/// <summary>
/// Initializes a new instance of the <see cref="AuthenticatedClient"/> class.
/// </summary>
/// <param name="apiToken">The API token.</param>
/// <param name="subdomain">The production subdomain.</param>
public AuthenticatedClient(string apiToken, string subdomain)
{
var oktaSettings = new OktaSettings();
oktaSettings.ApiToken = apiToken;
oktaSettings.Subdomain = subdomain;
BaseClient = new OktaHttpClient(oktaSettings);
}
/// <summary>
/// Initializes a new instance of the <see cref="AuthenticatedClient"/> class.
/// </summary>
/// <param name="apiToken">The API token.</param>
/// <param name="baseUri">The base URI.</param>
public AuthenticatedClient(string apiToken, Uri baseUri)
{
var oktaSettings = new OktaSettings()
{
ApiToken = apiToken,
BaseUri = baseUri
};
BaseClient = new OktaHttpClient(oktaSettings);
}
protected override void BeginProcessing()
{
if (Client == null)
{
var oktaSettings = new OktaSettings()
{
ApiToken = Token,
BaseUri = String.IsNullOrEmpty(FullDomain) ? null : new Uri(FullDomain),
Subdomain = Subdomain
};
Client = new OktaClient(oktaSettings);
}
}
public void DeleteSessionToken()
{
OktaSettings oktaSettings = new OktaSettings();
oktaSettings.BaseUri = new Uri(Environment.GetEnvironmentVariable("OKTA_TEST_URL"));
oktaSettings.ApiToken = Environment.GetEnvironmentVariable("OKTA_TEST_KEY");
String username = Environment.GetEnvironmentVariable("OKTA_TEST_ADMIN_NAME");
String password = Environment.GetEnvironmentVariable("OKTA_TEST_ADMIN_PASSWORD");
SessionsClient sessionsClient = new SessionsClient(oktaSettings);
var session = sessionsClient.Create(username, password);
sessionsClient.Close(session.Id);
}
private void PromptForLogin()
{
if (String.IsNullOrEmpty(Token))
{
var response = this.InvokeCommand.InvokeScript("Read-Host", "Enter your API Token");
Token = response.First().BaseObject.ToString();
WriteVerbose("This is the token " + Token);
}
var oktaSettings = new OktaSettings()
{
ApiToken = Token,
BaseUri = String.IsNullOrEmpty(FullDomain) ? null : new Uri(FullDomain),
Subdomain = Subdomain
};
Client = new OktaClient(oktaSettings);
}
public void CreateSessionRedirectUrl()
{
String fakeEndpoint = "http://validurl.com:9999";
String fakeSessionToken = "FakeSessionToken";
String fakeRedirect = "https://this.is.fake:42/really?really=true&also=very+true";
// Create a SessionsClient
OktaSettings oktaSettings = new OktaSettings();
oktaSettings.BaseUri = new Uri(fakeEndpoint);
oktaSettings.ApiToken = "fakeApiToken";
SessionsClient sessionsClient = new SessionsClient(oktaSettings);
// Crate the session url string
String sessionUrlString = sessionsClient.CreateSessionUrlString(fakeSessionToken, new Uri(fakeRedirect));
// Check the format
Assert.AreEqual("http://validurl.com:9999/login/sessionCookieRedirect?token=FakeSessionToken&redirectUrl=https%3A%2F%2Fthis.is.fake%3A42%2Freally%3Freally%3Dtrue%26also%3Dvery%2Btrue", sessionUrlString);
}
public GroupUsersClient(Group group, OktaSettings oktaSettings) : base(oktaSettings, Constants.EndpointV1 + Constants.GroupsEndpoint + "/" + group.Id + Constants.UsersEndpoint)
{
}
public AccountController(IOptions <OktaSettings> oktaSettings)
{
_oktaSettings = oktaSettings.Value;
}
public OrgFactorsClient(OktaSettings oktaSettings) : base(oktaSettings, Constants.EndpointV1 + Constants.OrgEndpoint + Constants.FactorsEndpoint)
{
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
ConfigureMongoDatabase(services);
services.AddSingleton <HomebrewingDbService>();
services.AddSingleton <IRecipeValidator, RecipeValidator>();
