public async Task LogoutAsync(OpenidConnectPkceSettings openidClientPkceSettings = null)
{
try
{
openidClientPkceSettings = openidClientPkceSettings ?? globalOpenidClientPkceSettings;
var logoutCallBackUri = new Uri(new Uri(navigationManager.BaseUri), openidClientPkceSettings.LogoutCallBackPath).OriginalString;
var state = await SaveStateAsync(openidClientPkceSettings.OidcDiscoveryUri, openidClientPkceSettings.ClientId, logoutCallBackUri, navigationManager.Uri);
var endSessionRequest = new EndSessionRequest
{
IdTokenHint = await(authenticationStateProvider as OidcAuthenticationStateProvider).GetIdToken(),
PostLogoutRedirectUri = logoutCallBackUri,
State = state
};
var nameValueCollection = endSessionRequest.ToDictionary();
var oidcDiscovery = await GetOidcDiscoveryAsync(openidClientPkceSettings.OidcDiscoveryUri);
var endSessionEndpointUri = QueryHelpers.AddQueryString(oidcDiscovery.EndSessionEndpoint, nameValueCollection);
navigationManager.NavigateTo(endSessionEndpointUri);
}
catch (Exception ex)
{
throw new SecurityException($"Failed to end session, Authority '{openidClientPkceSettings.Authority}'.", ex);
}
}
public static IServiceCollection AddOpenidConnectPkce(this IServiceCollection services, Action <OpenidConnectPkceSettings> settings)
{
IdentityModelEventSource.ShowPII = true;
services.AddBlazoredSessionStorage();
var openIDClientPkceSettings = new OpenidConnectPkceSettings();
settings(openIDClientPkceSettings);
services.AddSingleton(openIDClientPkceSettings);
services.AddScoped <OpenidConnectPkce>();
#if NETSTANDARD
services.AddSingleton(sp => new OidcDiscoveryHandler(sp.GetService <HttpClient>()));
#else
services.AddSingleton(sp => new OidcDiscoveryHandler(sp.GetService <IHttpClientFactory>()));
#endif
services.AddScoped <AuthenticationStateProvider, OidcAuthenticationStateProvider>();
#if NETSTANDARD
services.AddTransient <AccessTokenMessageHandler>();
#else
services.AddScoped <AccessTokenMessageHandler>();
#endif
services.AddOptions();
services.AddAuthorizationCore();
// Added to resolve error: Newtonsoft.Json.JsonSerializationException: Unable to find a default constructor to use for type System.IdentityModel.Tokens.Jwt.JwtPayload. Path 'sub', line 1, position 7.
// https://github.com/mono/linker/issues/870
_ = new JwtHeader();
_ = new JwtPayload();
return(services);
}
public OpenidConnectPkce(IServiceProvider serviceProvider, OpenidConnectPkceSettings globalOpenidClientPkceSettings, NavigationManager navigationManager, ISessionStorageService sessionStorage, AuthenticationStateProvider authenticationStateProvider)
{
this.serviceProvider = serviceProvider;
this.globalOpenidClientPkceSettings = globalOpenidClientPkceSettings;
this.navigationManager = navigationManager;
this.sessionStorage = sessionStorage;
this.authenticationStateProvider = authenticationStateProvider;
}
public async Task LoginAsync(OpenidConnectPkceSettings openidClientPkceSettings = null)
{
try
{
openidClientPkceSettings = openidClientPkceSettings ?? globalOpenidClientPkceSettings;
var nonce = RandomGenerator.GenerateNonce();
var codeVerifier = RandomGenerator.Generate(64);
ValidateResponseMode(openidClientPkceSettings.ResponseMode);
var loginCallBackUri = new Uri(new Uri(navigationManager.BaseUri), openidClientPkceSettings.LoginCallBackPath).OriginalString;
var state = await SaveStateAsync(openidClientPkceSettings, loginCallBackUri, navigationManager.Uri, codeVerifier : codeVerifier, nonce : nonce);
var authenticationRequest = new AuthenticationRequest
{
ClientId = openidClientPkceSettings.ClientId,
ResponseMode = openidClientPkceSettings.ResponseMode,
ResponseType = openidClientPkceSettings.ResponseType,
RedirectUri = loginCallBackUri,
Scope = openidClientPkceSettings.AllScope.ToSpaceList(),
Nonce = nonce,
State = state
};
var codeChallengeRequest = new CodeChallengeSecret
{
CodeChallenge = await codeVerifier.Sha256HashBase64urlEncodedAsync(),
CodeChallengeMethod = IdentityConstants.CodeChallengeMethods.S256,
};
var requestDictionary = authenticationRequest.ToDictionary().AddToDictionary(codeChallengeRequest);
if (openidClientPkceSettings.Resources?.Count() > 0)
{
var resourceRequest = new ResourceRequest
{
Resources = openidClientPkceSettings.Resources
};
requestDictionary = requestDictionary.AddToDictionary(resourceRequest);
}
var oidcDiscovery = await GetOidcDiscoveryAsync(openidClientPkceSettings.OidcDiscoveryUri);
var authorizationUri = QueryHelpers.AddQueryString(oidcDiscovery.AuthorizationEndpoint, requestDictionary);
navigationManager.NavigateTo(authorizationUri, true);
}
catch (Exception ex)
{
throw new SecurityException($"Failed to login, Authority '{openidClientPkceSettings.Authority}'.", ex);
}
}
private async Task <string> SaveStateAsync(OpenidConnectPkceSettings openidConnectPkceSettings, string callBackUri, string redirectUri, string codeVerifier = null, string nonce = null)
{
var state = RandomGenerator.GenerateNonce(32);
var openidClientPkceState = new OpenidConnectPkceState
{
OidcDiscoveryUri = openidConnectPkceSettings.OidcDiscoveryUri,
ClientId = openidConnectPkceSettings.ClientId,
Resources = openidConnectPkceSettings.Resources,
CallBackUri = callBackUri,
RedirectUri = redirectUri,
CodeVerifier = codeVerifier,
Nonce = nonce
};
await sessionStorage.SetItemAsync(state, openidClientPkceState);
return(state);
}
public static IServiceCollection AddOpenidConnectPkce(this IServiceCollection services, Action <OpenidConnectPkceSettings> settings)
{
IdentityModelEventSource.ShowPII = true;
services.AddBlazoredSessionStorage();
var openIDClientPkceSettings = new OpenidConnectPkceSettings();
settings(openIDClientPkceSettings);
services.AddSingleton(openIDClientPkceSettings);
services.AddScoped <OpenidConnectPkce>();
services.AddSingleton(sp => new OidcDiscoveryHandler(sp.GetService <HttpClient>()));
services.AddScoped <AuthenticationStateProvider, OidcAuthenticationStateProvider>();
services.AddTransient <AccessTokenMessageHandler>();
services.AddOptions();
services.AddAuthorizationCore();
return(services);
}
public OidcAuthenticationStateProvider(OpenidConnectPkceSettings openidClientPkceSettings, ISessionStorageService sessionStorage)
{
this.openidClientPkceSettings = openidClientPkceSettings;
this.sessionStorage = sessionStorage;
}
