Ejemplos de IdentityServer4.Validation ResourceValidationResult en C# (CSharp)

Ejemplo n.º 1

        /// <inheritdoc/>
        public virtual async Task <ResourceValidationResult> ValidateRequestedResourcesAsync(ResourceValidationRequest request)
        {
            if (request == null)
            {
                throw new ArgumentNullException(nameof(request));
            }

            var scopeNames         = request.ParsedScopeValues.Select(x => x.Name).Distinct().ToArray();
            var resourcesFromStore = await _store.FindEnabledResourcesByScopeAsync(scopeNames);

            var result = new ResourceValidationResult();

            foreach (var scope in request.ParsedScopeValues)
            {
                await ValidateScopeAsync(request.Client, resourcesFromStore, scope, result);
            }

            if (result.InvalidScopes.Count > 0)
            {
                result.Resources.IdentityResources.Clear();
                result.Resources.ApiResources.Clear();
                result.Resources.ApiScopes.Clear();
                result.ParsedScopes.Clear();
            }

            return(result);
        }

Ejemplo n.º 2

        public override async Task <ResourceValidationResult> ValidateRequestedResourcesAsync(ResourceValidationRequest request)
        {
            var nvc   = _scopedHttpContextRequestForm.GetFormCollection();
            var token = nvc["token"];

            if (string.IsNullOrWhiteSpace(token))
            {
                token = nvc["refresh_token"];
            }
            if (!string.IsNullOrWhiteSpace(token))
            {
                if (token.StartsWith("1_"))
                {
                    // this has already been validated.
                    if (request == null)
                    {
                        throw new ArgumentNullException(nameof(request));
                    }

                    var result = new ResourceValidationResult();

                    var parsedScopesResult = _scopeParser.ParseScopeValues(request.Scopes);
                    result.ParsedScopes = parsedScopesResult.ParsedScopes;
                    return(result);
                }
            }
            return(await base.ValidateRequestedResourcesAsync(request));
        }

Ejemplo n.º 3

        /// <inheritdoc/>
        public virtual async Task <ResourceValidationResult> ValidateRequestedResourcesAsync(ResourceValidationRequest request)
        {
            if (request == null)
            {
                throw new ArgumentNullException(nameof(request));
            }

            var parsedScopesResult = _scopeParser.ParseScopeValues(request.Scopes);

            var result = new ResourceValidationResult();

            if (!parsedScopesResult.Succeeded)
            {
                foreach (var invalidScope in parsedScopesResult.Errors)
                {
                    _logger.LogError("Invalid parsed scope {scope}, message: {error}", invalidScope.RawValue, invalidScope.Error);
                    result.InvalidScopes.Add(invalidScope.RawValue);
                }

                return(result);
            }

            var scopeNames         = parsedScopesResult.ParsedScopes.Select(x => x.ParsedName).Distinct().ToArray();
            var resourcesFromStore = await _store.FindEnabledResourcesByScopeAsync(scopeNames);

            foreach (var scope in parsedScopesResult.ParsedScopes)
            {
                await ValidateScopeAsync(request.Client, resourcesFromStore, scope, result);
            }

            if (result.InvalidScopes.Count > 0)
            {
                result.Resources.IdentityResources.Clear();
                result.Resources.ApiResources.Clear();
                result.Resources.ApiScopes.Clear();
                result.ParsedScopes.Clear();
            }