var mapperConfig = new MapperConfiguration(mc =>
{
mc.AddProfile(new DefaultProfile());
});
services.AddSingleton(mapperConfig.CreateMapper());
services.AddAutoMapper(typeof(Startup));
var oktaSettings = new OktaSettings
{
Domain = Configuration["Okta:OktaDomain"],
AdminAppClientId = Configuration["Okta:OktaAdminAppClientId"]
};
services.AddSingleton(oktaSettings);
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = OktaDefaults.ApiAuthenticationScheme;
options.DefaultChallengeScheme = OktaDefaults.ApiAuthenticationScheme;
options.DefaultSignInScheme = OktaDefaults.ApiAuthenticationScheme;
})
.AddOktaWebApi(new OktaWebApiOptions
{
OktaDomain = oktaSettings.Domain
});
services.AddAuthorization();
services.AddControllers();
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo {
Title = "HomebrewApi", Version = "v1"
});
c.EnableAnnotations();
c.AddSecurityDefinition("Bearer",
new OpenApiSecurityScheme
{
Name = "Bearer",
BearerFormat = "JWT",
Scheme = "bearer",
Description = "Specify the authorization token.",
In = ParameterLocation.Header,
Type = SecuritySchemeType.Http
});
c.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "Bearer"
}
},
Array.Empty <string>()
}
});
});
}
public UsersClient(OktaSettings oktaSettings) : base(oktaSettings, Constants.EndpointV1 + Constants.UsersEndpoint)
{
}
public OktaClient(OktaSettings oktaSettings)
: base(oktaSettings)
{
}
public AuthClient(OktaSettings oktaSettings) : base(oktaSettings) { resourcePath = Constants.EndpointV1 + Constants.AuthnEndpoint; }
public AuthClient(OktaSettings oktaSettings) : base(oktaSettings)
{
resourcePath = Constants.EndpointV1 + Constants.AuthnEndpoint;
}
/// <summary>
/// Initializes a new instance of the <see cref="ApiClient{T}"/> class.
/// </summary>
/// <param name="oktaSettings">The Okta settings to configure the <see cref="AuthenticatedClient.BaseClient"/></param>
/// <param name="resourcePath">The resource path relative to the <see cref="AuthenticatedClient.BaseUri"/></param>
public ApiClient(OktaSettings oktaSettings, string resourcePath) : base(oktaSettings)
{
this.resourcePath = resourcePath;
}
public ActionResult PkceRoute()
{
string userName = Request["userName"];
string passWord = Request["passWord"];
string authnlogin_but = Request["authnlogin_but"];
string oidclogin_but = Request["oidclogin_but"];
string oidc_but = Request["oidc_but"];
string location = Request["location"];
string myStatus = null;
string myStateToken;
string mySessionToken;
string myOktaId = null;
AuthResponse userAuthClientRsp;
// set relayState
string relayState = Request["relayState"];
TempData["relayState"] = relayState;
Uri orgUri = new Uri(apiUrl);
_orgSettings = new OktaSettings();
_orgSettings.ApiToken = apiToken;
_orgSettings.BaseUri = orgUri;
_oktaClient = new OktaClient(_orgSettings);
_usersClient = new UsersClient(_orgSettings);
_authClient = new AuthClient(_orgSettings);
try
{
userAuthClientRsp = _authClient.Authenticate(username: userName, password: passWord, relayState: relayState);
logger.Debug("thisAuth status " + userAuthClientRsp.Status);
myStatus = userAuthClientRsp.Status;
myStateToken = userAuthClientRsp.StateToken;
mySessionToken = userAuthClientRsp.SessionToken;
if (userAuthClientRsp.Embedded.User != null)
{
myOktaId = userAuthClientRsp.Embedded.User.Id;
}
}
catch (OktaException ex)
{
if (ex.ErrorCode == "E0000004")
{
logger.Debug("Invalid Credentials for User: "******"errMessage"] = "Invalid Credentials for User: "******"E0000085")
{
