keys.");

var handler = new JsonWebTokenHandler();
ConfigurationManager.RequestRefresh();

result = await ValidateTokenAsync(values[1]);
}

var tries = 0;
while (tries <= 1)
if (result.IsValid)
{
var result = handler.ValidateToken(values[1], validationParameter);

if (result.IsValid)
{
logger.LogInformation("Valid token, returning identity.");
return result.ClaimsIdentity;
}
else
{
if (result.Exception is SecurityTokenSignatureKeyNotFoundException)
{
logger.LogInformation("Trying to refresh keys.");

ConfigurationManager.RequestRefresh();
tries++;
}
else
{
logger.LogInformation("invalid token.");
return null;
}
}
logger.LogInformation("Valid token, returning identity.");
return result.ClaimsIdentity;
}

logger.LogInformation("invalid token signature.");
logger.LogInformation("invalid token.");
return null;
}
}
Expand Down

0 comments on commit 324eb74

Please sign in to comment.