Firebase authentication asp.net core

2019-01-23 09:45发布

站内问答 / C#
1398 1 5

After a successful sign-in to Firebase we received a JWT token.

In order to add authorization to my asp.net app, I tried to add a JwtBearerAuthentication to my middleware.

I have tried the following JwtBearerOptions :

 var options = new JwtBearerOptions
        {
            Audience = "myApp",
            Authority = "https://securetoken.google.com"
        };

and 

 var options = new JwtBearerOptions
        {
            Audience = "myApp",
            Authority = "https://securetoken.google.com/myApp"
        };

Unfortunately this is not working. My Auhtority url is probably incorrect.

Does anyone know wich Auhtority url is correct?

1条回答
乱世女痞
2楼-- · 2019-01-23 10:28

The JWT validation need to be manual : source

The following code is validating the FirebaseToken (JWT) :

    //Download certificates from google
    HttpClient client = new HttpClient();
    var jsonResult = client.GetStringAsync("https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com").Result;

    //Convert JSON Result
    var x509Metadata = JObject.Parse(jsonResult)
                        .Children()
                        .Cast<JProperty>()
                        .Select(i => new x509Metadata(i.Path, i.Value.ToString()));

    //Extract IssuerSigningKeys
    var issuerSigningKeys = x509Metadata.Select(s => s.X509SecurityKey);

    //Setup JwtTokenHandler 
    var handler = new JwtSecurityTokenHandler();
    SecurityToken token;
    handler.ValidateToken(user.FirebaseToken, new TokenValidationParameters
    {
        IssuerSigningKeys = issuerSigningKeys,
        ValidAudience = "myApp",
        ValidIssuer = "https://securetoken.google.com/myApp",
        IssuerSigningKeyResolver = (arbitrarily, declaring, these, parameters) => issuerSigningKeys
    }, out token);

public class x509Metadata
{
    public string KID { get; set; }
    public string Certificate { get; set; }
    public X509SecurityKey X509SecurityKey { get; set; }

    public x509Metadata(string kid, string certificate)
    {
        KID = kid;
        Certificate = certificate;
        X509SecurityKey = BuildSecurityKey(Certificate);
    }

    private X509SecurityKey BuildSecurityKey(string certificate)
    {
        //Remove : -----BEGIN CERTIFICATE----- & -----END CERTIFICATE-----
        var lines = certificate.Split('\n');
        var selectedLines = lines.Skip(1).Take(lines.Length - 3);
        var key = string.Join(Environment.NewLine, selectedLines);

        return new X509SecurityKey(new X509Certificate2(Convert.FromBase64String(key)));
    }
}
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)