protected override async Task <AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
{
// Get the Google user
var request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.AccessToken);
var response = await Backchannel.SendAsync(request, Context.RequestAborted);
response.EnsureSuccessStatusCode();
var payload = JObject.Parse(await response.Content.ReadAsStringAsync());
var ticket = new AuthenticationTicket(new ClaimsPrincipal(identity), properties, Options.AuthenticationScheme);
var context = new OAuthCreatingTicketContext(ticket, Context, Options, Backchannel, tokens, payload);
var identifier = GoogleHelper.GetId(payload);
if (!string.IsNullOrEmpty(identifier))
{
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, identifier, ClaimValueTypes.String, Options.ClaimsIssuer));
}
var givenName = GoogleHelper.GetGivenName(payload);
if (!string.IsNullOrEmpty(givenName))
{
identity.AddClaim(new Claim(ClaimTypes.GivenName, givenName, ClaimValueTypes.String, Options.ClaimsIssuer));
}
var familyName = GoogleHelper.GetFamilyName(payload);
if (!string.IsNullOrEmpty(familyName))
{
identity.AddClaim(new Claim(ClaimTypes.Surname, familyName, ClaimValueTypes.String, Options.ClaimsIssuer));
}
var name = GoogleHelper.GetName(payload);
if (!string.IsNullOrEmpty(name))
{
identity.AddClaim(new Claim(ClaimTypes.Name, name, ClaimValueTypes.String, Options.ClaimsIssuer));
}
var email = GoogleHelper.GetEmail(payload);
if (!string.IsNullOrEmpty(email))
{
identity.AddClaim(new Claim(ClaimTypes.Email, email, ClaimValueTypes.String, Options.ClaimsIssuer));
}
var profile = GoogleHelper.GetProfile(payload);
if (!string.IsNullOrEmpty(profile))
{
identity.AddClaim(new Claim("urn:google:profile", profile, ClaimValueTypes.String, Options.ClaimsIssuer));
}
await Options.Events.CreatingTicket(context);
return(context.Ticket);
}
public async Task ValidateAuthenticatedContext()
{
var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("GoogleTest"));
var server = CreateServer(new GoogleOptions
{
ClientId = "Test Id",
ClientSecret = "Test Secret",
StateDataFormat = stateFormat,
AccessType = "offline",
Events = new OAuthEvents()
{
OnCreatingTicket = context =>
{
Assert.NotNull(context.User);
Assert.Equal(context.AccessToken, "Test Access Token");
Assert.Equal(context.RefreshToken, "Test Refresh Token");
Assert.Equal(context.ExpiresIn, TimeSpan.FromSeconds(3600));
Assert.Equal(GoogleHelper.GetEmail(context.User), "Test email");
Assert.Equal(GoogleHelper.GetId(context.User), "Test User ID");
Assert.Equal(GoogleHelper.GetName(context.User), "Test Name");
Assert.Equal(GoogleHelper.GetFamilyName(context.User), "Test Family Name");
Assert.Equal(GoogleHelper.GetGivenName(context.User), "Test Given Name");
return(Task.FromResult(0));
}
},
BackchannelHttpHandler = new TestHttpMessageHandler
{
Sender = req =>
{
if (req.RequestUri.AbsoluteUri == "https://www.googleapis.com/oauth2/v3/token")
{
return(ReturnJsonResponse(new
{
access_token = "Test Access Token",
expires_in = 3600,
token_type = "Bearer",
refresh_token = "Test Refresh Token"
}));
}
else if (req.RequestUri.GetComponents(UriComponents.SchemeAndServer | UriComponents.Path, UriFormat.UriEscaped) == "https://www.googleapis.com/plus/v1/people/me")
{
return(ReturnJsonResponse(new
{
id = "Test User ID",
displayName = "Test Name",
name = new
{
familyName = "Test Family Name",
givenName = "Test Given Name"
},
url = "Profile link",
emails = new[]
{
new
{
value = "Test email",
type = "account"
}
}
}));
}
throw new NotImplementedException(req.RequestUri.AbsoluteUri);
}
}
});
var properties = new AuthenticationProperties();
var correlationKey = ".xsrf";
var correlationValue = "TestCorrelationId";
properties.Items.Add(correlationKey, correlationValue);
properties.RedirectUri = "/foo";
var state = stateFormat.Protect(properties);
//Post a message to the Google middleware
var transaction = await server.SendAsync(
"https://example.com/signin-google?code=TestCode&state=" + UrlEncoder.Default.Encode(state),
$".AspNetCore.Correlation.Google.{correlationValue}=N");
Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
Assert.Equal("/foo", transaction.Response.Headers.GetValues("Location").First());
}
