From 64277f54f846dafcd456749060c6e9e755612e1b Mon Sep 17 00:00:00 2001
From: Kyle Spearrin <kyle.spearrin@gmail.com>
Date: Fri, 9 Mar 2018 11:02:31 -0500
Subject: [PATCH] token retrieval from header or qs

---
 src/Api/Startup.cs                        |  2 ++
 src/Core/IdentityServer/TokenRetrieval.cs | 32 +++++++++++++++++++++++
 2 files changed, 34 insertions(+)
 create mode 100644 src/Core/IdentityServer/TokenRetrieval.cs

diff --git a/src/Api/Startup.cs b/src/Api/Startup.cs
index 80cfe18cf9..75e109e47d 100644
--- a/src/Api/Startup.cs
+++ b/src/Api/Startup.cs
@@ -17,6 +17,7 @@ using Bit.Core.Utilities;
 using IdentityModel;
 using IdentityServer4.AccessTokenValidation;
 using jsreport.AspNetCore;
+using Bit.Core.IdentityServer;
 
 namespace Bit.Api
 {
@@ -79,6 +80,7 @@ namespace Bit.Api
                     options.Authority = globalSettings.BaseServiceUri.InternalIdentity;
                     options.RequireHttpsMetadata = !Environment.IsDevelopment() &&
                         globalSettings.BaseServiceUri.InternalIdentity.StartsWith("https");
+                    options.TokenRetriever = TokenRetrieval.FromAuthorizationHeaderOrQueryString();
                     options.NameClaimType = ClaimTypes.Email;
                     options.SupportedTokens = SupportedTokens.Jwt;
                 });
diff --git a/src/Core/IdentityServer/TokenRetrieval.cs b/src/Core/IdentityServer/TokenRetrieval.cs
new file mode 100644
index 0000000000..8d82d28019
--- /dev/null
+++ b/src/Core/IdentityServer/TokenRetrieval.cs
@@ -0,0 +1,32 @@
+using Microsoft.AspNetCore.Http;
+using System;
+using System.Linq;
+
+namespace Bit.Core.IdentityServer
+{
+    public static class TokenRetrieval
+    {
+        private static string _headerScheme = "Bearer ";
+        private static string _queuryScheme = "access_token";
+        private static string _authHeader = "Authorization";
+
+        public static Func<HttpRequest, string> FromAuthorizationHeaderOrQueryString()
+        {
+            return (request) =>
+            {
+                var authorization = request.Headers[_authHeader].FirstOrDefault();
+                if(string.IsNullOrWhiteSpace(authorization))
+                {
+                    return request.Query[_queuryScheme].FirstOrDefault();
+                }
+
+                if(authorization.StartsWith(_headerScheme, StringComparison.OrdinalIgnoreCase))
+                {
+                    return authorization.Substring(_headerScheme.Length).Trim();
+                }
+
+                return null;
+            };
+        }
+    }
+}