public async Task DiscoverEndpoints(IHttpClientFactory factory) { var httpClient = factory.CreateClient(); var disco = await httpClient.GetDiscoveryDocumentAsync(Issuer); if (!disco.IsError) { AccessTokenUrl = disco.TokenEndpoint; AuthorizeUrl = disco.AuthorizeEndpoint; JwkSetUrl = disco.JwksUri; } else if (AccessTokenUrl.IsPresent()) { disco = await httpClient.GetDiscoveryDocumentAsync(AccessTokenUrl); if (!disco.IsError) { AccessTokenUrl = disco.TokenEndpoint; AuthorizeUrl = disco.AuthorizeEndpoint; JwkSetUrl = disco.JwksUri; } else if (AuthorizeUrl.IsPresent()) { disco = await httpClient.GetDiscoveryDocumentAsync(AuthorizeUrl); if (!disco.IsError) { AccessTokenUrl = disco.TokenEndpoint; AuthorizeUrl = disco.AuthorizeEndpoint; JwkSetUrl = disco.JwksUri; } } else if (JwkSetUrl.IsPresent()) { disco = await httpClient.GetDiscoveryDocumentAsync(JwkSetUrl); if (!disco.IsError) { AccessTokenUrl = disco.TokenEndpoint; AuthorizeUrl = disco.AuthorizeEndpoint; JwkSetUrl = disco.JwksUri; } } } }
private IHttpResult RequestAccessToken(IServiceBase authService, IAuthSession session, string code, IAuthTokens tokens) { try { var formData = "client_id={0}&redirect_uri={1}&client_secret={2}&code={3}&grant_type=authorization_code&resource={4}" .Fmt(ClientId.UrlEncode(), CallbackUrl.UrlEncode(), ClientSecret.UrlEncode(), code, ResourceId.UrlEncode()); // Endpoint only accepts posts requests var contents = AccessTokenUrl.PostToUrl(formData); // 4. The Azure AD token issuance endpoint returns an access token // and a refresh token. The refresh token can be used to request // additional access tokens. // Response is JSON var authInfo = JsonObject.Parse(contents); var authInfoNvc = authInfo.ToNameValueCollection(); if (HasError(authInfoNvc)) { return(RedirectDueToFailure(authService, session, authInfoNvc)); } tokens.AccessTokenSecret = authInfo["access_token"]; tokens.RefreshToken = authInfo["refresh_token"]; return(OnAuthenticated(authService, session, tokens, authInfo.ToDictionary()) ?? authService.Redirect(SuccessRedirectUrlFilter(this, session.ReferrerUrl.SetParam("s", "1")))); //Haz Access! } catch (WebException webException) { if (webException.Response == null) { // This could happen e.g. due to a timeout return(RedirectDueToFailure(authService, session, new NameValueCollection { { "error", webException.GetType().ToString() }, { "error_description", webException.Message } })); } Log.Error("Auth Failure", webException); var response = ((HttpWebResponse)webException.Response); var responseText = Encoding.UTF8.GetString( response.GetResponseStream().ReadFully()); var errorInfo = JsonObject.Parse(responseText).ToNameValueCollection(); return(RedirectDueToFailure(authService, session, errorInfo)); } //return RedirectDueToFailure(authService, session, new NameValueCollection()); }
private void ValidateClientAuthAccessRequestState() { if (AccessTokenUrl.IsNullOrBlank()) { throw new ArgumentException("You must specify an access token URL"); } if (ConsumerKey.IsNullOrBlank()) { throw new ArgumentException("You must specify a consumer key"); } if (ConsumerSecret.IsNullOrBlank()) { throw new ArgumentException("You must specify a consumer secret"); } if (ClientUsername.IsNullOrBlank() || ClientPassword.IsNullOrBlank()) { throw new ArgumentException("You must specify user credentials"); } }
private void ValidateAccessRequestState() { if (AccessTokenUrl.IsNullOrBlank()) { throw new ArgumentException("You must specify an access token URL"); } if (ConsumerKey.IsNullOrBlank()) { throw new ArgumentException("You must specify a consumer key"); } if (ConsumerSecret.IsNullOrBlank()) { throw new ArgumentException("You must specify a consumer secret"); } if (Token.IsNullOrBlank()) { throw new ArgumentException("You must specify a token"); } }
