public async Task <string> GenerateIdTokenAsync(Core.Common.Models.Client client, JwsPayload jwsPayload)
{
if (client == null)
{
throw new ArgumentNullException(nameof(client));
}
if (jwsPayload == null)
{
throw new ArgumentNullException(nameof(jwsPayload));
}
var signedResponseAlg = client.GetIdTokenSignedResponseAlg();
var encryptResponseAlg = client.GetIdTokenEncryptedResponseAlg();
var encryptResponseEnc = client.GetIdTokenEncryptedResponseEnc();
if (signedResponseAlg == null)
{
signedResponseAlg = JwsAlg.RS256;
}
var idToken = await _jwtGenerator.SignAsync(jwsPayload, signedResponseAlg.Value);
if (encryptResponseAlg == null)
{
return(idToken);
}
if (encryptResponseEnc == null)
{
encryptResponseEnc = JweEnc.A128CBC_HS256;
}
return(await _jwtGenerator.EncryptAsync(idToken, encryptResponseAlg.Value, encryptResponseEnc.Value));
}
public void When_Passing_Not_Supported_Alg_To_GetIdTokenSignedResponseAlg_Then_Null_Is_Returned()
{
// ARRANGE
var client = new Core.Common.Models.Client
{
IdTokenSignedResponseAlg = "not_supported"
};
// ACT
var result = client.GetIdTokenSignedResponseAlg();
// ASSERT
Assert.Null(result);
}
public void When_Passing_Alg_To_GetIdTokenSignedResponseAlg_Then_RS256_Is_Returned()
{
// ARRANGE
var client = new Core.Common.Models.Client
{
IdTokenSignedResponseAlg = Jwt.Constants.JwsAlgNames.RS256
};
// ACT
var result = client.GetIdTokenSignedResponseAlg();
// ASSERT
Assert.NotNull(result == JwsAlg.RS256);
}
public void FillInOtherClaimsIdentityTokenPayload(JwsPayload jwsPayload,
string authorizationCode,
string accessToken,
AuthorizationParameter authorizationParameter,
Core.Common.Models.Client client)
{
if (jwsPayload == null)
{
throw new ArgumentNullException(nameof(jwsPayload));
}
if (client == null)
{
throw new ArgumentNullException(nameof(client));
}
var signedAlg = client.GetIdTokenSignedResponseAlg();
if (signedAlg == null ||
signedAlg == JwsAlg.none)
{
return;
}
if (!_mappingJwsAlgToHashingFunctions.ContainsKey(signedAlg.Value))
{
throw new InvalidOperationException(string.Format("the alg {0} is not supported",
signedAlg.Value));
}
var callback = _mappingJwsAlgToHashingFunctions[signedAlg.Value];
if (!string.IsNullOrWhiteSpace(authorizationCode))
{
var hashingAuthorizationCode = callback(authorizationCode);
jwsPayload.Add(StandardClaimNames.CHash, hashingAuthorizationCode);
}
if (!string.IsNullOrWhiteSpace(accessToken))
{
var hashingAccessToken = callback(accessToken);
jwsPayload.Add(StandardClaimNames.AtHash, hashingAccessToken);
}
}
public async Task <JwsPayload> GetPayload(Core.Common.Models.Client client, string jwsToken)
{
if (client == null)
{
throw new ArgumentNullException(nameof(client));
}
if (string.IsNullOrWhiteSpace(jwsToken))
{
throw new ArgumentNullException(nameof(jwsToken));
}
var signedResponseAlg = client.GetIdTokenSignedResponseAlg();
var encryptResponseAlg = client.GetIdTokenEncryptedResponseAlg();
if (encryptResponseAlg != null) // Decrypt the token.
{
jwsToken = await _jwtParser.DecryptAsync(jwsToken, client.ClientId);
}
return(await _jwtParser.UnSignAsync(jwsToken, client.ClientId));
}
