Generating tokens

Generate and load signing rsa key
5 changed files with 119 additions and 19 deletions
--- a/OAuthServer/Controllers/LoginController.cs
+++ b/OAuthServer/Controllers/LoginController.cs
@ -79,7 +79,7 @@ public class LoginController : ControllerBase

        if (result.Succeeded)
        {
-            return Redirect(returnUrl ?? "");
+            return Redirect(returnUrl ?? "/");
        }

        if (result.IsLockedOut)
--- a/OAuthServer/Controllers/OAuthController.cs
+++ b/OAuthServer/Controllers/OAuthController.cs
@ -0,0 +1,24 @@
+using Microsoft.AspNetCore.Mvc;
+using OAuthServer.Services;
+
+namespace OAuthServer.Controllers;
+
+[ApiController]
+public class OAuthController : ControllerBase
+{
+    private readonly ILogger<OAuthController> _logger;
+    private readonly JwtService _jwt;
+
+    public OAuthController(ILogger<OAuthController> logger, JwtService jwt)
+    {
+        _logger = logger;
+        _jwt = jwt;
+    }
+
+    [HttpPost]
+    [Route("get-token")]
+    public ActionResult GenerateToken()
+    {
+        return Ok(_jwt.GenerateToken());
+    }
+}
--- a/OAuthServer/OAuthServer.csproj
+++ b/OAuthServer/OAuthServer.csproj
@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">

    <PropertyGroup>
        <TargetFramework>net8.0</TargetFramework>
@ -6,19 +6,20 @@
        <ImplicitUsings>enable</ImplicitUsings>
        <InvariantGlobalization>true</InvariantGlobalization>
        <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
-    </PropertyGroup>
+      <UserSecretsId>01456bf0-f709-42b0-ad41-af6d7b94cab7</UserSecretsId>
+  </PropertyGroup>

    <ItemGroup>
        <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.2" />
        <PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="8.0.2" />
-        <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="8.0.1"/>
+        <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="8.0.1" />
        <PackageReference Include="Microsoft.EntityFrameworkCore" Version="8.0.2" />
        <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="8.0.2">
          <PrivateAssets>all</PrivateAssets>
          <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
        </PackageReference>
        <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="8.0.2" />
-        <PackageReference Include="Swashbuckle.AspNetCore" Version="6.4.0"/>
+        <PackageReference Include="Swashbuckle.AspNetCore" Version="6.4.0" />
    </ItemGroup>

    <ItemGroup>
--- a/OAuthServer/Program.cs
+++ b/OAuthServer/Program.cs
@ -1,11 +1,13 @@
-using Microsoft.AspNetCore.Authentication.JwtBearer;
+using System.Security.Cryptography;
 using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption;
 using Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.EntityFrameworkCore;
+using Microsoft.IdentityModel.Tokens;
 using Microsoft.OpenApi.Models;
 using OAuthServer;
+using OAuthServer.Services;

 var builder = WebApplication.CreateBuilder(args);

@ -31,6 +33,20 @@ builder.Services.AddSwaggerGen(options =>
            Id = "Bearer"
        }
    });
+    options.AddSecurityRequirement(new OpenApiSecurityRequirement
+    {
+        {
+            new OpenApiSecurityScheme
+            {
+                Reference = new OpenApiReference
+                {
+                    Type = ReferenceType.SecurityScheme,
+                    Id = "Bearer"
+                }
+            },
+            new string[] { }
+        }
+    });
 });

 builder.Services.AddDbContext<AppDbContext>(options => { options.UseSqlite("DataSource=db.sqlite3"); });
@ -39,24 +55,24 @@ builder.Services.AddIdentity<IdentityUser, IdentityRole>(options => { options.St
    .AddEntityFrameworkStores<AppDbContext>()
    .AddDefaultTokenProviders();

