From 25e6b305a3771c7ec1281b098491cac6f7f87460 Mon Sep 17 00:00:00 2001 From: Kevin BEAUGRAND <9513635+kbeaugrand@users.noreply.github.com> Date: Tue, 28 Jun 2022 10:40:04 +0200 Subject: [PATCH] Make OIDC token validation configurable (defaults to true) --- src/AzureIoTHub.Portal/Server/ConfigHandler.cs | 12 ++++++++++++ .../Server/DevelopmentConfigHandler.cs | 8 ++++++++ .../Server/ProductionConfigHandler.cs | 8 ++++++++ src/AzureIoTHub.Portal/Server/Startup.cs | 8 ++++---- 4 files changed, 32 insertions(+), 4 deletions(-) diff --git a/src/AzureIoTHub.Portal/Server/ConfigHandler.cs b/src/AzureIoTHub.Portal/Server/ConfigHandler.cs index c5831c6c6..9413edcd2 100644 --- a/src/AzureIoTHub.Portal/Server/ConfigHandler.cs +++ b/src/AzureIoTHub.Portal/Server/ConfigHandler.cs @@ -21,6 +21,10 @@ public abstract class ConfigHandler internal const string OIDCMetadataUrlKey = "OIDC:MetadataUrl"; internal const string OIDCClientIdKey = "OIDC:ClientId"; internal const string OIDCApiClientIdKey = "OIDC:ApiClientId"; + internal const string OIDCValidateIssuerKey = "OIDC:ValidateIssuer"; + internal const string OIDCValidateAudienceKey = "OIDC:ValidateAudience"; + internal const string OIDCValidateLifetimeKey = "OIDC:ValidateLifetime"; + internal const string OIDCValidateIssuerSigningKeyKey = "OIDC:ValidateIssuerSigningKey"; internal const string IsLoRaFeatureEnabledKey = "LoRaFeature:Enabled"; @@ -67,6 +71,14 @@ internal static ConfigHandler Create(IWebHostEnvironment env, IConfiguration con internal abstract string OIDCAuthority { get; } + internal abstract bool OIDCValidateIssuer { get; } + + internal abstract bool OIDCValidateAudience { get; } + + internal abstract bool OIDCValidateLifetime { get; } + + internal abstract bool OIDCValidateIssuerSigningKey { get; } + internal abstract bool IsLoRaEnabled { get; } internal abstract string StorageAccountBlobContainerName { get; } diff --git a/src/AzureIoTHub.Portal/Server/DevelopmentConfigHandler.cs b/src/AzureIoTHub.Portal/Server/DevelopmentConfigHandler.cs index c62dc5ae3..8e6767be4 100644 --- a/src/AzureIoTHub.Portal/Server/DevelopmentConfigHandler.cs +++ b/src/AzureIoTHub.Portal/Server/DevelopmentConfigHandler.cs @@ -40,6 +40,14 @@ internal DevelopmentConfigHandler(IConfiguration config) internal override string OIDCApiClientId => this.config[OIDCApiClientIdKey]; + internal override bool OIDCValidateIssuer => this.config.GetValue(OIDCValidateIssuerKey, true); + + internal override bool OIDCValidateAudience => this.config.GetValue(OIDCValidateAudienceKey, true); + + internal override bool OIDCValidateLifetime => this.config.GetValue(OIDCValidateLifetimeKey, true); + + internal override bool OIDCValidateIssuerSigningKey => this.config.GetValue(OIDCValidateIssuerSigningKeyKey, true); + internal override bool IsLoRaEnabled => bool.Parse(this.config[IsLoRaFeatureEnabledKey] ?? "true"); internal override string StorageAccountBlobContainerName => this.config[StorageAccountBlobContainerNameKey]; diff --git a/src/AzureIoTHub.Portal/Server/ProductionConfigHandler.cs b/src/AzureIoTHub.Portal/Server/ProductionConfigHandler.cs index 7fb22b4ce..a5903cea7 100644 --- a/src/AzureIoTHub.Portal/Server/ProductionConfigHandler.cs +++ b/src/AzureIoTHub.Portal/Server/ProductionConfigHandler.cs @@ -40,6 +40,14 @@ internal ProductionConfigHandler(IConfiguration config) internal override string OIDCApiClientId => this.config[OIDCApiClientIdKey]; + internal override bool OIDCValidateIssuer => this.config.GetValue(OIDCValidateIssuerKey, true); + + internal override bool OIDCValidateAudience => this.config.GetValue(OIDCValidateAudienceKey, true); + + internal override bool OIDCValidateLifetime => this.config.GetValue(OIDCValidateLifetimeKey, true); + + internal override bool OIDCValidateIssuerSigningKey => this.config.GetValue(OIDCValidateIssuerSigningKeyKey, true); + internal override bool IsLoRaEnabled => bool.Parse(this.config[IsLoRaFeatureEnabledKey] ?? "true"); internal override string StorageAccountBlobContainerName => this.config[StorageAccountBlobContainerNameKey]; diff --git a/src/AzureIoTHub.Portal/Server/Startup.cs b/src/AzureIoTHub.Portal/Server/Startup.cs index 9de8848ec..b0a63a62a 100644 --- a/src/AzureIoTHub.Portal/Server/Startup.cs +++ b/src/AzureIoTHub.Portal/Server/Startup.cs @@ -87,10 +87,10 @@ public void ConfigureServices(IServiceCollection services) opts.MetadataAddress = configuration.OIDCMetadataUrl; opts.Audience = configuration.OIDCApiClientId; - opts.TokenValidationParameters.ValidateIssuer = true; - opts.TokenValidationParameters.ValidateAudience = true; - opts.TokenValidationParameters.ValidateLifetime = true; - opts.TokenValidationParameters.ValidateIssuerSigningKey = true; + opts.TokenValidationParameters.ValidateIssuer = configuration.OIDCValidateIssuer; + opts.TokenValidationParameters.ValidateAudience = configuration.OIDCValidateAudience; + opts.TokenValidationParameters.ValidateLifetime = configuration.OIDCValidateLifetime; + opts.TokenValidationParameters.ValidateIssuerSigningKey = configuration.OIDCValidateIssuerSigningKey; }); _ = services.AddSingleton(configuration);