public async Task<AuthorizeResponse> CreateCodeFlowResponseAsync(ValidatedAuthorizeRequest request, ClaimsPrincipal subject) { var code = new AuthorizationCode { Client = request.Client, Subject = subject, IsOpenId = request.IsOpenIdRequest, RequestedScopes = request.ValidatedScopes.GrantedScopes, RedirectUri = request.RedirectUri, WasConsentShown = request.WasConsentShown, RefreshTokenLifetime = request.Client.RefreshTokenLifetime }; // store id token and access token and return authorization code var id = Guid.NewGuid().ToString("N"); await _authorizationCodes.StoreAsync(id, code); return new AuthorizeResponse { RedirectUri = request.RedirectUri, Code = id, State = request.State }; }
public async Task Valid_Code_Request() { var client = await _clients.FindClientByIdAsync("codeclient"); var store = new InMemoryAuthorizationCodeStore(); var code = new AuthorizationCode { Client = client, RedirectUri = new Uri("https://server/cb"), RequestedScopes = new List<Scope> { new Scope { Name = "openid" } } }; await store.StoreAsync("valid", code); var validator = Factory.CreateTokenValidator( authorizationCodeStore: store); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.AuthorizationCode); parameters.Add(Constants.TokenRequest.Code, "valid"); parameters.Add(Constants.TokenRequest.RedirectUri, "https://server/cb"); var result = await validator.ValidateRequestAsync(parameters, client); Assert.IsFalse(result.IsError); }
public BsonDocument Serialize(string key, AuthorizationCode code) { var doc = new BsonDocument(); doc["_id"] = key; doc["_version"] = 1; doc["_clientId"] = code.ClientId; doc["_subjectId"] = code.SubjectId; doc["_expires"] = code.CreationTime.AddSeconds(code.Client.AuthorizationCodeLifetime); doc["creationTime"] = code.CreationTime; doc["isOpenId"] = code.IsOpenId; doc["redirectUri"] = code.RedirectUri.ToString(); doc["wasConsentShown"] = code.WasConsentShown; doc["subject"] = SerializeIdentities(code); doc["client"] = _clientSerializer.Serialize(code.Client); var requestedScopes = new BsonArray(); foreach (Scope scope in code.RequestedScopes) { requestedScopes.Add(_scopeSerializer.Serialize(scope)); } doc["requestedScopes"] = requestedScopes; return(doc); }
public static void Main(string[] args) { DataProviderConfiguration.Initialize("mongodb://localhost:27017", "OAuthService"); List <string> scopes = new List <string>(); scopes.Add("library"); scopes.Add("card"); scopes.Add("invaild"); AuthorizationCode service = new AuthorizationCode(); Console.WriteLine( service.VerifyScopes(scopes) ); IEnumerable <ScopeEntity> scopeEntities = service.GetScopes(scopes); foreach (var item in scopeEntities) { Console.WriteLine("name:{0} Logical:{1}", item.ScopeName, item.ScopeLogicalName); } Console.WriteLine(service.VerifyClient("123asd2345sdfgsdfg3546t34eeas")); }
public async Task Code_Request_with_disabled_User() { var client = await _clients.FindEnabledClientByIdAsync("codeclient"); var store = Factory.CreateAuthorizationCodeStore(); var code = new AuthorizationCode { CreationTime = DateTime.UtcNow, ClientId = client.ClientId, Lifetime = client.AuthorizationCodeLifetime, Subject = new IdentityServerUser("123").CreatePrincipal(), RedirectUri = "https://server/cb", RequestedScopes = new List <string> { "openid" } }; var handle = await store.StoreAuthorizationCodeAsync(code); var validator = Factory.CreateTokenRequestValidator( authorizationCodeStore: store, profile: new TestProfileService(shouldBeActive: false)); var parameters = new NameValueCollection(); parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.AuthorizationCode); parameters.Add(OidcConstants.TokenRequest.Code, handle); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); result.IsError.Should().BeTrue(); result.Error.Should().Be(OidcConstants.TokenErrors.InvalidGrant); }
