public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
try
{
var providerName = context.Request.Raw.Get(TokenExchangeGrantParameters.Provider);
var externalToken = context.Request.Raw.Get(TokenExchangeGrantParameters.ExternalToken);
var requestEmail = context.Request.Raw.Get(TokenExchangeGrantParameters.Email);
if (string.IsNullOrWhiteSpace(providerName))
{
context.Result = GrantValidationResultHelpers.Error(TokenExchangeErrors.InvalidProvider);
return;
}
if (string.IsNullOrWhiteSpace(externalToken))
{
context.Result = GrantValidationResultHelpers.Error(TokenExchangeErrors.InvalidExternalToken);
return;
}
var provider = await _providerStore.GetProviderByNameAsync(providerName);
if (provider == null)
{
context.Result = GrantValidationResultHelpers.Error(TokenExchangeErrors.ProviderNotFound);
return;
}
var tokenService = _tokenServiceAccessor(providerName);
var userInfo = await tokenService.GetUserInfoAsync(externalToken);
if (userInfo == null)
{
context.Result = GrantValidationResultHelpers.Error(TokenExchangeErrors.UserInfoNotRetrieved);
return;
}
var externalId = userInfo.Value <string>("id");
if (!string.IsNullOrWhiteSpace(externalId))
{
var existingUserId = await _externalUserStore.FindByProviderAsync(providerName, externalId);
if (!string.IsNullOrWhiteSpace(existingUserId))
{
var claims = await _externalUserStore.GetUserClaimsByExternalIdAsync(externalId);
context.Result = GrantValidationResultHelpers.Success(existingUserId, providerName, claims);
}
}
if (string.IsNullOrWhiteSpace(requestEmail))
{
context.Result = await _nonEmailUserProcessor.ProcessAsync(userInfo, providerName);
return;
}
context.Result = await _emailUserProcessor.ProcessAsync(userInfo, requestEmail, providerName);
}
catch (Exception e)
{
context.Result = GrantValidationResultHelpers.Error(e.Message);
}
}
public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
var provider = context.Request.Raw.Get("provider");
if (string.IsNullOrWhiteSpace(provider))
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest, "invalid provider");
return;
}
var token = context.Request.Raw.Get("external_token");
if (string.IsNullOrWhiteSpace(token))
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest, "invalid external token");
return;
}
var requestEmail = context.Request.Raw.Get("email");
var providerType = (ProviderType)Enum.Parse(typeof(ProviderType), provider, true);
if (!Enum.IsDefined(typeof(ProviderType), providerType))
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest, "invalid provider");
return;
}
var userInfo = _providers[providerType].GetUserInfo(token);
if (userInfo == null)
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest, "couldn't retrieve user info from specified provider, please make sure that access token is not expired.");
return;
}
var externalId = userInfo.Value <string>("id");
if (!string.IsNullOrWhiteSpace(externalId))
{
var user = await _userManager.FindByLoginAsync(provider, externalId);
if (null != user)
{
var userClaims = _userManager.GetClaimsAsync(user).Result;
context.Result = new GrantValidationResult(user.Id, provider, userClaims, provider, null);
return;
}
}
if (string.IsNullOrWhiteSpace(requestEmail))
{
context.Result = await _nonEmailUserProcessor.ProcessAsync(userInfo, provider);
return;
}
context.Result = await _emailUserProcessor.ProcessAsync(userInfo, requestEmail, provider);
return;
}
public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
var providerName = context.Request.Raw.Get("provider");
if (string.IsNullOrEmpty(providerName))
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest,
"invalid provider");
return;
}
var idToken = context.Request.Raw.Get("id_token");
if (string.IsNullOrEmpty(idToken))
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest,
"invalid external token");
return;
}
var validationSettings = new ValidationSettings();
//{ Audience = new[] { "YOUR_CLIENT_ID" } };
Payload userInfoPayload = await GoogleJsonWebSignature
.ValidateAsync(idToken, validationSettings);
if (userInfoPayload == null)
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest,
"couldn't retrieve user info from specified provider, please make sure that token is not expired.");
return;
}
/**
* // Get profile information from payload
* String email = payload.getEmail();
* boolean emailVerified = Boolean.valueOf(payload.getEmailVerified());
* String name = (String) payload.get("name");
* String pictureUrl = (String) payload.get("picture");
* String locale = (String) payload.get("locale");
* String familyName = (String) payload.get("family_name");
* String givenName = (String) payload.get("given_name");
*
* // Use or store profile information
*/
// this part signs in user directly if user already exists
var userExternalId = userInfoPayload.Subject;
if (!string.IsNullOrEmpty(userExternalId))
{
// find if external user is already logged in
var extenalLoggedInUser = await _userManager.FindByLoginAsync(providerName, userExternalId);
// this part if external user is already logged in
if (extenalLoggedInUser != null)
{
// so find the user from db to retrieve claims to send into token
var user = await _userManager.FindByIdAsync(extenalLoggedInUser.Id);
// to find the db user claims
var userClaims = await _userManager.GetClaimsAsync(user);
context.Result = new GrantValidationResult(
user.Id, providerName, userClaims, providerName, null);
return;
}
}
// this part registers user
// get email from the post request context
var requestEmail = context.Request.Raw.Get("email");
if (string.IsNullOrEmpty(requestEmail))
{
context.Result = await _nonEmailUserProcessor.ProcessAsync(userInfoPayload,
providerName);
return;
}
// if email found in post request context
// that is from client application email parameter is sent
context.Result = await _emailUserProcessor.ProcessAsync(userInfoPayload,
requestEmail, providerName);
return;
}
public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
try
{
var providerName = context.Request.Raw.Get(ExternalGrantParameters.Provider);
var externalToken = context.Request.Raw.Get(ExternalGrantParameters.ExternalToken);
var requestEmail = context.Request.Raw.Get(ExternalGrantParameters.Email);
if (string.IsNullOrWhiteSpace(providerName))
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest, ExternalGrantErrors.InvalidProvider);
return;
}
if (string.IsNullOrWhiteSpace(externalToken))
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest, ExternalGrantErrors.InvalidExternalToken);
return;
}
var provider = ExternalProviders.GetProviders().FirstOrDefault(x => x.Name.Equals(providerName, StringComparison.OrdinalIgnoreCase));
if (provider == null)
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest, ExternalGrantErrors.ProviderNotFound);
return;
}
var tokenService = _tokenServiceAccessor(providerName);
var userInfo = await tokenService.GetUserInfoAsync(externalToken);
if (userInfo == null)
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest, ExternalGrantErrors.UserInfoNotRetrieved);
return;
}
var externalId = userInfo.Value <string>("id");
if (!string.IsNullOrWhiteSpace(externalId))
{
var existingUserId = await _userManager.FindByProviderAsync(providerName, externalId);
if (!string.IsNullOrWhiteSpace(existingUserId))
{
var claims = await _userManager.GetUserClaimsByExternalIdAsync(externalId, providerName);
context.Result = new GrantValidationResult(existingUserId, providerName, claims, providerName, null);
}
}
if (string.IsNullOrWhiteSpace(requestEmail))
{
context.Result = await _nonEmailUserProcessor.ProcessAsync(userInfo, providerName);
return;
}
context.Result = await _emailUserProcessor.ProcessAsync(userInfo, requestEmail, providerName);
}
catch (Exception e)
{
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest, e.Message);
}
}
