Handle [Authorize] for Controllers that need to enable security through claims. If you publish your api as AWS lambda in a API Gateway protected with Cognito Authorizer and you need secure your controllers already injected throw API Gateway to Lambda use this package. In otherwise if you consume Authorization using Cognito with this package you can read cognito claims.
- Inject via Dependency Injection to ApiGatewayAuthorizerClaimsReader
- Add Authentication scheme AddApiGatewayJWTAuthorizerScheme
services.AddAnotherService();
services.AddHttpContextAccessor();
services.AddScoped<ICognitoClaimsReader, ApiGatewayAuthorizerClaimsReader>();
builder.Services.AddAuthentication(ApiGatewayJWTAuthorizerDefaults.AuthenticationScheme)
.AddApiGatewayJWTAuthorizerScheme(options =>
{
options.RequireToken = true;
options.ExtractClaimsFromToken = builder.Environment.IsDevelopment(); //In develop mode if you have a token you can decrypt and read his information
});
- Inject via Dependency Injection to OpenIdCognitoClaimsReader
- Add Authentication scheme OpenIdConnect
services.AddAnotherService();
services.AddHttpContextAccessor();
services.AddScoped<ICognitoClaimsReader, OpenIdCognitoClaimsReader>();
builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "cognito";
})
.AddCookie(options =>
{
options.ExpireTimeSpan = TimeSpan.FromMinutes(58);
options.SlidingExpiration = !authOptions!.UseTokenLifetime;
options.Cookie.Name = "cookieauth";
options.Cookie.HttpOnly = true;
options.Cookie.SameSite = SameSiteMode.Lax;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
})
.AddOpenIdConnect("cognito", options =>
{
options.NonceCookie.SecurePolicy = CookieSecurePolicy.Always;
options.NonceCookie.SameSite = SameSiteMode.Lax;
options.CorrelationCookie.SecurePolicy = CookieSecurePolicy.Always;
options.CorrelationCookie.SameSite = SameSiteMode.Lax;
options.ClaimsIssuer = "cognito";
options.ResponseType = authOptions!.ResponseType;
options.MetadataAddress = authOptions.MetadataAddress;
options.ClientId = authOptions.ClientId;
options.ClientSecret = authOptions.ClientSecret;
options.Scope.Add("email");
options.Scope.Add("openid");
options.Scope.Add("profile");
options.GetClaimsFromUserInfoEndpoint = true;
options.SaveTokens = authOptions.SaveTokens;
options.UseTokenLifetime = authOptions.UseTokenLifetime;
...
If you want, buy me a coofee ☕ https://www.paypal.com/paypalme/vicosanzdev?locale.x=es_XC