public async stt::Task ResetAuthorizationCodeRequestObjectAsync() { moq::Mock <Domains.DomainsClient> mockGrpcClient = new moq::Mock <Domains.DomainsClient>(moq::MockBehavior.Strict); mockGrpcClient.Setup(x => x.CreateOperationsClient()).Returns(new moq::Mock <lro::Operations.OperationsClient>().Object); ResetAuthorizationCodeRequest request = new ResetAuthorizationCodeRequest { RegistrationAsRegistrationName = RegistrationName.FromProjectLocationRegistration("[PROJECT]", "[LOCATION]", "[REGISTRATION]"), }; AuthorizationCode expectedResponse = new AuthorizationCode { Code = "code946733c1", }; mockGrpcClient.Setup(x => x.ResetAuthorizationCodeAsync(request, moq::It.IsAny <grpccore::CallOptions>())).Returns(new grpccore::AsyncUnaryCall <AuthorizationCode>(stt::Task.FromResult(expectedResponse), null, null, null, null)); DomainsClient client = new DomainsClientImpl(mockGrpcClient.Object, null); AuthorizationCode responseCallSettings = await client.ResetAuthorizationCodeAsync(request, gaxgrpc::CallSettings.FromCancellationToken(st::CancellationToken.None)); xunit::Assert.Same(expectedResponse, responseCallSettings); AuthorizationCode responseCancellationToken = await client.ResetAuthorizationCodeAsync(request, st::CancellationToken.None); xunit::Assert.Same(expectedResponse, responseCancellationToken); mockGrpcClient.VerifyAll(); }
private async Task <string> CreateCodeAsync(ValidatedAuthorizeRequest request) { var code = new AuthorizationCode { ClientId = request.Client.ClientId, Lifetime = request.Client.AuthorizationCodeLifetime, Subject = request.Subject, SessionId = request.SessionId, CodeChallenge = request.CodeChallenge.Sha256(), CodeChallengeMethod = request.CodeChallengeMethod, IsOpenId = request.IsOpenIdRequest, RequestedScopes = request.ValidatedScopes.GrantedResources.ToScopeNames(), RedirectUri = request.RedirectUri, Nonce = request.Nonce, WasConsentShown = request.WasConsentShown, }; // store id token and access token and return authorization code var id = await _authorizationCodeStore.StoreAuthorizationCodeAsync(code); return(id); }
private async Task <string> CreateCodeAsync(ValidatedAuthorizeRequest request) { var code = new AuthorizationCode { Client = request.Client, Subject = request.Subject, SessionId = request.SessionId, IsOpenId = request.IsOpenIdRequest, RequestedScopes = request.ValidatedScopes.GrantedScopes, RedirectUri = request.RedirectUri, Nonce = request.Nonce, WasConsentShown = request.WasConsentShown, }; // store id token and access token and return authorization code var id = CryptoRandom.CreateUniqueId(); await _authorizationCodes.StoreAsync(id, code); await RaiseCodeIssuedEventAsync(id, code); return(id); }
public IActionResult PostConsent(int clientId, string scopes, string redirectUrl) { // Kiểm tra người dùng đăng nhập chưa var loggedEmail = HttpContext.Session.GetString("loggedUserEmail"); var loggedIdString = HttpContext.Session.GetString("loggedUserId"); long loggedId = 0; try { loggedId = Int64.Parse(loggedIdString); } catch (Exception e) { Console.WriteLine(e); } var currentAccount = _context.Account.SingleOrDefault(a => a.Id == loggedId); if (currentAccount == null) { // Đưa người dùng sang trang đăng nhập return(Redirect("/Accounts/Login?redirectUrl=" + WebUtility.UrlEncode(Request.GetDisplayUrl()))); } var currentApp = _context.RegisterApplication.SingleOrDefault(ra => ra.Id == clientId); if (currentApp == null) { Response.StatusCode = (int)(HttpStatusCode.Forbidden); return(new JsonResult(HttpStatusCode.Forbidden.ToString())); } var scopeIds = scopes.Split(","); List <CredentialScope> listRequestScopes = new List <CredentialScope>(); foreach (var strId in scopeIds) { var id = Int32.Parse(strId); if (!