lukas.angerer
/
PasswordlessWebLogin


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697
							using Fido2NetLib;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Mvc;
using Microsoft.IdentityModel.Tokens;
using Passwordless;

// TODO: RoslynPad code for key generation
var jwk = JsonWebKey.Create(File.ReadAllText("./demo-jwk.json"));

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();
builder.Services.AddFido2(options =>
{
    options.ServerDomain = "localhost";
    options.ServerName = "FIDO2 Test";
    options.Origins = ["http://localhost:5172"];
    options.TimestampDriftTolerance = 300000;
});
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(options =>
    {
        options.Events = new JwtBearerEvents()
        {
            OnAuthenticationFailed = ctx =>
            {
                Console.WriteLine(ctx.Exception);
                return Task.CompletedTask;
            },
            OnTokenValidated = ctx =>
            {
                Console.WriteLine($"Valid token from {ctx.SecurityToken.Issuer}");
                return Task.CompletedTask;
            }
        };
        options.RequireHttpsMetadata = false; // dev only!!!
        options.Authority = "http://localhost:5172";
        options.TokenValidationParameters = new TokenValidationParameters
        {
            IssuerSigningKey = jwk,
            ValidIssuer = "http://localhost:5172",
            ValidAudience = "http://localhost:5172"
        };
    });

builder.Services.AddAuthorization(authorizationOptions =>
{
    authorizationOptions.AddPolicy("MagicClaim", policyBuilder => policyBuilder.RequireClaim("permissions", "MagicClaim"));
});
builder.Services.AddMemoryCache();
builder.Services.Configure<JwtConfig>(config => config.Key = jwk);
builder.Services.AddTransient<OptionsCache>();
builder.Services.AddTransient<CredentialManager>();

var app = builder.Build();

// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
    app.UseSwagger();
    app.UseSwaggerUI();
}

app.UseStaticFiles();
app.UseHttpsRedirection();
app.UseAuthorization();

app.MapGet("/buildCredentialOptions", ([FromQuery] string login, CredentialManager credMan) => 
        credMan.BuildCredentialOptions(login))
    .WithName("BuildCredentialOptions")
    .WithOpenApi();

app.MapPost("/registerCredential", async ([FromQuery] string login, [FromBody] AuthenticatorAttestationRawResponse attestationResponse, CredentialManager credMan) => 
        await credMan.RegisterCredential(login, attestationResponse))
    .WithName("RegisterCredential")
    .WithOpenApi();

app.MapGet("/buildAssertionOptions", async ([FromQuery] string login, CredentialManager credMan) => 
    await credMan.BuildAssertionOptions(login))
    .WithName("BuildAssertionOptions")
    .WithOpenApi();

app.MapPost("/verifyCredential", async ([FromBody] AuthenticatorAssertionRawResponse assertionResponse, CredentialManager credMan) => 
    Results.Json(await credMan.VerifyCredential(assertionResponse)))
    .WithName("VerifyCredential")
    .WithOpenApi();

app.MapGet("/protected", () => Results.Json("Success!")).WithName("Protected").RequireAuthorization(policy =>
{
    policy.RequireAuthenticatedUser();
    //policy.RequireClaim("MagicClaim");
});

app.Run();