public async Task <string> GenerateIdTokenAsync(Core.Common.Models.Client client, JwsPayload jwsPayload) { if (client == null) { throw new ArgumentNullException(nameof(client)); } if (jwsPayload == null) { throw new ArgumentNullException(nameof(jwsPayload)); } var signedResponseAlg = client.GetIdTokenSignedResponseAlg(); var encryptResponseAlg = client.GetIdTokenEncryptedResponseAlg(); var encryptResponseEnc = client.GetIdTokenEncryptedResponseEnc(); if (signedResponseAlg == null) { signedResponseAlg = JwsAlg.RS256; } var idToken = await _jwtGenerator.SignAsync(jwsPayload, signedResponseAlg.Value); if (encryptResponseAlg == null) { return(idToken); } if (encryptResponseEnc == null) { encryptResponseEnc = JweEnc.A128CBC_HS256; } return(await _jwtGenerator.EncryptAsync(idToken, encryptResponseAlg.Value, encryptResponseEnc.Value)); }
public void When_Passing_Not_Supported_Alg_To_GetIdTokenSignedResponseAlg_Then_Null_Is_Returned() { // ARRANGE var client = new Core.Common.Models.Client { IdTokenSignedResponseAlg = "not_supported" }; // ACT var result = client.GetIdTokenSignedResponseAlg(); // ASSERT Assert.Null(result); }
public void When_Passing_Alg_To_GetIdTokenSignedResponseAlg_Then_RS256_Is_Returned() { // ARRANGE var client = new Core.Common.Models.Client { IdTokenSignedResponseAlg = Jwt.Constants.JwsAlgNames.RS256 }; // ACT var result = client.GetIdTokenSignedResponseAlg(); // ASSERT Assert.NotNull(result == JwsAlg.RS256); }
public void FillInOtherClaimsIdentityTokenPayload(JwsPayload jwsPayload, string authorizationCode, string accessToken, AuthorizationParameter authorizationParameter, Core.Common.Models.Client client) { if (jwsPayload == null) { throw new ArgumentNullException(nameof(jwsPayload)); } if (client == null) { throw new ArgumentNullException(nameof(client)); } var signedAlg = client.GetIdTokenSignedResponseAlg(); if (signedAlg == null || signedAlg == JwsAlg.none) { return; } if (!_mappingJwsAlgToHashingFunctions.ContainsKey(signedAlg.Value)) { throw new InvalidOperationException(string.Format("the alg {0} is not supported", signedAlg.Value)); } var callback = _mappingJwsAlgToHashingFunctions[signedAlg.Value]; if (!string.IsNullOrWhiteSpace(authorizationCode)) { var hashingAuthorizationCode = callback(authorizationCode); jwsPayload.Add(StandardClaimNames.CHash, hashingAuthorizationCode); } if (!string.IsNullOrWhiteSpace(accessToken)) { var hashingAccessToken = callback(accessToken); jwsPayload.Add(StandardClaimNames.AtHash, hashingAccessToken); } }
public async Task <JwsPayload> GetPayload(Core.Common.Models.Client client, string jwsToken) { if (client == null) { throw new ArgumentNullException(nameof(client)); } if (string.IsNullOrWhiteSpace(jwsToken)) { throw new ArgumentNullException(nameof(jwsToken)); } var signedResponseAlg = client.GetIdTokenSignedResponseAlg(); var encryptResponseAlg = client.GetIdTokenEncryptedResponseAlg(); if (encryptResponseAlg != null) // Decrypt the token. { jwsToken = await _jwtParser.DecryptAsync(jwsToken, client.ClientId); } return(await _jwtParser.UnSignAsync(jwsToken, client.ClientId)); }