            return(result);
        }

Ejemplo n.º 4

        /// <summary>
        /// Validates that the requested scopes is contained in the store, and the client is allowed to request it.
        /// </summary>
        /// <param name="client"></param>
        /// <param name="resourcesFromStore"></param>
        /// <param name="requestedScope"></param>
        /// <param name="result"></param>
        /// <returns></returns>
        protected virtual async Task ValidateScopeAsync(
            Client client,
            Resources resourcesFromStore,
            ParsedScopeValue requestedScope,
            ResourceValidationResult result)
        {
            if (requestedScope.Name == IdentityServerConstants.StandardScopes.OfflineAccess)
            {
                if (await IsClientAllowedOfflineAccessAsync(client))
                {
                    result.Resources.OfflineAccess = true;
                    result.ParsedScopes.Add(new ParsedScopeValue(IdentityServerConstants.StandardScopes.OfflineAccess));
                }
                else
                {
                    result.InvalidScopes.Add(IdentityServerConstants.StandardScopes.OfflineAccess);
                }
            }
            else
            {
                var identity = resourcesFromStore.FindIdentityResourcesByScope(requestedScope.Name);
                if (identity != null)
                {
                    if (await IsClientAllowedIdentityResourceAsync(client, identity))
                    {
                        result.ParsedScopes.Add(requestedScope);
                        result.Resources.IdentityResources.Add(identity);
                    }
                    else
                    {
                        result.InvalidScopes.Add(requestedScope.Value);
                    }
                }
                else
                {
                    var apiScope = resourcesFromStore.FindApiScope(requestedScope.Name);
                    if (apiScope != null)
                    {
                        if (await IsClientAllowedApiScopeAsync(client, apiScope))
                        {
                            result.ParsedScopes.Add(requestedScope);
                            result.Resources.ApiScopes.Add(apiScope);

                            var apis = resourcesFromStore.FindApiResourcesByScope(apiScope.Name);
                            foreach (var api in apis)
                            {
                                result.Resources.ApiResources.Add(api);
                            }
                        }
                        else
                        {
                            result.InvalidScopes.Add(requestedScope.Value);
                        }
                    }
                    else
                    {
                        _logger.LogError("Scope {scope} not found in store.", requestedScope.Name);
                        result.InvalidScopes.Add(requestedScope.Value);
                    }
                }
            }
        }

Ejemplo n.º 5

        /// <summary>
        /// Validates that the requested scopes is contained in the store, and the client is allowed to request it.
        /// </summary>
        /// <param name="client"></param>
        /// <param name="resourcesFromStore"></param>
        /// <param name="requestedScope"></param>
        /// <param name="result"></param>
        /// <returns></returns>
        protected override async Task ValidateScopeAsync(Client client, Resources resourcesFromStore,
                                                         ParsedScopeValue requestedScope, ResourceValidationResult result)
        {
            var parameters = await _scopedHttpContextRequestForm.GetFormCollectionAsync();

            var grantType = parameters.Get(OidcConstants.TokenRequest.GrantType);

            if (grantType == null)
            {
                // check if this is deviceauthorizaiton.
                if (_httpContextAccessor.HttpContext.Request.Path.ToString().Contains("deviceauthorization"))
                {
                    grantType = Constants.GrantType.DeviceAuthorization;
                }
            }

            switch (grantType)
            {
            case Constants.GrantType.DeviceCode:
            case Constants.GrantType.DeviceAuthorization:
            case Constants.GrantType.TokenExchangeMutate:
            case Constants.GrantType.TokenExchange:
            case Constants.GrantType.ArbitraryToken:
            case Constants.GrantType.ArbitraryIdentity:
                if (requestedScope.ParsedName == IdentityServerConstants.StandardScopes.OfflineAccess)
                {
                    if (await IsClientAllowedOfflineAccessAsync(client))
                    {
                        result.Resources.OfflineAccess = true;
                        result.ParsedScopes.Add(new ParsedScopeValue(IdentityServerConstants.StandardScopes.OfflineAccess));
                    }
                    else
                    {
                        result.InvalidScopes.Add(IdentityServerConstants.StandardScopes.OfflineAccess);
                    }
                }
                else
                {
                    result.ParsedScopes.Add(requestedScope);
                }
                break;

            default:
                await base.ValidateScopeAsync(client, resourcesFromStore, requestedScope, result);

                break;
            }
        }