diff --git a/cloud/src/Signal.Api.Common/Auth/Auth0Authenticator.cs b/cloud/src/Signal.Api.Common/Auth/Auth0Authenticator.cs index 51d71415f2..0e41d59ef5 100644 --- a/cloud/src/Signal.Api.Common/Auth/Auth0Authenticator.cs +++ b/cloud/src/Signal.Api.Common/Auth/Auth0Authenticator.cs @@ -42,14 +42,16 @@ public Auth0Authenticator(string auth0Domain, IEnumerable audiences, boo string token, CancellationToken cancellationToken = default) { - if (this.handler.ReadJwtToken(token).Issuer == "signalcopat") // Same as in PatService (where PAT is created) + if (this.handler.ReadJwtToken(token).Issuer == "https://api.signalco.io/") // Same as in PatService (where PAT is created) { // TODO: Optimize by caching these parameters (not changing) var patParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes( - await this.secretsProvider.GetSecretAsync(SecretKeys.PatSigningToken, cancellationToken))) + await this.secretsProvider.GetSecretAsync(SecretKeys.PatSigningToken, cancellationToken))), + ValidateAudience = false, + ValidIssuer = "https://api.signalco.io/" }; var user = this.handler.ValidateToken(token, patParameters, out var validatedToken); return (user, validatedToken); diff --git a/cloud/src/Signal.Core/Auth/PatService.cs b/cloud/src/Signal.Core/Auth/PatService.cs index 97a5d8dc34..033476dab7 100644 --- a/cloud/src/Signal.Core/Auth/PatService.cs +++ b/cloud/src/Signal.Core/Auth/PatService.cs @@ -15,7 +15,7 @@ namespace Signal.Core.Auth; public class PatService( - IAzureStorage storage, + IAzureStorage storage, IAzureStorageDao dao, ISecretsProvider secretsProvider) : IPatService { @@ -25,7 +25,7 @@ public async Task VerifyAsync(string userId, string pat, CancellationToken cance throw new ExpectedHttpException(HttpStatusCode.Unauthorized); } - public Task> GetAllAsync(string userId, CancellationToken cancellationToken = default) => + public Task> GetAllAsync(string userId, CancellationToken cancellationToken = default) => dao.PatsAsync(userId, cancellationToken); public async Task CreateAsync(IPatCreate patCreate, CancellationToken cancellationToken = default) @@ -33,8 +33,8 @@ public async Task CreateAsync(IPatCreate patCreate, CancellationToken ca var token = await this.JwtTokenAsync(patCreate.UserId, patCreate.Expire, cancellationToken); var hash = PatHashSha256(patCreate.UserId, token); await storage.PatCreateAsync( - patCreate.UserId, - token[^4..], hash, + patCreate.UserId, + token[^4..], hash, patCreate.Alias, patCreate.Expire, cancellationToken); return token; @@ -51,7 +51,7 @@ private async Task JwtTokenAsync(string userId, DateTime? expire, Cancel }; var tokenDescriptor = new SecurityTokenDescriptor { - Issuer = "signalcopat", + Issuer = "https://api.signalco.io/", Subject = new ClaimsIdentity(claims), Expires = expire, SigningCredentials = signingCredentials @@ -65,7 +65,7 @@ private static string PatHashSha256(string key, string pat) { var hash = new StringBuilder(); var crypto = HMACSHA512.HashData(Encoding.UTF8.GetBytes(key), Encoding.UTF8.GetBytes(pat)); - foreach (var theByte in crypto) + foreach (var theByte in crypto) hash.Append(theByte.ToString("x2")); return hash.ToString(); }