Skip to content

Commit 819d93e

Browse files
committed
Add request for jwks from .well_known endpoint
1 parent 9a66978 commit 819d93e

2 files changed

Lines changed: 21 additions & 12 deletions

File tree

src/AasSecurity/SecurityHelper.cs

Lines changed: 2 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -101,18 +101,13 @@ private static void ParseSecurityMetamodel()
101101
{
102102
for (var i = 0; i < GlobalSecurityVariables.ServerKid.Count; i++)
103103
{
104-
if (GlobalSecurityVariables.ServerKid[i] != "" &&
104+
if ((GlobalSecurityVariables.ServerKid[i] != "" &&
105105
GlobalSecurityVariables.ServerKid[i] == kid)
106+
|| GlobalSecurityVariables.ServerIssuerUrl[i] == iss)
106107
{
107108
domain = GlobalSecurityVariables.ServerDomain[i];
108109
return GlobalSecurityVariables.ServerJwksUrl[i];
109110
}
110-
else if (GlobalSecurityVariables.ServerIssuerUrl[i] == iss)
111-
{
112-
domain = GlobalSecurityVariables.ServerDomain[i];
113-
//ToDo request well-known endpoint to get JWKS properly
114-
return $"{GlobalSecurityVariables.ServerIssuerUrl[i]}/jwks";
115-
}
116111
}
117112
}
118113

src/AasSecurity/SecurityService.cs

Lines changed: 19 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -581,14 +581,27 @@ private string HandleBearerToken(string? bearerToken, ref string user, ref bool
581581
user = "";
582582
var jwksUrl = "";
583583
var kid = jwtSecurityToken.Header["kid"].ToString();
584+
var clientHandler = new HttpClientHandler { DefaultProxyCredentials = CredentialCache.DefaultCredentials };
585+
using var httpClient = new HttpClient(clientHandler);
586+
584587
if (kid != null)
585588
{
586589
jwksUrl = SecurityHelper.FindServerJwksUrl(kid, iss, out domain);
587590
}
588-
if (!jwksUrl.IsNullOrEmpty())
591+
if (jwksUrl.IsNullOrEmpty())
592+
{
593+
var openIdConfig = httpClient.GetStringAsync($"{iss}/.well-known/openid-configuration").Result;
594+
var openIdConfigJson = JsonDocument.Parse(openIdConfig);
595+
596+
string jwksUri = $"{iss}/jwks";
597+
if (openIdConfigJson.RootElement.TryGetProperty("jwks_uri", out var propJwksUri))
598+
{
599+
jwksUri = propJwksUri.GetString();
600+
}
601+
}
602+
603+
try
589604
{
590-
var clientHandler = new HttpClientHandler { DefaultProxyCredentials = CredentialCache.DefaultCredentials };
591-
using var httpClient = new HttpClient(clientHandler);
592605
var jwksJson = httpClient.GetStringAsync(jwksUrl).Result;
593606
var jwks = new JsonWebKeySet(jwksJson);
594607
var signingKeys = jwks.GetSigningKeys();
@@ -611,11 +624,12 @@ private string HandleBearerToken(string? bearerToken, ref string user, ref bool
611624
}
612625
catch (Exception ex)
613626
{
627+
_logger.LogError($"Error in validation of token {bearerToken}: {ex.Message}.");
614628
}
615629
}
616-
else
630+
catch (Exception ex)
617631
{
618-
632+
_logger.LogError($"Error in loading jwks from {jwksUrl}: {ex.Message}.");
619633
}
620634
}
621635
}

0 commit comments

Comments
 (0)