+// Load the signing key from a file if it exists or create a new one
+var rsaKey = JwtService.GetSigningKey();
+
+// Add the JWT authentication method
 builder.Services.AddAuthentication().AddJwtBearer("OAuthToken", options =>
 {
-    // options.RequireHttpsMetadata = false;
-    // options.SaveToken = true;
-    // options.TokenValidationParameters = new TokenValidationParameters()
-    // {
-    //     ValidateIssuer = true,
-    //     ValidateAudience = true,
-    //     RequireSignedTokens = true,
-    //     ValidIssuer = builder.Configuration["Jwt:Issuer"],
-    //     ValidAudience = builder.Configuration["Jwt:Audience"],
-    //     IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Environment.GetEnvironmentVariable("JWT_KEY")))
-    // };
+    options.SaveToken = false;
+    options.TokenValidationParameters = new TokenValidationParameters()
+    {
+        ValidateIssuer = false,
+        ValidateAudience = false,
+        RequireSignedTokens = true,
+        IssuerSigningKey = new RsaSecurityKey(rsaKey)
+    };
 });

 builder.Services.Configure<IdentityOptions>(options =>
 {
-
    // SignIn settings.
    options.SignIn.RequireConfirmedAccount = false;
    options.SignIn.RequireConfirmedEmail = false;
@ -116,10 +132,12 @@ builder.Services.AddAuthorization(options =>
    // Require the External role to authenticate with a different authentication method
    options.AddPolicy("External", policy => policy
        .RequireRole("External")
-        .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
+        .AddAuthenticationSchemes("OAuthToken")
    );
 });

+builder.Services.AddSingleton<JwtService>();
+
 var app = builder.Build();

 // Configure the HTTP request pipeline.
--- a/OAuthServer/Services/JwtService.cs
+++ b/OAuthServer/Services/JwtService.cs
@ -0,0 +1,57 @@
+using System.Security.Claims;
+using System.Security.Cryptography;
+using Microsoft.IdentityModel.JsonWebTokens;
+using Microsoft.IdentityModel.Tokens;
+
+namespace OAuthServer.Services;
+
+public class JwtService
+{
+    private readonly RSA _rsaKey;
+    
+    public JwtService()
+    {
+        _rsaKey = GetSigningKey();
+    }
+
+    public static RSA GetSigningKey()
+    {
+        RSA rsaKey = RSA.Create();
+        const string jwtKeyPath = ".aspnet/jwt-key";
+        string home = Environment.GetFolderPath(Environment.SpecialFolder.UserProfile);
+        string fullPath = Path.Combine(home, jwtKeyPath);
+        if (File.Exists(fullPath))
+        {
+            rsaKey.ImportRSAPrivateKey(File.ReadAllBytes(fullPath), out _);
+        }
+        else
+        {
+            string? dirName = Path.GetDirectoryName(fullPath);
+            if (!string.IsNullOrEmpty(dirName))
+                Directory.CreateDirectory(dirName);
+
+            var privateKey = rsaKey.ExportRSAPrivateKey();
+            File.WriteAllBytes(fullPath, privateKey);
+        }
+
+        return rsaKey;
+    }
+
+    public string GenerateToken()
+    {
+        var handler = new JsonWebTokenHandler();
+        var key = new RsaSecurityKey(_rsaKey);
+        var token = handler.CreateToken(new SecurityTokenDescriptor
+        {
+            Subject = new ClaimsIdentity(new[]
+            {
+                new Claim(JwtRegisteredClaimNames.Sub, "user1"),
+                new Claim("role", "External"),
+                new Claim("scope", "scope:1")
+            }),
+            Expires = DateTime.UtcNow.AddDays(10),
+            SigningCredentials = new SigningCredentials(key, SecurityAlgorithms.RsaSha256)
+        });
+        return token;
+    }
+}
Author	SHA1	Message	Date
D4VID	152c7b148c	Generating tokens	2 years ago
D4VID	f2054dd368	Generate and load signing rsa key	2 years ago