Since I am currently in the process of updating AuthorizationServer and its samples – I thought it would be the right time to throw away my custom Nancy extensions and use Damian Hickey’s nice Nancy.MSOwinSecurity package instead. The outcome is quite pleasing.

The Startup class now looks exactly like the Web API one (OWIN FTW yay):

public class Startup

{

    public void Configuration(IAppBuilder app)

    {

        // no mapping of incoming claims to Microsoft types

        JwtSecurityTokenHandler.InboundClaimTypeMap = ClaimMappings.None;

        // validate JWT tokens from AuthorizationServer

        app.UseJsonWebToken(

            issuer: Constants.AS.IssuerName,

            audience: Constants.Audience,

            signingKey: Constants.AS.SigningKey);

        // claims transformation

        app.UseClaimsTransformation(new ClaimsTransformer().Transform);

        app.UseNancy();

    }

}

…and the controller *cough* module looks like this:

public class IdentityModule : NancyModule

{

    public IdentityModule() : base(“/api/identity”)

    {

        this.RequiresMSOwinAuthentication();

        Get[“/”] = _ =>

            {

                var user = Context.GetMSOwinUser();

                var claims = from c in user.Claims

                                select new ViewClaim

                                {

                                    Type = c.Type,

                                    Value = c.Value

                                };

                return Response.AsJson<IEnumerable<ViewClaim>>(claims);

            };

    }

}

Full sample here.