logger.Debug("Access Denied by Polciy for User: "******"errMessage"] = "Access Denied by Polciy for User: "******"errMessage"] = "Access Denied by Polciy for User: "******" = " + ex.ErrorCode + ":" + ex.ErrorSummary);
// generic failure
TempData["errMessage"] = "Sign in process failed!";
}
TempData["userName"] = userName;
return(RedirectToAction("Login"));
}
switch (myStatus)
{
case "PASSWORD_WARN": //password about to expire
logger.Debug("PASSWORD_WARN ");
break;
case "PASSWORD_EXPIRED": //password has expired
logger.Debug("PASSWORD_EXPIRED ");
break;
case "RECOVERY": //user has requested a recovery token
logger.Debug("RECOVERY ");
break;
case "RECOVERY_CHALLENGE": //user must verify factor specific recovery challenge
logger.Debug("RECOVERY_CHALLENGE ");
break;
case "PASSWORD_RESET": //user satified recovery and must now set password
logger.Debug("PASSWORD_RESET ");
break;
case "LOCKED_OUT": //user account is locked, unlock required
logger.Debug("LOCKED_OUT ");
break;
case "MFA_ENROLL": //user must select and enroll an available factor
logger.Debug("MFA_ENROLL ");
break;
case "MFA_ENROLL_ACTIVATE": //user must activate the factor to complete enrollment
logger.Debug("MFA_ENROLL_ACTIVATE ");
break;
case "MFA_REQUIRED": //user must provide second factor with previously enrolled factor
logger.Debug("MFA_REQUIRED ");
break;
case "MFA_CHALLENGE": //use must verify factor specifc challenge
logger.Debug("MFA_CHALLENGE ");
break;
case "SUCCESS": //authentication is complete
logger.Debug("SUCCESS");
TempData["errMessage"] = "Authn Login Successful ";
TempData["oktaOrg"] = apiUrl;
string landingPage = null;
if (string.IsNullOrEmpty(relayState))
{
landingPage = location + "/AltLanding/UnprotectedLanding";
}
else
{
landingPage = relayState;
}
//optionaly get session Id locally
Session oktaSession = new Okta.Core.Models.Session();
oktaSession = oktaSessionMgmt.CreateSession(mySessionToken);
string cookieToken = oktaSession.CookieToken;
logger.Debug("session Id " + oktaSession.Id + " for User " + userName);
mySessionToken = cookieToken;
//exchange sessionToken for sessionCookie in OIDC Implicit workflow
Random random = new Random();
string nonceValue = random.Next(99999, 1000000).ToString();
string stateCode = "myStateInfo";
string codeVerifier = oktaOidcHelper.CreateCodeVerifier();
//store codeVerifier for token endpoint
cacheService.SavePasscode("myKey", codeVerifier);
string codeChallenge = oktaOidcHelper.CreateCodeChallenge(codeVerifier);
string oauthUrl = appSettings["oidc.authServer"] + "/v1/authorize?response_type=code&response_mode=query&code_challenge_method=S256&code_challenge=" + codeChallenge + "&client_id=" + appSettings["oidc.spintnative.clientId"] + "&scope=" + appSettings["oidc.scopes"] + "&state=" + stateCode + "&nonce=" + nonceValue + "&redirect_uri=" + appSettings["oidc.spintnative.RedirectUri_PKCE"] + "&sessionToken=" + mySessionToken + "&extra_param=myFavoriteData";
return(Redirect(oauthUrl));
//break;
default:
logger.Debug("Status: " + myStatus);
TempData["errMessage"] = "Status: " + myStatus;
break;
}//end of switch
TempData["userName"] = userName;
return(RedirectToAction("UnprotectedLanding", "AltLanding"));
}
public ActionResult ImplicitRoute()
{
string userName = Request["userName"];
string passWord = Request["passWord"];
string authnlogin_but = Request["authnlogin_but"];
string oidclogin_but = Request["oidclogin_but"];
string oidc_but = Request["oidc_but"];
string location = Request["location"];
string myStatus = null;
string myStateToken;
string mySessionToken;
string myOktaId = null;
AuthResponse userAuthClientRsp;
// set relayState
string relayState = Request["relayState"];