_credentialScopes.ContainsKey(id)) { Response.StatusCode = (int)(HttpStatusCode.NotFound); return(new JsonResult(HttpStatusCode.NotFound.ToString())); } } // Tạo credential lưu vào database với status deactive var credential = new Credential(currentAccount.Id, scopes); credential.Status = CredentialStatus.Deactive; _context.Credential.Add(credential); _context.SaveChanges(); var cacheEntryOptions = new MemoryCacheEntryOptions() // Keep in cache for this time, reset time if accessed. .SetSlidingExpiration(TimeSpan.FromSeconds(5)); AuthorizationCode authorizationCode = new AuthorizationCode(credential); // Tạo authorization code có liên kết với credential vừa tạo _cache.Set(authorizationCode.Code, authorizationCode, cacheEntryOptions); // Đưa người dùng về redirectUrl kèm theo return(Redirect(currentApp.RedirectUrl + "?exchange-code=" + authorizationCode.Code)); }
public bool addAuthorization(AuthorizationCode authorizaction) { if (authorizaction != null) { _session.Transact(session => session.SaveOrUpdate(authorizaction)); MrCMS.Entities.People.User usergenerated = _userService.GetUser(authorizaction.generatedby); MrCMS.Entities.People.User userauth = _userService.GetUser(authorizaction.Authorizedby); Provider provider = _providersvc.GetProvider(authorizaction.provider); QueuedMessage emailmsg = new QueuedMessage(); emailmsg.FromAddress = _mailSettings.SystemEmailAddress; emailmsg.ToAddress = userauth.Email; emailmsg.Subject = "NovoHub Authorization Code Generated "; emailmsg.FromName = "NOVOHUB"; emailmsg.Body = string.Format("An authorization code {5} was generated for {0} by {1} and was authorized by you on {2} for {4} with policy number {3}", provider.Name.ToUpper(), usergenerated.Name.ToUpper(), Convert.ToDateTime(authorizaction.CreatedOn).ToString(CurrentRequestData.CultureInfo.DateTimeFormat.FullDateTimePattern), authorizaction.policyNumber, authorizaction.enrolleeName, authorizaction.authorizationCode); //_emailSender.AddToQueue(emailmsg); //send admission shit if (authorizaction.Isadmission) { StringBuilder bodyText = new StringBuilder(); bodyText.Append("<p>Dear Admin,</p>"); bodyText.AppendLine(string.Format("<p>A new admission was approved with code {5} for {0} and generated by {1} and was authorized by {6} on {2} for {4} with policy number {3} </p>", provider.Name.ToUpper(), usergenerated.Name.ToUpper(), Convert.ToDateTime(authorizaction.CreatedOn).ToString(CurrentRequestData.CultureInfo.DateTimeFormat.FullDateTimePattern), authorizaction.policyNumber, authorizaction.enrolleeName, authorizaction.authorizationCode, userauth.Name.ToUpper())); bodyText.AppendLine(Environment.NewLine); bodyText.AppendLine("<p>You are required to follow up on the admission.</p>"); bodyText.AppendLine("<p>Thank You.