ASP.NET Member new directions

Author: brunobritodev

src/NetDevPack.Security.JwtExtensions/JwkRetriever.cs

@@ -1,4 +1,8 @@
-using Microsoft.AspNetCore.Authentication.JwtBearer;
+using System;
+using System.Collections.Generic;
+using System.Net.Http;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.IdentityModel.Tokens;
 
 namespace NetDevPack.Security.JwtExtensions
@@ -7,8 +11,6 @@ public static class JwksExtension
     {
         public static void SetJwksOptions(this JwtBearerOptions options, JwkOptions jwkOptions)
         {
-            options.Authority = null;
-            options.Audience = null;
 
             if (options.TokenValidationParameters == null)
                 options.TokenValidationParameters = new TokenValidationParameters();
@@ -19,5 +21,37 @@ public static void SetJwksOptions(this JwtBearerOptions options, JwkOptions jwkO
             options.TokenValidationParameters.ValidateAudience = false;
             options.TokenValidationParameters.ValidIssuer = jwkOptions.Issuer;
         }
+
+        public class JwkRetriever
+        {
+            private static readonly HttpClient HttpClient = new HttpClient();
+
+            public JwkRetriever(JwkOptions jwkOptions)
+            {
+                Options = jwkOptions;
+            }
+
+            public JwkOptions Options { get; }
+            public JwkList LastResponse { get; private set; }
+            public IEnumerable<SecurityKey> IssuerSigningKeyResolver(string token, SecurityToken securityToken, string kid, TokenValidationParameters validationParameters)
+            {
+                if (LastResponse == null || LastResponse.When.Add(Options.KeepFor) < DateTime.Now)
+                {
+                    var jwkTask = GetJwks();
+                    jwkTask.Wait();
+                    LastResponse = new JwkList(jwkTask.Result);
+                }
+
+                return LastResponse.Jwks.Keys;
+            }
+
+            private async Task<JsonWebKeySet> GetJwks()
+            {
+                var response = await HttpClient.GetAsync(Options.JwksUri);
+                var responseString = await response.Content.ReadAsStringAsync();
+                return new JsonWebKeySet(responseString);
+
+            }
+        }
     }
 }

src/NetDevPack.Security.JwtExtensions/JwksExtension.cs

@@ -0,0 +1,46 @@
+using System.Threading;
+using System.Threading.Tasks;
+using Microsoft.IdentityModel.Logging;
+using Microsoft.IdentityModel.Protocols;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
+using Microsoft.IdentityModel.Tokens;
+
+namespace NetDevPack.Security.JwtExtensions
+{
+    public class JwksRetriever : IConfigurationRetriever<OpenIdConnectConfiguration>
+    {
+        public Task<OpenIdConnectConfiguration> GetConfigurationAsync(string address, IDocumentRetriever retriever, CancellationToken cancel)
+        {
+            return GetAsync(address, retriever, cancel);
+        }
+
+        /// <summary>
+        /// Retrieves a populated <see cref="OpenIdConnectConfiguration"/> given an address and an <see cref="IDocumentRetriever"/>.
+        /// </summary>
+        /// <param name="address">address of the jwks uri.</param>
+        /// <param name="retriever">the <see cref="IDocumentRetriever"/> to use to read the jwks</param>
+        /// <param name="cancel"><see cref="CancellationToken"/>.</param>
+        /// <returns>A populated <see cref="OpenIdConnectConfiguration"/> instance.</returns>
+        public static async Task<OpenIdConnectConfiguration> GetAsync(string address, IDocumentRetriever retriever, CancellationToken cancel)
+        {
+            if (string.IsNullOrWhiteSpace(address))
+                throw LogHelper.LogArgumentNullException(nameof(address));
+
+            if (retriever == null)
+                throw LogHelper.LogArgumentNullException(nameof(retriever));
+
+            var doc = await retriever.GetDocumentAsync(address, cancel).ConfigureAwait(false);
+            LogHelper.LogVerbose("IDX21811: Deserializing the string: '{0}' obtained from metadata endpoint into openIdConnectConfiguration object.", doc);
+            var jwks = new JsonWebKeySet(doc);
+            var openIdConnectConfiguration = new OpenIdConnectConfiguration()
+            {
+                JsonWebKeySet = jwks,
+                JwksUri = address,
+            };
+            foreach (var securityKey in jwks.GetSigningKeys())
+                openIdConnectConfiguration.SigningKeys.Add(securityKey);
+
+            return openIdConnectConfiguration;
+        }
+    }
+}

src/NetDevPack.Security.JwtExtensions/JwksRetriever.cs

@@ -4,8 +4,8 @@
     <TargetFramework>netstandard2.0</TargetFramework>
     <Version>3.1.0</Version>
     <Authors>Bruno Brito</Authors>
-    <PackageIconUrl>https://jpproject.blob.core.windows.net/images/helldog.png</PackageIconUrl>
-    <PackageTags>jwt jwks rsa ecdsa hmac jwks_uri</PackageTags>
+    <PackageIconUrl>https://raw.githubusercontent.com/NetDevPack/NetDevPack/master/assets/IconNuget.png</PackageIconUrl>
+    <PackageTags>jwt jwks jwks_uri</PackageTags>
     <Title>Extension to load JWKS from custom uri</Title>
     <Description>Component for easy use of JWKS endpoint for Assymetric keys</Description>
     <NeutralLanguage>en</NeutralLanguage>