/// <summary>
/// Called to create a new authorization code. An application may use this context
/// to replace the authentication ticket before it is serialized or to use its own code store
/// and skip the default logic using <see cref="BaseContext{OpenIdConnectServerOptions}.HandleResponse"/>.
/// </summary>
/// <param name="context">The context of the event carries information in and results out.</param>
/// <returns>Task to enable asynchronous execution</returns>
public virtual Task CreateAuthorizationCode(CreateAuthorizationCodeContext context) => OnCreateAuthorizationCode(context);
private async Task <string> CreateAuthorizationCodeAsync(
ClaimsPrincipal principal, AuthenticationProperties properties,
OpenIdConnectMessage request, OpenIdConnectMessage response)
{
try {
// properties.IssuedUtc and properties.ExpiresUtc
// should always be preferred when explicitly set.
if (properties.IssuedUtc == null)
{
properties.IssuedUtc = Options.SystemClock.UtcNow;
}
if (properties.ExpiresUtc == null)
{
properties.ExpiresUtc = properties.IssuedUtc + Options.AuthorizationCodeLifetime;
}
properties.SetUsage(OpenIdConnectConstants.Usages.Code);
// Claims in authorization codes are never filtered as they are supposed to be opaque:
// CreateAccessTokenAsync and CreateIdentityTokenAsync are responsible of ensuring
// that subsequent access and identity tokens are correctly filtered.
var ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationScheme);
var notification = new CreateAuthorizationCodeContext(Context, Options, request, response, ticket)
{
DataFormat = Options.AuthorizationCodeFormat
};
// Sets the default authorization code serializer.
notification.Serializer = payload => {
return(Task.FromResult(notification.DataFormat?.Protect(payload)));
};
await Options.Provider.CreateAuthorizationCode(notification);
// Treat a non-null authorization code like an implicit HandleResponse call.
if (notification.HandledResponse || !string.IsNullOrEmpty(notification.AuthorizationCode))
{
return(notification.AuthorizationCode);
}
else if (notification.Skipped)
{
return(null);
}
// Allow the application to change the authentication
// ticket from the CreateAuthorizationCode event.
ticket = notification.AuthenticationTicket;
ticket.Properties.CopyTo(properties);
var key = GenerateKey(256 / 8);
using (var stream = new MemoryStream())
using (var writter = new StreamWriter(stream)) {
writter.Write(await notification.SerializeTicketAsync());
writter.Flush();
await Options.Cache.SetAsync(key, options => {
options.AbsoluteExpiration = ticket.Properties.ExpiresUtc;
return(stream.ToArray());
});
}
return(key);
}
catch (Exception exception) {
Logger.LogWarning("An exception occured when serializing an authorization code.", exception);
return(null);
}
}
