lukas.angerer
/
PasswordlessWebLogin


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778
							using Fido2NetLib;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Mvc;
using Microsoft.IdentityModel.Tokens;
using Passwordless;

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();
builder.Services.AddFido2(options =>
{
    options.ServerDomain = "localhost";
    options.ServerName = "FIDO2 Test";
    options.Origins = ["http://localhost:5172"];
    options.TimestampDriftTolerance = 300000;
});
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(options =>
    {
        options.RequireHttpsMetadata = false; // dev only!!!
        options.Authority = "http://localhost:5172";
        options.TokenValidationParameters = new TokenValidationParameters
        {
            ValidIssuer = "http://localhost:5172",
            ValidAudience = "http://localhost:5172"
        };
    });

builder.Services.AddAuthorization(authorizationOptions =>
{
    authorizationOptions.AddPolicy("MagicClaim", policyBuilder => policyBuilder.RequireClaim("permissions", "MagicClaim"));
});
builder.Services.AddMemoryCache();
builder.Services.AddTransient<OptionsCache>();
builder.Services.AddTransient<CredentialManager>();

var app = builder.Build();

// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
    app.UseSwagger();
    app.UseSwaggerUI();
}

app.UseStaticFiles();
app.UseHttpsRedirection();
app.UseAuthorization();

app.MapGet("/buildCredentialOptions", ([FromQuery] string login, CredentialManager credMan) => 
        credMan.BuildCredentialOptions(login))
    .WithName("BuildCredentialOptions")
    .WithOpenApi();

app.MapPost("/registerCredential", async ([FromQuery] string login, [FromBody] AuthenticatorAttestationRawResponse attestationResponse, CredentialManager credMan) => 
        await credMan.RegisterCredential(login, attestationResponse))
    .WithName("RegisterCredential")
    .WithOpenApi();

app.MapGet("/buildAssertionOptions", async ([FromQuery] string login, CredentialManager credMan) => 
    await credMan.BuildAssertionOptions(login))
    .WithName("BuildAssertionOptions")
    .WithOpenApi();

app.MapPost("/verifyCredential", async ([FromBody] AuthenticatorAssertionRawResponse assertionResponse, CredentialManager credMan) => 
    await credMan.VerifyCredential(assertionResponse))
    .WithName("VerifyCredential")
    .WithOpenApi();

app.MapGet("/protected", () => "Success!").WithName("Protected").RequireAuthorization(policy =>
{
    policy.RequireClaim("MagicClaim");
});

app.Run();