protected override void Given()
{
_options = new OidcMiddlewareOptions
{
AuthenticatedCallback = i => _identity = i,
ClientId = ClientId,
ClientSecret = ClientSecret,
NonceCache = _nonceCache.Object,
TokenClient = _tokenClient.Object,
TokenEndpoint = TokenEndpoint,
TokenValidator = _tokenValidator.Object,
UserInfoClient = _userInfoClient.Object
};
_nonceCache.Setup(c => c.GetNonceAsync(It.IsAny <IAuthenticationManager>()))
.ReturnsAsync(Nonce);
_tokenClient.Setup(c => c.RequestAuthorizationCodeAsync(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <string>(), It.IsAny <string>(), It.IsAny <Uri>()))
.ReturnsAsync(new TokenResponse("{\"id_token\": \"" + IdentityToken + "\",\"access_token\": \"" + AccessToken + "\",\"refresh_token\": \"" + RefreshToken + "\"}"));
_tokenValidator.Setup(v => v.ValidateToken(It.IsAny <OidcMiddlewareOptions>(), It.IsAny <string>(), It.IsAny <string>()));
_userInfoClient.Setup(c => c.GetUserClaims(It.IsAny <OidcMiddlewareOptions>(), It.IsAny <string>()))
.ReturnsAsync(new List <Claim> {
new Claim("name", LoggedInName)
});
_server = CreateServer(app => app.UseCodeFlowAuthentication(_options));
_state = _options.StateDataFormat.Protect(new AuthenticationProperties {
RedirectUri = OriginalUrl
});
_url = $"{OriginalUrl}&code={Code}&state={_state}";
}
public async Task <IEnumerable <Claim> > GetUserClaims(OidcMiddlewareOptions options, string accessToken)
{
var userInfoClient = new UserInfoClient(new Uri(options.UserInfoEndpoint), accessToken);
var userInfo = await userInfoClient.GetAsync();
var claims = userInfo.Claims.Select(c => new Claim(c.Item1, c.Item2)).ToList();
return(claims);
}
protected override void Given()
{
_options = new OidcMiddlewareOptions
{
AuthorizeEndpoint = AuthorizeEndpoint,
ClientId = ClientId,
NonceCache = _nonceCache.Object
};
_nonceCache.Setup(c => c.SetNonceAsync(It.IsAny <IAuthenticationManager>(), It.IsAny <string>()));
_server = CreateServer(
app => app.UseCodeFlowAuthentication(_options),
context =>
{
context.Authentication.Challenge(AuthenticationType);
return(true);
});
}
public void ValidateToken(OidcMiddlewareOptions options, string token, string nonce)
{
var keyBytes = Encoding.UTF8.GetBytes(options.ClientSecret);
Array.Resize(ref keyBytes, 64);
var parameters = new TokenValidationParameters
{
ValidAudience = options.ClientId,
ValidIssuer = options.BaseUrl,
};
if (options.TokenValidationMethod == TokenValidationMethod.SigningKey)
{
if (options.TokenSigningCertificateLoader == null)
{
throw new Exception("Options does not have TokenSigningCertificateLoader, which is required for TokenValidationMethod of SigningKey.");
}
parameters.IssuerSigningKeyResolver = (token1, securityToken, keyIdentifier, validationParameters) =>
{
var certificate = options.TokenSigningCertificateLoader();
return(new[] { new X509SecurityKey(certificate) });
};
}
else
{
parameters.IssuerSigningKey = new SymmetricSecurityKey(keyBytes);
}
var principal = new JwtSecurityTokenHandler().ValidateToken(token, parameters, out var jwt);
var nonceClaim = principal.FindAll("nonce").FirstOrDefault();
if (!string.Equals(nonceClaim.Value, nonce, StringComparison.Ordinal))
{
throw new Exception($"Invalid nonce. :: {nonce} , nonceClaim :: {nonceClaim.Value}");
}
}
