/// <inheritdoc/>
public virtual async Task <BackchannelAuthenticationResponse> ProcessAsync(BackchannelAuthenticationRequestValidationResult validationResult)
{
using var activity = Tracing.BasicActivitySource.StartActivity("BackchannelAuthenticationResponseGenerator.Process");
if (validationResult == null)
{
throw new ArgumentNullException(nameof(validationResult));
}
if (validationResult.ValidatedRequest == null)
{
throw new ArgumentNullException(nameof(validationResult.ValidatedRequest));
}
if (validationResult.ValidatedRequest.Client == null)
{
throw new ArgumentNullException(nameof(validationResult.ValidatedRequest.Client));
}
Logger.LogTrace("Creating response for backchannel authentication request");
var request = new BackChannelAuthenticationRequest
{
CreationTime = Clock.UtcNow.UtcDateTime,
ClientId = validationResult.ValidatedRequest.ClientId,
RequestedScopes = validationResult.ValidatedRequest.ValidatedResources.RawScopeValues,
RequestedResourceIndicators = validationResult.ValidatedRequest.RequestedResourceIndiators,
Subject = validationResult.ValidatedRequest.Subject,
Lifetime = validationResult.ValidatedRequest.Expiry,
AuthenticationContextReferenceClasses = validationResult.ValidatedRequest.AuthenticationContextReferenceClasses,
Tenant = validationResult.ValidatedRequest.Tenant,
IdP = validationResult.ValidatedRequest.IdP,
BindingMessage = validationResult.ValidatedRequest.BindingMessage,
};
var requestId = await BackChannelAuthenticationRequestStore.CreateRequestAsync(request);
var interval = validationResult.ValidatedRequest.Client.PollingInterval ?? Options.Ciba.DefaultPollingInterval;
var response = new BackchannelAuthenticationResponse()
{
AuthenticationRequestId = requestId,
ExpiresIn = request.Lifetime,
Interval = interval,
};
await UserLoginService.SendLoginRequestAsync(new BackchannelUserLoginRequest
{
InternalId = request.InternalId,
Subject = validationResult.ValidatedRequest.Subject,
Client = validationResult.ValidatedRequest.Client,
ValidatedResources = validationResult.ValidatedRequest.ValidatedResources,
RequestedResourceIndicators = validationResult.ValidatedRequest.RequestedResourceIndiators,
BindingMessage = validationResult.ValidatedRequest.BindingMessage,
AuthenticationContextReferenceClasses = validationResult.ValidatedRequest.AuthenticationContextReferenceClasses,
Tenant = validationResult.ValidatedRequest.Tenant,
IdP = validationResult.ValidatedRequest.IdP,
});
return(response);
}
private static async Task <TokenResponse> RequestTokenAsync(BackchannelAuthenticationResponse authorizeResponse)
{
var disco = await _cache.GetAsync();
if (disco.IsError)
{
throw new Exception(disco.Error);
}
var client = new HttpClient();
while (true)
{
var response = await client.RequestBackchannelAuthenticationTokenAsync(new BackchannelAuthenticationTokenRequest
{
Address = disco.TokenEndpoint,
ClientId = "ciba",
ClientSecret = "secret",
AuthenticationRequestId = authorizeResponse.AuthenticationRequestId
});
if (response.IsError)
{
if (response.Error == OidcConstants.TokenErrors.AuthorizationPending || response.Error == OidcConstants.TokenErrors.SlowDown)
{
Console.WriteLine($"{response.Error}...waiting.");
Thread.Sleep(authorizeResponse.Interval.Value * 1000);
}
else
{
throw new Exception(response.Error);
}
}
else
{
return(response);
}
}
}
private void LogResponse(BackchannelAuthenticationResponse response, BackchannelAuthenticationRequestValidationResult requestResult)
{
_logger.LogTrace("BackchannelAuthenticationResponse: {@response} for subject {subjectId}", response, requestResult.ValidatedRequest.Subject.GetSubjectId());
}
public BackchannelAuthenticationResult(BackchannelAuthenticationResponse response)
{
Response = response ?? throw new ArgumentNullException(nameof(response));
}
