Beispiel #1
0
        private async void refresh_Click(object sender, RoutedEventArgs e)
        {
            if (_config == null)
            {
                await LoadOpenIdConnectConfigurationAsync();
            }

            var tokenClient = new TokenClient(
                _config.TokenEndpoint,
                _settings.ClientId,
                _settings.ClientSecret);

            _provider = RsaPublicKeyJwk.CreateProvider();

            var jwk = new RsaPublicKeyJwk("key_id", _provider);

            var tokenResponse = await tokenClient.RequestRefreshTokenPopAsync(
                refreshToken : _result?.RefreshToken,
                algorithm : jwk.alg,
                key : jwk.ToJwkString());

            if (tokenResponse.IsError)
            {
                _result = new LoginResult {
                    ErrorMessage = tokenResponse.Error
                };
            }
            else
            {
                _result = new LoginResult
                {
                    Success               = true,
                    AccessToken           = tokenResponse.AccessToken,
                    RefreshToken          = tokenResponse.RefreshToken,
                    IdentityToken         = tokenResponse.IdentityToken,
                    AccessTokenExpiration = DateTime.Now.AddSeconds(tokenResponse.ExpiresIn)
                };
            }

            ShowTokenResult();
        }
Beispiel #2
0
        private async Task <LoginResult> ValidateResponseAsync(AuthorizeResponse response)
        {
            // id_token validieren
            var tokenClaims = ValidateIdentityToken(response.IdentityToken);

            if (tokenClaims == null)
            {
                return(new LoginResult {
                    ErrorMessage = "Invalid identity token."
                });
            }

            // nonce validieren
            var nonce = tokenClaims.FirstOrDefault(c => c.Type == JwtClaimTypes.Nonce);

            if (nonce == null || !string.Equals(nonce.Value, _nonce, StringComparison.Ordinal))
            {
                return(new LoginResult {
                    ErrorMessage = "Inalid nonce."
                });
            }

            // c_hash validieren
            var c_hash = tokenClaims.FirstOrDefault(c => c.Type == JwtClaimTypes.AuthorizationCodeHash);

            if (c_hash == null || ValidateCodeHash(c_hash.Value, response.Code) == false)
            {
                return(new LoginResult {
                    ErrorMessage = "Invalid code."
                });
            }

            _provider = RsaPublicKeyJwk.CreateProvider();

            var jwk = new RsaPublicKeyJwk("key_id", _provider);

            // code eintauschen gegen tokens
            var tokenClient = new TokenClient(
                _config.TokenEndpoint,
                _settings.ClientId,
                _settings.ClientSecret);

            var tokenResponse = await tokenClient.RequestAuthorizationCodePopAsync(
                code : response.Code,
                redirectUri : _settings.RedirectUri,
                codeVerifier : _verifier,
                algorithm : jwk.alg,
                key : jwk.ToJwkString());

            if (tokenResponse.IsError)
            {
                return(new LoginResult {
                    ErrorMessage = tokenResponse.Error
                });
            }

            // optional userinfo aufrufen
            var profileClaims = new List <Claim>();

            if (_settings.LoadUserProfile)
            {
                var userInfoClient = new UserInfoClient(
                    new Uri(_config.UserInfoEndpoint),
                    tokenResponse.AccessToken);

                var userInfoResponse = await userInfoClient.GetAsync();

                profileClaims = userInfoResponse.GetClaimsIdentity().Claims.ToList();
            }

            var principal = CreatePrincipal(tokenClaims, profileClaims);

            return(new LoginResult
            {
                Success = true,
                User = principal,
                IdentityToken = response.IdentityToken,
                AccessToken = tokenResponse.AccessToken,
                RefreshToken = tokenResponse.RefreshToken,
                AccessTokenExpiration = DateTime.Now.AddSeconds(tokenResponse.ExpiresIn)
            });
        }