Merge pull request #5010 from sbwalker/dev

sbwalker · web-flow · commit 9db2a55a5af5 · 2025-01-21T16:55:19.000-05:00
fix #4964 - use bearer token if it already exists
diff --git a/Oqtane.Server/Components/App.razor b/Oqtane.Server/Components/App.razor
@@ -174,7 +174,7 @@
                     // get jwt token for downstream APIs
                     if (Context.User.Identity.IsAuthenticated)
                     {
-                        CreateJwtToken(alias);
+                        GetJwtToken(alias);
                     }
 
                     // includes resources
@@ -441,13 +441,23 @@
         }
     }
 
-    private void CreateJwtToken(Alias alias)
+    private void GetJwtToken(Alias alias)
     {
-        var sitesettings = Context.GetSiteSettings();
-        var secret = sitesettings.GetValue("JwtOptions:Secret", "");
-        if (!string.IsNullOrEmpty(secret))
+        _authorizationToken = Context.Request.Headers[HeaderNames.Authorization];
+        if (!string.IsNullOrEmpty(_authorizationToken))
         {
-            _authorizationToken = JwtManager.GenerateToken(alias, (ClaimsIdentity)Context.User.Identity, secret, sitesettings.GetValue("JwtOptions:Issuer", ""), sitesettings.GetValue("JwtOptions:Audience", ""), int.Parse(sitesettings.GetValue("JwtOptions:Lifetime", "20")));
+            // bearer token was provided by remote Identity Provider and was persisted using SaveTokens
+            _authorizationToken = _authorizationToken.Replace("Bearer ", "");
+        }
+        else
+        {
+            // generate bearer token if a secret has been configured in User Settings
+            var sitesettings = Context.GetSiteSettings();
+            var secret = sitesettings.GetValue("JwtOptions:Secret", "");
+            if (!string.IsNullOrEmpty(secret))
+            {
+                _authorizationToken = JwtManager.GenerateToken(alias, (ClaimsIdentity)Context.User.Identity, secret, sitesettings.GetValue("JwtOptions:Issuer", ""), sitesettings.GetValue("JwtOptions:Audience", ""), int.Parse(sitesettings.GetValue("JwtOptions:Lifetime", "20")));
+            }
         }
     }
 

Original file line number	Diff line number	Diff line change
`@@ -174,7 +174,7 @@`
`174`	`174`	`// get jwt token for downstream APIs`
`175`	`175`	`if (Context.User.Identity.IsAuthenticated)`
`176`	`176`	`{`
`177`		`- CreateJwtToken(alias);`
	`177`	`+ GetJwtToken(alias);`
`178`	`178`	`}`
`179`	`179`
`180`	`180`	`// includes resources`
`@@ -441,13 +441,23 @@`
`441`	`441`	`}`
`442`	`442`	`}`
`443`	`443`
`444`		`- private void CreateJwtToken(Alias alias)`
	`444`	`+ private void GetJwtToken(Alias alias)`
`445`	`445`	`{`
`446`		`- var sitesettings = Context.GetSiteSettings();`
`447`		`- var secret = sitesettings.GetValue("JwtOptions:Secret", "");`
`448`		`- if (!string.IsNullOrEmpty(secret))`
	`446`	`+ _authorizationToken = Context.Request.Headers[HeaderNames.Authorization];`
	`447`	`+ if (!string.IsNullOrEmpty(_authorizationToken))`
`449`	`448`	`{`
`450`		`- _authorizationToken = JwtManager.GenerateToken(alias, (ClaimsIdentity)Context.User.Identity, secret, sitesettings.GetValue("JwtOptions:Issuer", ""), sitesettings.GetValue("JwtOptions:Audience", ""), int.Parse(sitesettings.GetValue("JwtOptions:Lifetime", "20")));`
	`449`	`+ // bearer token was provided by remote Identity Provider and was persisted using SaveTokens`
	`450`	`+ _authorizationToken = _authorizationToken.Replace("Bearer ", "");`
	`451`	`+ }`
	`452`	`+ else`
	`453`	`+ {`
	`454`	`+ // generate bearer token if a secret has been configured in User Settings`
	`455`	`+ var sitesettings = Context.GetSiteSettings();`
	`456`	`+ var secret = sitesettings.GetValue("JwtOptions:Secret", "");`
	`457`	`+ if (!string.IsNullOrEmpty(secret))`
	`458`	`+ {`
	`459`	`+ _authorizationToken = JwtManager.GenerateToken(alias, (ClaimsIdentity)Context.User.Identity, secret, sitesettings.GetValue("JwtOptions:Issuer", ""), sitesettings.GetValue("JwtOptions:Audience", ""), int.Parse(sitesettings.GetValue("JwtOptions:Lifetime", "20")));`
	`460`	`+ }`
`451`	`461`	`}`
`452`	`462`	`}`
`453`	`463`