{"id":13601189,"url":"https://github.com/turgayozgur/Owin.Token.AspNetCore","last_synced_at":"2025-04-11T01:31:07.154Z","repository":{"id":70165346,"uuid":"165917530","full_name":"turgayozgur/Owin.Token.AspNetCore","owner":"turgayozgur","description":".NET Core library to reading OWIN based OAuth tokens.","archived":false,"fork":false,"pushed_at":"2023-02-15T14:39:29.000Z","size":14,"stargazers_count":29,"open_issues_count":3,"forks_count":2,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-04-06T10:44:18.122Z","etag":null,"topics":["api","aspnetcore","jwtbearer","oauth-tokens","owin-token"],"latest_commit_sha":null,"homepage":null,"language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/turgayozgur.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-01-15T20:20:13.000Z","updated_at":"2024-04-14T17:38:57.000Z","dependencies_parsed_at":"2023-03-11T08:11:22.073Z","dependency_job_id":null,"html_url":"https://github.com/turgayozgur/Owin.Token.AspNetCore","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/turgayozgur%2FOwin.Token.AspNetCore","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/turgayozgur%2FOwin.Token.AspNetCore/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/turgayozgur%2FOwin.Token.AspNetCore/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/turgayozgur%2FOwin.Token.AspNetCore/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/turgayozgur","download_url":"https://codeload.github.com/turgayozgur/Owin.Token.AspNetCore/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248325076,"owners_count":21084866,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","aspnetcore","jwtbearer","oauth-tokens","owin-token"],"created_at":"2024-08-01T18:00:57.768Z","updated_at":"2025-04-11T01:31:02.143Z","avatar_url":"https://github.com/turgayozgur.png","language":"C#","funding_links":[],"categories":["C# #"],"sub_categories":[],"readme":"# Owin.Token.AspNetCore #\n[![Latest version](https://img.shields.io/nuget/v/Owin.Token.AspNetCore.svg)](https://www.nuget.org/packages/Owin.Token.AspNetCore)\n\nSimple .NET Core library to reading OWIN based OAuth tokens. Just implemented the code that deserialize OWIN based token to ticket. So, you can Authenticate your API user by old tokens on your ASPNET Core application. Use the current OAuth mechanism of ASPNET Core for the new token generations.\n\n## Quick Usage ##\n\n```csharp\nvar ticket = LegacyOAuthSecurityTokenHelper.GetTicket(token, new LegacyTokenAuthenticationOptions\n    {\n        DecryptionKey = \"machineKey-DecryptionKey\",\n        ValidationKey = \"machineKey-ValidationKey\",\n        EncryptionMethod = EncryptionMethod.AES, // Default AES\n        ValidationMethod = ValidationMethod.HMACSHA256 // Default HMACSHA256\n    }));\n\n// Authenticate your user with ticket.Identity.Claims!\n```\n\n## Example Usage with JwtBearer ##\n\nYou can use the library with current ASPNET Core JwtBearer OAuth mechanism. Generate your tokens with JwtBearer and firstly validate that tokens with it. If validation falied, try again with LegacyOAuthSecurityTokenHelper.\n\nAdd authentication with JwtBearer functionality.\n\n```csharp\npublic void ConfigureServices(IServiceCollection services, IConfiguration configuration)\n{\n    services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)\n        .AddJwtBearer(options =\u003e\n        {\n            options.TokenValidationParameters = new TokenValidationParameters\n            {\n                // You can change the parameters depends on your implementation.\n                ValidateIssuer = false,\n                ValidateAudience = false,\n                ValidateLifetime = true,\n                ValidateIssuerSigningKey = true,\n                IssuerSigningKey =\n                    new SymmetricSecurityKey(\n                        Encoding.UTF8.GetBytes(\"The key(maybe guid) you specified when generating JwtBearer tokens\"))\n            };\n            // Here is the important point! Add our fallback to SecurityTokenValidators list to validate OWIN tokens.