public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request) { IAuthTokens tokens = Init(authService, ref session, request); IRequest httpRequest = authService.Request; string error = httpRequest.QueryString["error"] ?? httpRequest.QueryString["error_uri"] ?? httpRequest.QueryString["error_description"]; bool hasError = !error.IsNullOrEmpty(); if (hasError) { Log.Error("Yandex error callback. {0}".Fmt(httpRequest.QueryString)); return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.AddParam("f", error)))); } string code = httpRequest.QueryString["code"]; bool isPreAuthCallback = !code.IsNullOrEmpty(); if (!isPreAuthCallback) { string preAuthUrl = PreAuthUrl + "?response_type=code&client_id={0}&redirect_uri={1}&display=popup&state={2}".Fmt(ApplicationId, CallbackUrl.UrlEncode(), Guid.NewGuid().ToString("N")); authService.SaveSession(session, SessionExpiry); return(authService.Redirect(PreAuthUrlFilter(this, preAuthUrl))); } try { string payload = "grant_type=authorization_code&code={0}&client_id={1}&client_secret={2}".Fmt(code, ApplicationId, ApplicationPassword); string contents = AccessTokenUrl.PostStringToUrl(payload); var authInfo = JsonObject.Parse(contents); //Yandex does not throw exception, but returns error property in JSON response // http://api.yandex.ru/oauth/doc/dg/reference/obtain-access-token.xml string accessTokenError = authInfo.Get("error"); if (!accessTokenError.IsNullOrEmpty()) { Log.Error("Yandex access_token error callback. {0}".Fmt(authInfo.ToString())); return(authService.Redirect(session.ReferrerUrl.AddParam("f", "AccessTokenFailed"))); } tokens.AccessTokenSecret = authInfo.Get("access_token"); session.IsAuthenticated = true; return(OnAuthenticated(authService, session, tokens, authInfo.ToDictionary()) ?? authService.Redirect(SuccessRedirectUrlFilter(this, session.ReferrerUrl.AddParam("s", "1")))); } catch (WebException webException) { //just in case Yandex will start throwing exceptions HttpStatusCode statusCode = ((HttpWebResponse)webException.Response).StatusCode; if (statusCode == HttpStatusCode.BadRequest) { return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.AddParam("f", "AccessTokenFailed")))); } } return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.AddParam("f", "Unknown")))); }
public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request) { IAuthTokens tokens = Init(authService, ref session, request); IRequest httpRequest = authService.Request; string error = httpRequest.QueryString["error"]; bool hasError = !error.IsNullOrEmpty(); if (hasError) { Log.Error("Odnoklassniki error callback. {0}".Fmt(httpRequest.QueryString)); return(authService.Redirect(session.ReferrerUrl)); } string code = httpRequest.QueryString["code"]; bool isPreAuthCallback = !code.IsNullOrEmpty(); if (!isPreAuthCallback) { string url = PreAuthUrl + "?client_id={0}&redirect_uri={1}&response_type=code&layout=m" .Fmt(ApplicationId, CallbackUrl.UrlEncode()); authService.SaveSession(session, SessionExpiry); return(authService.Redirect(url)); } try { string payload = "client_id={0}&client_secret={1}&code={2}&redirect_uri={3}&grant_type=authorization_code" .Fmt(ApplicationId, SecretKey, code, CallbackUrl.UrlEncode()); string contents = AccessTokenUrl.PostToUrl(payload, "*/*", RequestFilter); var authInfo = JsonObject.Parse(contents); //ok.ru does not