public async Task <AuthorizationRequest> ParseAsync(string returnUrl)
{
using var activity = Tracing.ValidationActivitySource.StartActivity("OidcReturnUrlParser.Parse");
if (IsValidReturnUrl(returnUrl))
{
var parameters = returnUrl.ReadQueryStringAsNameValueCollection();
if (_authorizationParametersMessageStore != null)
{
var messageStoreId = parameters[Constants.AuthorizationParamsStore.MessageStoreIdParameterName];
var entry = await _authorizationParametersMessageStore.ReadAsync(messageStoreId);
parameters = entry?.Data.FromFullDictionary() ?? new NameValueCollection();
}
var user = await _userSession.GetUserAsync();
var result = await _validator.ValidateAsync(parameters, user);
if (!result.IsError)
{
_logger.LogTrace("AuthorizationRequest being returned");
return(new AuthorizationRequest(result.ValidatedRequest));
}
}
_logger.LogTrace("No AuthorizationRequest being returned");
return(null);
}
public override async Task <IEndpointResult> ProcessAsync(HttpContext context)
{
if (!HttpMethods.IsGet(context.Request.Method))
{
Logger.LogWarning("Invalid HTTP method for authorize endpoint.");
return(new StatusCodeResult(HttpStatusCode.MethodNotAllowed));
}
Logger.LogDebug("Start authorize callback request");
var parameters = context.Request.Query.AsNameValueCollection();
if (_authorizationParametersMessageStore != null)
{
var messageStoreId = parameters[Constants.AuthorizationParamsStore.MessageStoreIdParameterName];
var entry = await _authorizationParametersMessageStore.ReadAsync(messageStoreId);
parameters = entry?.Data.FromFullDictionary() ?? new NameValueCollection();
await _authorizationParametersMessageStore.DeleteAsync(messageStoreId);
}
var user = await UserSession.GetUserAsync();
var consentRequest = new ConsentRequest(parameters, user?.GetSubjectId());
var consent = await _consentResponseStore.ReadAsync(consentRequest.Id);
if (consent != null && consent.Data == null)
{
return(await CreateErrorResultAsync("consent message is missing data"));
}
try
{
var result = await ProcessAuthorizeRequestAsync(parameters, user, consent?.Data);
Logger.LogTrace("End Authorize Request. Result type: {0}", result?.GetType().ToString() ?? "-none-");
return(result);
}
finally
{
if (consent != null)
{
await _consentResponseStore.DeleteAsync(consentRequest.Id);
}
}
}
/// <inheritdoc/>
public async Task <IEndpointResult> ProcessCompleteAuthorizeRequestAsync(
NameValueCollection parameters,
HttpContext context,
ClaimsPrincipal principal = null)
{
_logger.LogTrace("Processing complete authorize request");
if (_authorizationParametersMessageStore != null)
{
_logger.LogTrace("Check parameters from message store");
var messageStoreId = parameters[Constants.AuthorizationParamsStore.MessageStoreIdParameterName];
var entry = await _authorizationParametersMessageStore.ReadAsync(messageStoreId);
parameters = entry?.Data.FromFullDictionary() ?? new NameValueCollection();
_logger.LogTrace("Remove parameters from message store");
await _authorizationParametersMessageStore.DeleteAsync(messageStoreId);
}
_logger.LogTrace("Get user session");
var user = principal ?? await _userSession.GetUserAsync();
var consentRequest = new ConsentRequest(parameters, user?.GetSubjectId());
var consent = await _consentResponseStore.ReadAsync(consentRequest.Id);
if (consent != null && consent.Data == null)
{
_logger.LogWarning("Consent message is missing data");
return(await _authorizeRequestHandler.CreateErrorResultAsync("consent message is missing data"));
}
try
{
_logger.LogTrace("Authorize Request processing");
var result = await _authorizeRequestHandler.ProcessAuthorizeRequestAsync(parameters, user, consent?.Data, context);
_logger.LogTrace("End Authorize Request. Result type: {0}", result?.GetType().ToString() ?? "-none-");
return(result);
}
finally
{
if (consent != null)
{
await _consentResponseStore.DeleteAsync(consentRequest.Id);
}
_logger.LogTrace("Complete authorize request completed.");
}
}
internal async Task <IEndpointResult> ProcessAuthorizeRequestAsync(NameValueCollection parameters, ClaimsPrincipal user, bool checkConsentResponse = false)
{
if (user != null)
{
Logger.LogDebug("User in authorize request: {subjectId}", user.GetSubjectId());
}
else
{
Logger.LogDebug("No user present in authorize request");
}
if (checkConsentResponse && _authorizationParametersMessageStore != null)
{
var messageStoreId = parameters[Constants.AuthorizationParamsStore.MessageStoreIdParameterName];
var entry = await _authorizationParametersMessageStore.ReadAsync(messageStoreId);
parameters = entry?.Data.FromFullDictionary() ?? new NameValueCollection();
await _authorizationParametersMessageStore.DeleteAsync(messageStoreId);
}
// validate request
var result = await _validator.ValidateAsync(parameters, user);
if (result.IsError)
{
return(await CreateErrorResultAsync(
"Request validation failed",
result.ValidatedRequest,
result.Error,
result.ErrorDescription));
}
string consentRequestId = null;
try
{
Message <ConsentResponse> consent = null;
if (checkConsentResponse)
{
var consentRequest = new ConsentRequest(result.ValidatedRequest.Raw, user?.GetSubjectId());
consentRequestId = consentRequest.Id;
consent = await _consentResponseStore.ReadAsync(consentRequestId);
if (consent != null && consent.Data == null)
{
return(await CreateErrorResultAsync("consent message is missing data"));
}
}
var request = result.ValidatedRequest;
LogRequest(request);
// determine user interaction
var interactionResult = await _interactionGenerator.ProcessInteractionAsync(request, consent?.Data);
if (interactionResult.IsError)
{
return(await CreateErrorResultAsync("Interaction generator error", request, interactionResult.Error, interactionResult.ErrorDescription, false));
}
if (interactionResult.IsLogin)
{
return(new LoginPageResult(request));
}
if (interactionResult.IsConsent)
{
return(new ConsentPageResult(request));
}
if (interactionResult.IsRedirect)
{
return(new CustomRedirectResult(request, interactionResult.RedirectUrl));
}
var response = await _authorizeResponseGenerator.CreateResponseAsync(request);
await RaiseResponseEventAsync(response);
LogResponse(response);
return(new AuthorizeResult(response));
}
finally
{
if (consentRequestId != null)
{
await _consentResponseStore.DeleteAsync(consentRequestId);
}
}
}