/// <summary>
/// Parse the token request callback Parameter to extract the state and the token ID. Verify that the
/// state contains the CSRF token hash and that the signature on the state and CSRF token is
/// valid.
/// </summary>
/// <param name="callbackParams">the token request callback parameters</param>
/// <param name="csrfToken">the csrf token</param>
/// <returns>an instance of <see cref="TokenRequestCallback"/></returns>
public Task <TokenRequestCallback> ParseTokenRequestCallbackParams(
IDictionary <string, string> callbackParams,
string csrfToken)
{
var unauthenticated = ClientFactory.Unauthenticated(channel);
return(unauthenticated.GetTokenMember()
.Map(member =>
{
var parameters = TokenRequestCallbackParameters.Create(callbackParams);
var state = TokenRequestState.ParseFrom(parameters.SerializedState);
if (!state.CsrfTokenHash.Equals(Util.HashString(csrfToken)))
{
throw new InvalidStateException(csrfToken);
}
var payload = new TokenRequestStatePayload
{
TokenId = parameters.TokenId,
//ToDo(RD-2410): Remove WebUtility.UrlEncode call. It's only for backward compatibility with the old Token Request Flow.
State = WebUtility.UrlEncode(parameters.SerializedState)
};
Util.VerifySignature(member, payload, parameters.Signature);
return TokenRequestCallback.Create(parameters.TokenId, state.InnerState);
}));
}
/// <summary>
/// Generates a Token request URL from a request ID, an original state and a CSRF token.
/// </summary>
/// <param name="requestId">the request id</param>
/// <param name="state">the state</param>
/// <param name="csrfToken">the csrf token</param>
/// <returns>the token request url</returns>
public Task <string> GenerateTokenRequestUrl(
string requestId,
string state = "",
string csrfToken = "")
{
var csrfTokenHash = Util.HashString(csrfToken);
var tokenRequestState = TokenRequestState.Create(csrfTokenHash, state);
return(Task.FromResult(string.Format(
TOKEN_REQUEST_TEMPLATE,
tokenCluster.WebAppUrl,
requestId,
WebUtility.UrlEncode(tokenRequestState.Serialize()))));
}
