private async Task <OAuthValidateClientCredentialsContext> AuthenticateClient(AuthorizationCodeAccessTokenRequest authorizationCodeAccessTokenRequest)
        {
            _logger.WriteVerbose("AuthenticateClient");

            string clientId     = null;
            string clientSecret = null;
            string redirectUri  = null;

            if (authorizationCodeAccessTokenRequest != null)
            {
                clientId    = authorizationCodeAccessTokenRequest.ClientId;
                redirectUri = authorizationCodeAccessTokenRequest.RedirectUri;
            }

            string authorization = Request.GetHeader("Authorization");

            if (!string.IsNullOrWhiteSpace(authorization) && authorization.StartsWith("Basic ", StringComparison.OrdinalIgnoreCase))
            {
                byte[] data           = Convert.FromBase64String(authorization.Substring("Basic ".Length).Trim());
                string text           = Encoding.UTF8.GetString(data);
                int    delimiterIndex = text.IndexOf(':');
                if (delimiterIndex >= 0)
                {
                    string name     = text.Substring(0, delimiterIndex);
                    string password = text.Substring(delimiterIndex + 1);

                    if (clientId != null && !string.Equals(clientId, name, StringComparison.Ordinal))
                    {
                        return(null);
                    }

                    clientId     = name;
                    clientSecret = password;
                }
            }

            var lookupClientIdContext = new OAuthValidateClientCredentialsContext(
                Request.Environment,
                clientId,
                clientSecret,
                redirectUri);

            await Options.Provider.ValidateClientCredentials(lookupClientIdContext);

            return(lookupClientIdContext);
        }
        private async Task <bool> InvokeAuthorizeEndpoint()
        {
            _logger.WriteVerbose("InvokeAuthorizeEndpoint");

            var authorizeRequest = new AuthorizeRequest(Request.GetQuery());
            var clientIdContext  = new OAuthValidateClientCredentialsContext(
                Request.Environment,
                authorizeRequest.ClientId,
                null,
                authorizeRequest.RedirectUri);

            await Options.Provider.ValidateClientCredentials(clientIdContext);

            if (clientIdContext.IsValidated)
            {
                authorizeRequest.RedirectUri = clientIdContext.RedirectUri;
                _authorizeRequest            = authorizeRequest;
            }

            var authorizeEndpointContext = new OAuthAuthorizeEndpointContext(Request.Environment);
            await Options.Provider.AuthorizeEndpoint(authorizeEndpointContext);

            return(authorizeEndpointContext.IsRequestCompleted);
        }
Beispiel #3
0
 private async Task OnValidateClientCredentials(OAuthValidateClientCredentialsContext context)
 {
     if (context.ClientId == "123456")
     {
         context.ClientFound("abcdef", "http://localhost:18002/Katana.Sandbox.WebClient/ClientApp.aspx");
     }
     else if (context.ClientId == "7890ab")
     {
         context.ClientFound("7890ab", "http://localhost:18002/Katana.Sandbox.WebClient/ClientPageSignIn.html");
     }
 }
Beispiel #4
0
 public virtual Task ValidateClientCredentials(OAuthValidateClientCredentialsContext context)
 {
     return(OnValidateClientCredentials.Invoke(context));
 }
 public virtual Task ValidateClientCredentials(OAuthValidateClientCredentialsContext context)
 {
     return OnValidateClientCredentials.Invoke(context);
 }
        private async Task InvokeTokenEndpoint()
        {
            _logger.WriteVerbose("InvokeTokenEndpoint");

            var form = await Request.ReadForm();

            AccessTokenRequest accessTokenRequest   = AccessTokenRequest.Create(form.Get);
            var authorizationCodeAccessTokenRequest = accessTokenRequest as AuthorizationCodeAccessTokenRequest;
            var clientCredentialsAccessTokenRequest = accessTokenRequest as ClientCredentialsAccessTokenRequest;
            var resourceOwnerPasswordCredentialsAccessTokenRequest = accessTokenRequest as ResourceOwnerPasswordCredentialsAccessTokenRequest;

            OAuthValidateClientCredentialsContext lookupClientId = await AuthenticateClient(authorizationCodeAccessTokenRequest);

            if (!lookupClientId.IsValidated)
            {
                // TODO: actual error
                _logger.WriteError("clientID is not valid.");
                return;
            }

            AuthenticationTicket ticket;

            if (authorizationCodeAccessTokenRequest != null)
            {
                AuthenticationTicket code = Options.AccessCodeHandler.Unprotect(authorizationCodeAccessTokenRequest.Code);
                // TODO - fire event
                ticket = code;
            }
            else if (resourceOwnerPasswordCredentialsAccessTokenRequest != null)
            {
                var resourceOwnerCredentialsContext = new OAuthValidateResourceOwnerCredentialsContext(
                    Request.Environment,
                    resourceOwnerPasswordCredentialsAccessTokenRequest.Username,
                    resourceOwnerPasswordCredentialsAccessTokenRequest.Password,
                    resourceOwnerPasswordCredentialsAccessTokenRequest.Scope);

                Options.Provider.ValidateResourceOwnerCredentials(resourceOwnerCredentialsContext);

                if (resourceOwnerCredentialsContext.IsValidated)
                {
                    ticket = new AuthenticationTicket(
                        resourceOwnerCredentialsContext.Identity,
                        resourceOwnerCredentialsContext.Extra);
                }
                else
                {
                    _logger.WriteError("resourceOwnerCredentialsContext is not valid.");
                    throw new NotImplementedException("real error");
                }
            }
            else
            {
                _logger.WriteError("null authorizationCodeAccessTokenRequest and null resourceOwnerPasswordCredentialsTokenRequest");
                throw new NotImplementedException("real error");
            }

            var tokenEndpointContext = new OAuthTokenEndpointContext(
                Request.Environment,
                ticket,
                accessTokenRequest);

            await Options.Provider.TokenEndpoint(tokenEndpointContext);

            if (!tokenEndpointContext.TokenIssued)
            {
                _logger.WriteError("Token was not issued to tokenEndpointContext");
                throw new NotImplementedException("real error");
            }

            string accessToken = Options.AccessTokenHandler.Protect(new AuthenticationTicket(tokenEndpointContext.Identity, tokenEndpointContext.Extra));

            var memory = new MemoryStream();

            byte[] body;
            using (var writer = new JsonTextWriter(new StreamWriter(memory)))
            {
                writer.WriteStartObject();
                writer.WritePropertyName("access_token");
                writer.WriteValue(accessToken);
                writer.WritePropertyName("token_type");
                writer.WriteValue("bearer");
                writer.WritePropertyName("expires_in");
                writer.WriteValue(3600);
                writer.WriteEndObject();
                writer.Flush();
                body = memory.ToArray();
            }
            Response.ContentType = "application/json;charset=UTF-8";
            Response.SetHeader("Cache-Control", "no-store");
            Response.SetHeader("Pragma", "no-cache");
            Response.SetHeader("Content-Length", memory.ToArray().Length.ToString(CultureInfo.InvariantCulture));
            await Response.Body.WriteAsync(body, 0, body.Length);
        }