public async Task <IEndpointResult> ProcessAsync(HttpContext context)
{
if (HttpMethods.IsGet(context.Request.Method))
{
var user = await _userSession.GetUserAsync();
var parameters = context.Request.Query.AsNameValueCollection();
var result = await _validator.ValidateAsync(parameters, user);
if (!result.IsError)
{
var request = result.ValidatedRequest;
if (request.IsAnonymous() && request.ResponseMode == OidcConstants.ResponseModes.Json)
{
var response = await _authorizeResponseGenerator.CreateResponseAsync(request);
return(new AuthorizeResult(response));
}
}
}
// call source handler
var innerHandler = _handlerProvider.GetByPath("/connect/authorize");
return(await innerHandler.ProcessAsync(context));
}
public async Task SignInAsync(HttpContext context, string scheme, ClaimsPrincipal principal, AuthenticationProperties properties)
{
var defaultScheme = await _schemes.GetDefaultSignInSchemeAsync();
var cookieScheme = await GetCookieAuthenticationSchemeAsync();
if ((scheme == null && defaultScheme?.Name == cookieScheme) || scheme == cookieScheme)
{
if (principal?.IsAnonymous() == false)
{
var currentPrincipal = await _session.GetUserAsync();
if (currentPrincipal?.IsAnonymous() == true && _options.AllowRemoveAnonymousUserAfterSigningIn)
{
await _anonUserManager.DeleteByIdAsync(currentPrincipal.GetSubjectId());
}
}
if (properties == null)
{
properties = new AuthenticationProperties();
}
await _session.CreateSessionIdAsync(principal, properties);
}
await _inner.SignInAsync(context, scheme, principal, properties);
}
/// <summary>
/// Validates authorize request parameters.
/// </summary>
/// <param name="parameters"></param>
/// <param name="subject"></param>
/// <returns></returns>
public async Task <AuthorizeRequestValidationResult> ValidateAsync(NameValueCollection parameters, ClaimsPrincipal subject = null)
{
if (parameters == null)
{
throw new ArgumentNullException(nameof(parameters));
}
var responseMode = parameters.Get(IdentityModel.OidcConstants.AuthorizeRequest.ResponseMode);
var acrValues = parameters.Get(IdentityModel.OidcConstants.AuthorizeRequest.AcrValues);
if (acrValues == Constants.KnownAcrValues.Anonymous && responseMode == OidcConstants.ResponseModes.Json)
{
// source validator dont support "json" response mode
// the "json" response mode only for anonymous requests
parameters.Remove(IdentityModel.OidcConstants.AuthorizeRequest.ResponseMode);
var result = await _inner.ValidateAsync(parameters, subject);
if (!result.IsError)
{
if (subject == null)
{
// create anon user
var anonUser = await _anonUserFactory.CreateAsync();
await _anonUserManager.CreateAsync(anonUser);
// and sign in with "anon" authentication method
await _anonSignInManager.SignInAsync(anonUser);
// reload the current user
result.ValidatedRequest.Subject = await _userSession.GetUserAsync();
}
// return "json" response mode back
result.ValidatedRequest.ResponseMode = OidcConstants.ResponseModes.Json;
// set anonymous token lifetime
// https://github.com/IdentityServer/IdentityServer4/issues/3578
if (result.ValidatedRequest.Subject.IsAnonymous())
{
result.ValidatedRequest.AccessTokenLifetime = _options.AccessTokenLifetime;
}
}
return(result);
}
return(await _inner.ValidateAsync(parameters, subject));
}