throw exception, but returns error property in JSON response string accessTokenError = authInfo.Get("error"); if (!accessTokenError.IsNullOrEmpty()) { Log.Error("Odnoklassniki access_token error callback. {0}".Fmt(authInfo.ToString())); return(authService.Redirect(session.ReferrerUrl.AddParam("f", "AccessTokenFailed"))); } tokens.AccessTokenSecret = authInfo.Get("access_token"); tokens.UserId = authInfo.Get("user_id"); session.IsAuthenticated = true; return(OnAuthenticated(authService, session, tokens, authInfo.ToDictionary()) ?? authService.Redirect(session.ReferrerUrl.AddParam("s", "1"))); } catch (WebException webException) { //just in case it starts throwing exceptions HttpStatusCode statusCode = ((HttpWebResponse)webException.Response).StatusCode; if (statusCode == HttpStatusCode.BadRequest) { return(authService.Redirect(session.ReferrerUrl.AddParam("f", "AccessTokenFailed"))); } } return(authService.Redirect(session.ReferrerUrl.AddParam("f", "Unknown"))); }
public override async Task <object> AuthenticateAsync(IServiceBase authService, IAuthSession session, Authenticate request, CancellationToken token = default) { IAuthTokens tokens = Init(authService, ref session, request); var ctx = CreateAuthContext(authService, session, tokens); IRequest httpRequest = authService.Request; string error = httpRequest.QueryString["error"] ?? httpRequest.QueryString["error_uri"] ?? httpRequest.QueryString["error_description"]; bool hasError = !error.IsNullOrEmpty(); if (hasError) { Log.Error($"Yandex error callback. {httpRequest.QueryString}"); return(authService.Redirect(FailedRedirectUrlFilter(ctx, session.ReferrerUrl.SetParam("f", error)))); } string code = httpRequest.QueryString["code"]; bool isPreAuthCallback = !code.IsNullOrEmpty(); if (!isPreAuthCallback) { string preAuthUrl = $"{PreAuthUrl}?response_type=code&client_id={ApplicationId}&redirect_uri={CallbackUrl.UrlEncode()}&display=popup&state={Guid.NewGuid().ToString("N")}"; await this.SaveSessionAsync(authService, session, SessionExpiry, token).ConfigAwait(); return(authService.Redirect(PreAuthUrlFilter(ctx, preAuthUrl))); } try { string payload = $"grant_type=authorization_code&code={code}&client_id={ApplicationId}&client_secret={ApplicationPassword}"; string contents = await AccessTokenUrl.PostStringToUrlAsync(payload).ConfigAwait(); var authInfo = JsonObject.Parse(contents); //Yandex does not throw exception, but returns error property in JSON response // http://api.yandex.ru/oauth/doc/dg/reference/obtain-access-token.xml string accessTokenError = authInfo.Get("error"); if (!accessTokenError.IsNullOrEmpty()) { Log.Error($"Yandex access_token error callback. {authInfo}"); return(authService.Redirect(session.ReferrerUrl.SetParam("f", "AccessTokenFailed"))); } tokens.AccessTokenSecret = authInfo.Get("access_token"); session.IsAuthenticated = true; return(await OnAuthenticatedAsync(authService, session, tokens, authInfo.ToDictionary(), token).ConfigAwait() ?? await authService.Redirect(SuccessRedirectUrlFilter(ctx, session.ReferrerUrl.SetParam("s", "1"))).SuccessAuthResultAsync(authService, session).ConfigAwait()); } catch (WebException webException) { //just in case Yandex will start throwing exceptions var statusCode = ((HttpWebResponse)webException.Response).StatusCode; if (statusCode == HttpStatusCode.BadRequest) { return(authService.Redirect(FailedRedirectUrlFilter(ctx, session.ReferrerUrl.SetParam("f", "AccessTokenFailed")))); } } return(authService.Redirect(FailedRedirectUrlFilter(ctx, session.ReferrerUrl.SetParam("f", "Unknown")))); }