Ocelot Asp.net Core PreAuthentication Middleware

Question

I'm currently using Ocelot as Api Gateway for a micro-services architecture. I have some authenticated reroutes and to be able to use it I declared a authentication Middleware like this :

var authenticationProviderKey = "Authentification";
        services.AddAuthentication(x =>
        {
            x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
            x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
        })
        .AddJwtBearer(authenticationProviderKey, x =>
        {
            x.RequireHttpsMetadata = false;
            x.TokenValidationParameters = new TokenValidationParameters
            {
                ValidateIssuerSigningKey = true,
                IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(token.Secret)),
                ValidIssuer = token.Issuer,
                ValidAudience = token.Audience,
                ValidateIssuer = true,
                ValidateAudience = true
            };
        });

I wanted to run some custom validation to implement refresh token workflow, to do so I implemented the preAuthentication Middleware to make so tests :

 PreAuthenticationMiddleware = async (ctx, next) =>
            {
                IEnumerable<string> header;
                ctx.DownstreamRequest.Headers.TryGetValues("Authorization", out header);
                if (header.FirstOrDefault() != null)
                {
                    if (JwtUtils.ValidateExpirationToken(header.FirstOrDefault()))
                    {
                        //On validate refresh token
                        Console.WriteLine("PreAuthentification Middleware");
                        Tuple<int, string> credentials = JwtUtils.retrieveInfos(header.FirstOrDefault());
                        string token = JwtUtils.GenerateToken(credentials.Item1, credentials.Item2);
                        ctx.DownstreamRequest.Headers.Remove("Authorization");
                        ctx.DownstreamRequest.Headers.Add("Authorization", token);
                        await next.Invoke();
                    }
                }
            }

From what I understood, when I make an api Call, the preAuthenticate Middleware would be called, and with next.Invoke() my Authentication middleware would be called. The newly generated token in my PreAuthentication middleware is a valid one, but my authentication middleware throws an expiredToken exception even tho he's not. Therefore I think the authentication Middleware is run against the first JWT when the new one has not been yet set to the Authorization Header. Is it the attended behaviour? Or maybe I did not understood correctly the middleware in Ocelot?

Anyway, some help would be much appreciated !

Have a good day,

Lio

Have you got any response or solution to this issue? It looks like ocelot is dead and absolutely no support. — Rajeev Menon, Aug 03 '20 at 18:39
I did not get any anwser and I dropped this architecture that I wanted to implement... Sad situation since it's the only example for an apigateway provided by Microsoft itself. — lioleveau, Aug 04 '20 at 09:51
I am on the same boat, at least if someone can tell if Ocelot API is obsolete. — Rajeev Menon, Aug 04 '20 at 11:25
Take a look at Microsoft's new YARP. https://microsoft.github.io/reverse-proxy/ — bubbleking, Aug 10 '20 at 18:56

Ocelot Asp.net Core PreAuthentication Middleware

0 Answers0