TempData["relayState"] = relayState;
Uri orgUri = new Uri(apiUrl);
_orgSettings = new OktaSettings();
_orgSettings.ApiToken = apiToken;
_orgSettings.BaseUri = orgUri;
_oktaClient = new OktaClient(_orgSettings);
_usersClient = new UsersClient(_orgSettings);
_authClient = new AuthClient(_orgSettings);
try
{
userAuthClientRsp = _authClient.Authenticate(username: userName, password: passWord, relayState: relayState);
logger.Debug("thisAuth status " + userAuthClientRsp.Status);
myStatus = userAuthClientRsp.Status;
myStateToken = userAuthClientRsp.StateToken;
mySessionToken = userAuthClientRsp.SessionToken;
if (userAuthClientRsp.Embedded.User != null)
{
myOktaId = userAuthClientRsp.Embedded.User.Id;
}
}
catch (OktaException ex)
{
if (ex.ErrorCode == "E0000004")
{
logger.Debug("Invalid Credentials for User: "******"errMessage"] = "Invalid Credentials for User: "******"E0000085")
{
logger.Debug("Access Denied by Polciy for User: "******"errMessage"] = "Access Denied by Polciy for User: "******"errMessage"] = "Access Denied by Polciy for User: "******" = " + ex.ErrorCode + ":" + ex.ErrorSummary);
// generic failure
TempData["errMessage"] = "Sign in process failed!";
}
TempData["userName"] = userName;
return(RedirectToAction("Login"));
}
switch (myStatus)
{
case "PASSWORD_WARN": //password about to expire
logger.Debug("PASSWORD_WARN ");
break;
case "PASSWORD_EXPIRED": //password has expired
logger.Debug("PASSWORD_EXPIRED ");
break;
case "RECOVERY": //user has requested a recovery token
logger.Debug("RECOVERY ");
break;
case "RECOVERY_CHALLENGE": //user must verify factor specific recovery challenge
logger.Debug("RECOVERY_CHALLENGE ");
break;
case "PASSWORD_RESET": //user satified recovery and must now set password
logger.Debug("PASSWORD_RESET ");
break;
case "LOCKED_OUT": //user account is locked, unlock required
logger.Debug("LOCKED_OUT ");
break;
case "MFA_ENROLL": //user must select and enroll an available factor
logger.Debug("MFA_ENROLL ");
break;
case "MFA_ENROLL_ACTIVATE": //user must activate the factor to complete enrollment
logger.Debug("MFA_ENROLL_ACTIVATE ");
break;
case "MFA_REQUIRED": //user must provide second factor with previously enrolled factor
logger.Debug("MFA_REQUIRED ");
break;
case "MFA_CHALLENGE": //use must verify factor specifc challenge
logger.Debug("MFA_CHALLENGE ");
break;
case "SUCCESS": //authentication is complete
logger.Debug("SUCCESS");
TempData["errMessage"] = "Authn Login Successful ";
TempData["oktaOrg"] = apiUrl;
string landingPage = null;
if (string.IsNullOrEmpty(relayState))
{
landingPage = location + "/AltLanding/UnprotectedLanding";
}
else
{
landingPage = relayState;
}
////optionaly get session Id locally
//Session oktaSession = new Okta.Core.Models.Session();
//oktaSession = oktaSessionMgmt.CreateSession(mySessionToken);
//string cookieToken = oktaSession.CookieToken;
//logger.Debug("session Id " + oktaSession.Id + " for User " + userName);
//mySessionToken = cookieToken;
//exchange sessionToken for sessionCookie in OIDC Implicit workflow
Random random = new Random();
string nonceValue = random.Next(99999, 1000000).ToString();
string stateCode = "myStateInfo";
string oauthUrl = appSettings["oidc.authServer"] + "/v1/authorize?response_type=token id_token&response_mode=form_post&client_id=" + appSettings["oidc.spintweb.clientId"] + "&scope=" + appSettings["oidc.scopes"] + "&state=" + stateCode + " &nonce=" + nonceValue + "&redirect_uri=" + appSettings["oidc.spintweb.RedirectUri"] + "&sessionToken=" + mySessionToken;
