public async Task LogoutAsync(OpenidConnectPkceSettings openidClientPkceSettings = null) { try { openidClientPkceSettings = openidClientPkceSettings ?? globalOpenidClientPkceSettings; var logoutCallBackUri = new Uri(new Uri(navigationManager.BaseUri), openidClientPkceSettings.LogoutCallBackPath).OriginalString; var state = await SaveStateAsync(openidClientPkceSettings.OidcDiscoveryUri, openidClientPkceSettings.ClientId, logoutCallBackUri, navigationManager.Uri); var endSessionRequest = new EndSessionRequest { IdTokenHint = await(authenticationStateProvider as OidcAuthenticationStateProvider).GetIdToken(), PostLogoutRedirectUri = logoutCallBackUri, State = state }; var nameValueCollection = endSessionRequest.ToDictionary(); var oidcDiscovery = await GetOidcDiscoveryAsync(openidClientPkceSettings.OidcDiscoveryUri); var endSessionEndpointUri = QueryHelpers.AddQueryString(oidcDiscovery.EndSessionEndpoint, nameValueCollection); navigationManager.NavigateTo(endSessionEndpointUri); } catch (Exception ex) { throw new SecurityException($"Failed to end session, Authority '{openidClientPkceSettings.Authority}'.", ex); } }
public static IServiceCollection AddOpenidConnectPkce(this IServiceCollection services, Action <OpenidConnectPkceSettings> settings) { IdentityModelEventSource.ShowPII = true; services.AddBlazoredSessionStorage(); var openIDClientPkceSettings = new OpenidConnectPkceSettings(); settings(openIDClientPkceSettings); services.AddSingleton(openIDClientPkceSettings); services.AddScoped <OpenidConnectPkce>(); #if NETSTANDARD services.AddSingleton(sp => new OidcDiscoveryHandler(sp.GetService <HttpClient>())); #else services.AddSingleton(sp => new OidcDiscoveryHandler(sp.GetService <IHttpClientFactory>())); #endif services.AddScoped <AuthenticationStateProvider, OidcAuthenticationStateProvider>(); #if NETSTANDARD services.AddTransient <AccessTokenMessageHandler>(); #else services.AddScoped <AccessTokenMessageHandler>(); #endif services.AddOptions(); services.AddAuthorizationCore(); // Added to resolve error: Newtonsoft.Json.JsonSerializationException: Unable to find a default constructor to use for type System.IdentityModel.Tokens.Jwt.JwtPayload. Path 'sub', line 1, position 7. // https://github.com/mono/linker/issues/870 _ = new JwtHeader(); _ = new JwtPayload(); return(services); }
public OpenidConnectPkce(IServiceProvider serviceProvider, OpenidConnectPkceSettings globalOpenidClientPkceSettings, NavigationManager navigationManager, ISessionStorageService sessionStorage, AuthenticationStateProvider authenticationStateProvider) { this.serviceProvider = serviceProvider; this.globalOpenidClientPkceSettings = globalOpenidClientPkceSettings; this.navigationManager = navigationManager; this.sessionStorage = sessionStorage; this.authenticationStateProvider = authenticationStateProvider; }
public async Task LoginAsync(OpenidConnectPkceSettings openidClientPkceSettings = null) { try { openidClientPkceSettings = openidClientPkceSettings ?? globalOpenidClientPkceSettings; var nonce = RandomGenerator.GenerateNonce(); var codeVerifier = RandomGenerator.Generate(64); ValidateResponseMode(openidClientPkceSettings.ResponseMode); var loginCallBackUri = new Uri(new Uri(navigationManager.BaseUri), openidClientPkceSettings.LoginCallBackPath).OriginalString; var state = await SaveStateAsync(openidClientPkceSettings, loginCallBackUri, navigationManager.Uri, codeVerifier : codeVerifier, nonce : nonce); var authenticationRequest = new AuthenticationRequest { ClientId = openidClientPkceSettings.ClientId, ResponseMode = openidClientPkceSettings.ResponseMode, ResponseType = openidClientPkceSettings.ResponseType, RedirectUri = loginCallBackUri, Scope = openidClientPkceSettings.AllScope.ToSpaceList(), Nonce = nonce, State = state }; var codeChallengeRequest = new CodeChallengeSecret { CodeChallenge = await codeVerifier.Sha256HashBase64urlEncodedAsync(), CodeChallengeMethod = IdentityConstants.CodeChallengeMethods.S256, }; var requestDictionary = authenticationRequest.ToDictionary().AddToDictionary(codeChallengeRequest); if (openidClientPkceSettings.Resources?.Count() > 0) { var resourceRequest = new ResourceRequest { Resources = openidClientPkceSettings.Resources }; requestDictionary = requestDictionary.AddToDictionary(resourceRequest); } var oidcDiscovery = await GetOidcDiscoveryAsync(openidClientPkceSettings.OidcDiscoveryUri); var authorizationUri = QueryHelpers.AddQueryString(oidcDiscovery.AuthorizationEndpoint, requestDictionary); navigationManager.NavigateTo(authorizationUri, true); } catch (Exception ex) { throw new SecurityException($"Failed to login, Authority '{openidClientPkceSettings.Authority}'.", ex); } }
private async Task <string> SaveStateAsync(OpenidConnectPkceSettings openidConnectPkceSettings, string callBackUri, string redirectUri, string codeVerifier = null, string nonce = null) { var state = RandomGenerator.GenerateNonce(32); var openidClientPkceState = new OpenidConnectPkceState { OidcDiscoveryUri = openidConnectPkceSettings.OidcDiscoveryUri, ClientId = openidConnectPkceSettings.ClientId, Resources = openidConnectPkceSettings.Resources, CallBackUri = callBackUri, RedirectUri = redirectUri, CodeVerifier = codeVerifier, Nonce = nonce }; await sessionStorage.SetItemAsync(state, openidClientPkceState); return(state); }
public static IServiceCollection AddOpenidConnectPkce(this IServiceCollection services, Action <OpenidConnectPkceSettings> settings) { IdentityModelEventSource.ShowPII = true; services.AddBlazoredSessionStorage(); var openIDClientPkceSettings = new OpenidConnectPkceSettings(); settings(openIDClientPkceSettings); services.AddSingleton(openIDClientPkceSettings); services.AddScoped <OpenidConnectPkce>(); services.AddSingleton(sp => new OidcDiscoveryHandler(sp.GetService <HttpClient>())); services.AddScoped <AuthenticationStateProvider, OidcAuthenticationStateProvider>(); services.AddTransient <AccessTokenMessageHandler>(); services.AddOptions(); services.AddAuthorizationCore(); return(services); }
public OidcAuthenticationStateProvider(OpenidConnectPkceSettings openidClientPkceSettings, ISessionStorageService sessionStorage) { this.openidClientPkceSettings = openidClientPkceSettings; this.sessionStorage = sessionStorage; }