-
Notifications
You must be signed in to change notification settings - Fork 493
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Revert "Revert "Adding RBAC support for provisioning SDK (#2262)""
This reverts commit 1a0b9de.
- Loading branch information
Showing
9 changed files
with
298 additions
and
43 deletions.
There are no files selected for viewing
27 changes: 27 additions & 0 deletions
27
provisioning/service/src/Auth/ProvisioningSasCredential.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
// Copyright (c) Microsoft. All rights reserved. | ||
// Licensed under the MIT license. See LICENSE file in the project root for full license information. | ||
using Azure; | ||
using Microsoft.Azure.Devices.Common.Service.Auth; | ||
|
||
namespace Microsoft.Azure.Devices.Provisioning.Service.Auth | ||
{ | ||
/// <summary> | ||
/// Allows authentication to the API using a Shared Access Key provided by custom implementation. | ||
/// The PnP client is auto generated from swagger and needs to implement a specific class to pass to the protocol layer | ||
/// unlike the rest of the clients which are hand-written. So, this implementation for authentication is specific to digital twin (PnP). | ||
/// </summary> | ||
internal class ProvisioningSasCredential: IAuthorizationHeaderProvider | ||
{ | ||
private readonly AzureSasCredential _azureSasCredential; | ||
|
||
public ProvisioningSasCredential(AzureSasCredential azureSasCredential) | ||
{ | ||
_azureSasCredential = azureSasCredential; | ||
} | ||
|
||
public string GetAuthorizationHeader() | ||
{ | ||
return _azureSasCredential.Signature; | ||
} | ||
} | ||
} |
43 changes: 43 additions & 0 deletions
43
provisioning/service/src/Auth/ProvisioningTokenCredential.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
// Copyright (c) Microsoft. All rights reserved. | ||
// Licensed under the MIT license. See LICENSE file in the project root for full license information. | ||
using System.Threading; | ||
using Azure.Core; | ||
using Microsoft.Azure.Devices.Common.Service.Auth; | ||
|
||
namespace Microsoft.Azure.Devices.Provisioning.Service.Auth | ||
{ | ||
/// <summary> | ||
/// Allows authentication to the API using a JWT token generated for Azure active directory. | ||
/// The PnP client is auto generated from swagger and needs to implement a specific class to pass to the protocol layer | ||
/// unlike the rest of the clients which are hand-written. so, this implementation for authentication is specific to digital twin (PnP). | ||
/// </summary> | ||
internal class ProvisioningTokenCredential : IAuthorizationHeaderProvider | ||
{ | ||
private readonly TokenCredential _credential; | ||
private readonly object _tokenLock = new object(); | ||
private AccessToken? _cachedAccessToken; | ||
|
||
public ProvisioningTokenCredential(TokenCredential credential) | ||
{ | ||
_credential = credential; | ||
} | ||
|
||
// The HTTP protocol uses this method to get the bearer token for authentication. | ||
public string GetAuthorizationHeader() | ||
{ | ||
lock (_tokenLock) | ||
{ | ||
// A new token is generated if it is the first time or the cached token is close to expiry. | ||
if (!_cachedAccessToken.HasValue | ||
|| TokenHelper.IsCloseToExpiry(_cachedAccessToken.Value.ExpiresOn)) | ||
{ | ||
_cachedAccessToken = _credential.GetToken( | ||
new TokenRequestContext(new string[] { "https://azure-devices-provisioning.net/.default" }), | ||
new CancellationToken()); | ||
} | ||
} | ||
|
||
return $"Bearer {_cachedAccessToken.Value.Token}"; | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
// Copyright (c) Microsoft. All rights reserved. | ||
// Licensed under the MIT license. See LICENSE file in the project root for full license information. | ||
using System; | ||
|
||
namespace Microsoft.Azure.Devices.Provisioning.Service.Auth | ||
{ | ||
internal static class TokenHelper | ||
{ | ||
/// <summary> | ||
/// Determines if the given token expiry date time is close to expiry. The date and time is | ||
/// considered close to expiry if it has less than 10 minutes relative to the current time. | ||
/// </summary> | ||
/// <param name="expiry">The token expiration date and time.</param> | ||
/// <returns>True if the token expiry has less than 10 minutes relative to the current time, otherwise false.</returns> | ||
public static bool IsCloseToExpiry(DateTimeOffset expiry) | ||
{ | ||
TimeSpan timeToExpiry = expiry - DateTimeOffset.UtcNow; | ||
return timeToExpiry.TotalMinutes < 10; | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.