//string oauthUrl = appSettings["oidc.authServer"] + "/v1/authorize?idp=0oak4qcg796eVYakY0h7&response_type=id_token token&response_mode=form_post&client_id=" + appSettings["oidc.spintweb.clientId"] + "&scope=" + appSettings["oidc.scopes"] + "&state=" + stateCode + " &nonce=" + nonceValue + "&redirect_uri=" + appSettings["oidc.spintweb.RedirectUri"] + "&sessionToken=" + mySessionToken;
return(Redirect(oauthUrl));
//NOT Typical
//have idToken returned in response
//IRestResponse response = null;
//var client = new RestClient(MvcApplication.apiUrl + "/oauth2/v1/authorize");
//var request = new RestRequest(Method.GET);
//request.AddHeader("Accept", "application/json");
//request.AddHeader("Content-Type", "application/json");
////request.AddHeader("Authorization", " SSWS " + MvcApplication.apiToken);
//request.AddQueryParameter("client_id", appSettings["oidc.spintweb.clientId"]);
//request.AddQueryParameter("response_type", "id_token");
////request.AddQueryParameter("response_type", "token");
//request.AddQueryParameter("response_mode", "okta_post_message");
//request.AddQueryParameter("scope", "openid");
//request.AddQueryParameter("prompt", "none");
//request.AddQueryParameter("redirect_uri", appSettings["oidc.spintweb.RedirectUri"]);
//request.AddQueryParameter("state", "myStateInfo");
//request.AddQueryParameter("nonce", "myNonce");
//request.AddQueryParameter("sessionToken", mySessionToken);
//response = client.Execute(request);
//int myIndex_01 = response.Content.IndexOf("data.id_token =");
//string firstBreak = response.Content.Substring(myIndex_01 + 17);
//int myIndex_02 = firstBreak.IndexOf(";");
//int subLength = myIndex_02 - 1;
//string myIdToken = firstBreak.Substring(0, subLength);
//logger.Debug(myIdToken);
//ViewBag.HtmlStr = response.Content;
//return View("../AltLanding/MyContent");
// break;
default:
logger.Debug("Status: " + myStatus);
TempData["errMessage"] = "Status: " + myStatus;
break;
}//end of switch
TempData["userName"] = userName;
return(RedirectToAction("UnprotectedLanding", "AltLanding"));
}
public ContentAuthControllerBase(OktaSettings oktaSettings)
{
_oktaSettings = oktaSettings;
}
public OktaClient(OktaSettings oktaSettings) : base(oktaSettings)
{
}
public AppGroupsClient(App app, OktaSettings oktaSettings) : base(oktaSettings, Constants.EndpointV1 + Constants.AppsEndpoint + "/" + app.Id + Constants.GroupsEndpoint)
{
}
public GroupsClient(OktaSettings oktaSettings) : base(oktaSettings, Constants.EndpointV1 + Constants.GroupsEndpoint)
{
}
public EventsClient(OktaSettings oktaSettings) : base(oktaSettings, Constants.EndpointV1 + Constants.EventsEndpoint)
{
}
public SessionsClient(OktaSettings oktaSettings) : base(oktaSettings, Constants.EndpointV1 + Constants.SessionsEndpoint)
{
}
/// <summary>
/// Initializes a new instance of the <see cref="AuthenticatedClient"/> class.
/// </summary>
/// <param name="oktaSettings">Settings to configure a <see cref="AuthenticatedClient.BaseClient"/>.</param>
public AuthenticatedClient(OktaSettings oktaSettings)
{
BaseClient = new OktaHttpClient(oktaSettings);
}
public UserFactorsClient(User user, OktaSettings oktaSettings) : base(oktaSettings, Constants.EndpointV1 + Constants.UsersEndpoint + "/" + user.Id + Constants.FactorsEndpoint)
{
}
/// <summary>
/// Initializes a new instance of the <see cref="AuthenticatedClient"/> class.
/// </summary>
/// <param name="oktaSettings">Settings to configure a <see cref="AuthenticatedClient.BaseClient"/>.</param>
public AuthenticatedClient(OktaSettings oktaSettings)
{
BaseClient = new OktaHttpClient(oktaSettings);
}