\n            options.SecurityTokenValidators.Add(new LegacyOAuthSecurityTokenHandler(new LegacyTokenAuthenticationOptions\n            {\n                DecryptionKey = configuration.GetValue\u003cstring\u003e(\"LegacyTokenAuthentication:DecryptionKey\"),\n                ValidationKey = configuration.GetValue\u003cstring\u003e(\"LegacyTokenAuthentication:ValidationKey\")\n            }));\n        });\n}\n```\n\nImplement the LegacyOAuthSecurityTokenHandler\n\n```csharp\npublic class LegacyOAuthSecurityTokenHandler : SecurityTokenHandler\n{\n    private readonly LegacyTokenAuthenticationOptions _options;\n\n    public LegacyOAuthSecurityTokenHandler(LegacyTokenAuthenticationOptions options)\n    {\n        _options = options;\n    }\n\n    public override bool CanValidateToken =\u003e true;\n\n    public override bool CanReadToken(string tokenString) =\u003e true;\n    \n    /// \u003csummary\u003e\n    /// ValidateToken\n    /// \u003c/summary\u003e\n    /// \u003cparam name=\"token\"\u003e\u003c/param\u003e\n    /// \u003cparam name=\"validationParameters\"\u003e\u003c/param\u003e\n    /// \u003cparam name=\"validatedToken\"\u003e\u003c/param\u003e\n    /// \u003creturns\u003e\u003c/returns\u003e\n    public override ClaimsPrincipal ValidateToken(string token, TokenValidationParameters validationParameters,\n        out SecurityToken validatedToken)\n    {\n        var ticket = LegacyOAuthSecurityTokenHelper.GetTicket(token, _options);\n\n        var claimsIdentity = new ClaimsIdentity(ClaimTypes.Email).AddClaims(ticket.Identity.Claims);\n        \n        validatedToken = default(SecurityToken);\n        \n        return new ClaimsPrincipal(claimsIdentity);\n    }\n    \n    public override SecurityToken ReadToken(XmlReader reader, TokenValidationParameters validationParameters)\n    {\n        throw new NotImplementedException();\n    }\n    \n    public override void WriteToken(XmlWriter writer, SecurityToken token)\n    {\n        throw new NotImplementedException();\n    }\n\n    public override Type TokenType =\u003e typeof(SecurityToken);\n}\n```\n\n## Bonus: Find Auto Generated MachineKey Detail ##\n\n```csharp\nbyte[] autogenKeys = (byte[])typeof(HttpRuntime).GetField(\"s_autogenKeys\", BindingFlags.NonPublic | BindingFlags.Static).GetValue(null);\n\nType t = typeof(System.Web.Security.DefaultAuthenticationEventArgs).Assembly.GetType(\"System.Web.Security.Cryptography.MachineKeyMasterKeyProvider\");\nConstructorInfo ctor = t.GetConstructors(BindingFlags.Instance | BindingFlags.NonPublic)[0];\n\nType ckey = typeof(System.Web.Security.DefaultAuthenticationEventArgs).Assembly.GetType(\"System.Web.Security.Cryptography.CryptographicKey\");\nConstructorInfo ckeyCtor = ckey.GetConstructors(BindingFlags.Instance | BindingFlags.Public)[0];\nObject ckeyobj = ckeyCtor.Invoke(new object[] { autogenKeys });\nobject o = ctor.Invoke(new object[] { new MachineKeySection(), null, null, ckeyobj, null });\nvar encKey = t.GetMethod(\"GenerateCryptographicKey\", BindingFlags.NonPublic | BindingFlags.Instance)\n    .Invoke(o, new object[] { \"decryptionKey\", \"AutoGenerate,IsolateApps\", 0, 256, \"Invalid_decryption_key\" });\nbyte[] encBytes = ckey.GetMethod(\"GetKeyMaterial\").Invoke(encKey, null) as byte[];\nvar vldKey = t.GetMethod(\"GenerateCryptographicKey\", BindingFlags.NonPublic | BindingFlags.Instance)\n    .Invoke(o, new object[] { \"validationKey\", \"AutoGenerate,IsolateApps\", 256, 256, \"Invalid_validation_key\" });\nbyte[] vldBytes = ckey.GetMethod(\"GetKeyMaterial\").Invoke(vldKey, null) as byte[];\nstring decryptionKey = BitConverter.ToString(encBytes);\ndecryptionKey = decryptionKey.Replace(\"-\", \"\");\nstring validationKey = BitConverter.ToString(vldBytes);\nvalidationKey = validationKey.Replace(\"-\", \"\");\n```\n\n## License ##\nThe Owin.Token.AspNetCore is open-sourced software licensed under the [MIT license](https://opensource.org/licenses/MIT).","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fturgayozgur%2FOwin.Token.AspNetCore","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fturgayozgur%2FOwin.Token.AspNetCore","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fturgayozgur%2FOwin.Token.AspNetCore/lists"}