public async Task OnGet()
{
if (User.Identity.IsAuthenticated)
{
IdTokenResponse = await _oidcPipelineStore.GetDownstreamIdTokenResponse(HttpContext.Session.GetSessionId());
Claims = Request.HttpContext.User.Claims.ToList();
}
}
public RPAuthenticationConclusion SVX_SignInRP(IdTokenResponse resp)
{
// Comment out these 2 lines to see the verification fail.
if (resp.idToken.theParams.rpPrincipal != SVX_Principal)
{
throw new Exception("IdTokenResponse was not issued to this RP.");
}
// Pull new { ... } out to work around BCT mistranslation.
var stateParams = new StateParams {
client = resp.SVX_sender, idpPrincipal = googlePrincipal
};
stateGenerator.Verify(stateParams, resp.state);
return(new RPAuthenticationConclusion {
authenticatedClient = resp.SVX_sender,
googleUsername = resp.idToken.theParams.username
});
}
public async Task <IActionResult> OnGetCallbackAsync(string returnUrl = null, string remoteError = null)
{
string currentNameIdClaimValue = null;
if (User.Identity.IsAuthenticated)
{
// we will only create a new user if the user here is actually new.
var qName = from claim in User.Claims
where claim.Type == ".nameIdentifier"
select claim;
var nc = qName.FirstOrDefault();
currentNameIdClaimValue = nc?.Value;
}
returnUrl = returnUrl ?? Url.Content("~/");
if (remoteError != null)
{
ErrorMessage = $"Error from external provider: {remoteError}";
return(RedirectToPage("./Login", new { ReturnUrl = returnUrl }));
}
var info = await _signInManager.GetExternalLoginInfoAsync();
if (info == null)
{
ErrorMessage = "Error loading external login information.";
return(RedirectToPage("./Login", new { ReturnUrl = returnUrl }));
}
var oidc = await HarvestOidcDataAsync();
IdTokenResponse idTokenResponse = new IdTokenResponse
{
access_token = oidc["access_token"],
expires_at = oidc["expires_at"],
id_token = oidc["id_token"],
refresh_token = oidc["refresh_token"],
token_type = oidc["token_type"],
LoginProvider = info.LoginProvider
};
await _oidcPipelineStore.StoreDownstreamIdTokenResponse(HttpContext.Session.GetSessionId(), idTokenResponse);
var queryNameId = from claim in info.Principal.Claims
where claim.Type == ClaimTypes.NameIdentifier
select claim;
var nameIdClaim = queryNameId.FirstOrDefault();
var query = from claim in info.Principal.Claims
where _possibleNameTypes.Contains(claim.Type)
select claim;
var nameClaim = query.FirstOrDefault();
var displayName = nameIdClaim.Value;
if (nameClaim != null)
{
displayName = nameClaim.Value;
}
if (currentNameIdClaimValue == nameIdClaim.Value)
{
// this is a re login from the same user, so don't do anything;
return(LocalRedirect(returnUrl));
}
/*
* // Sign in the user with this external login provider if the user already has a login.
* var result = await _signInManager.ExternalLoginSignInAsync(info.LoginProvider, info.ProviderKey, isPersistent: false, bypassTwoFactor : true);
*
* if (result.Succeeded)
* {
* // Update the token
* await _signInManager.UpdateExternalAuthenticationTokensAsync(info);
*
* _logger.LogInformation("{Name} logged in with {LoginProvider} provider.", info.Principal.Identity.Name, info.LoginProvider);
* return LocalRedirect(returnUrl);
* }
* if (result.IsLockedOut)
* {
* return RedirectToPage("./Lockout");
* }
* else
* {
* // If the user does not have an account, then ask the user to create an account.
* ReturnUrl = returnUrl;
* LoginProvider = info.LoginProvider;
* if (info.Principal.HasClaim(c => c.Type == ClaimTypes.Email))
* {
* Input = new InputModel
* {
* Email = info.Principal.FindFirstValue(ClaimTypes.Email)
* };
* }
* return Page();
* }
*/
var leftoverUser = await _userManager.FindByEmailAsync(displayName);
if (leftoverUser != null)
{
await _userManager.DeleteAsync(leftoverUser); // just using this inMemory userstore as a scratch holding pad
}
var user = new ApplicationUser {
UserName = nameIdClaim.Value, Email = displayName
};
var result = await _userManager.CreateAsync(user);
if (result.Succeeded)
{
var newUser = await _userManager.FindByIdAsync(user.Id);
var eClaims = new List <Claim>
{
new Claim("display-name", displayName),
new Claim("login_provider", info.LoginProvider)
};
// normalized id.
await _userManager.AddClaimsAsync(newUser, eClaims);
await _signInManager.SignInAsync(user, isPersistent : false);
await _userManager.DeleteAsync(user); // just using this inMemory userstore as a scratch holding pad
_logger.LogInformation("User created an account using {Name} provider.", info.LoginProvider);
return(LocalRedirect(returnUrl));
}
return(RedirectToPage("./Login", new { ReturnUrl = returnUrl }));
}