</p>"); //send to client service. MrCMS.Entities.People.UserRole role = _roleSvc.GetRoleByName("CLIENT SERVICE"); if (role != null) { foreach (MrCMS.Entities.People.User user in role.Users) { //each user QueuedMessage emailmsgAdd = new QueuedMessage(); emailmsgAdd.FromAddress = _mailSettings.SystemEmailAddress; emailmsgAdd.ToAddress = user.Email; emailmsgAdd.Subject = "NovoHub -New Admission "; emailmsgAdd.FromName = "NOVOHUB"; emailmsgAdd.Body = bodyText.ToString(); emailmsgAdd.IsHtml = true; //_emailSender.AddToQueue(emailmsgAdd); } } //added else else { } //send to provider service. role = _roleSvc.GetRoleByName("PROVIDER"); if (role != null) { foreach (MrCMS.Entities.People.User user in role.Users) { //each user QueuedMessage emailmsgAdd = new QueuedMessage(); emailmsgAdd.FromAddress = _mailSettings.SystemEmailAddress; emailmsgAdd.ToAddress = user.Email; emailmsgAdd.Subject = "NovoHub -New Admission "; emailmsgAdd.FromName = "NOVOHUB"; emailmsgAdd.Body = bodyText.ToString(); emailmsgAdd.IsHtml = true; // _emailSender.AddToQueue(emailmsgAdd); } } //added else else { } //send to medical service. role = _roleSvc.GetRoleByName("MEDICAL UNIT"); if (role != null) { foreach (MrCMS.Entities.People.User user in role.Users) { //each user QueuedMessage emailmsgAdd = new QueuedMessage(); emailmsgAdd.FromAddress = _mailSettings.SystemEmailAddress; emailmsgAdd.ToAddress = user.Email; emailmsgAdd.Subject = "NovoHub -New Admission "; emailmsgAdd.FromName = "NOVOHUB"; emailmsgAdd.Body = bodyText.ToString(); emailmsgAdd.IsHtml = true; // _emailSender.AddToQueue(emailmsgAdd); } } //added else else { } } //Notify the theres a new verificationCode AuthenticationCodeCreatedArgs args = new AuthenticationCodeCreatedArgs { AuthorizationCode = authorizaction }; //Notify the Hub of the new Input EventContext.Instance.Publish(typeof(INewNotificationEvent), args); return(true); } return(false); }
public IActionResult FetchToken() { var url = AuthorizationCode.GetUrl(_spotifyAuthService.GetAuthParameters(), ""); return(Redirect(url)); }
public async Task When_Requesting_Token_And_There_Is_No_Valid_Granted_Token_Then_Grant_A_New_One() { // ARRANGE InitializeFakeObjects(); const string accessToken = "accessToken"; const string identityToken = "identityToken"; const string clientId = "clientId"; var authorizationCodeGrantTypeParameter = new AuthorizationCodeGrantTypeParameter { ClientAssertion = "clientAssertion", ClientAssertionType = "clientAssertionType", ClientSecret = "clientSecret", RedirectUri = "redirectUri", ClientId = clientId }; var authResult = new AuthenticationResult(new Models.Client { ClientId = clientId }, null); var authorizationCode = new AuthorizationCode { ClientId = clientId, RedirectUri = "redirectUri", CreateDateTime = DateTime.UtcNow }; var grantedToken = new GrantedToken { AccessToken = accessToken, IdToken = identityToken }; _clientValidatorFake.Setup(c => c.CheckPkce(It.IsAny <Client>(), It.IsAny <string>(), It.IsAny <AuthorizationCode>())) .Returns(true); _authenticateInstructionGeneratorStub.Setup(a => a.GetAuthenticateInstruction(It.IsAny <AuthenticationHeaderValue>())) .Returns(new AuthenticateInstruction()); _authenticateClientFake.Setup(a => a.AuthenticateAsync(It.IsAny <AuthenticateInstruction>())) .Returns(Task.FromResult(authResult)); _authorizationCodeRepositoryFake.Setup(a => a.GetAsync(It.IsAny <string>())) .Returns(Task.FromResult(authorizationCode)); _simpleIdentityServerConfiguratorFake.Setup(s => s.GetAuthorizationCodeValidityPeriodInSecondsAsync()) .Returns(Task.FromResult((double)3000)); _clientValidatorFake.Setup(c => c.GetRedirectionUrls(It.IsAny <Models.Client>(), It.IsAny <string>())) .Returns(new[] { "redirectUri" }); _grantedTokenHelperStub.Setup(g => g.GetValidGrantedTokenAsync(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <JwsPayload>(), It.IsAny <JwsPayload>())) .Returns(() => Task.FromResult((GrantedToken)null)); _grantedTokenGeneratorHelperFake.Setup(g => g.GenerateTokenAsync(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <JwsPayload>(), It.IsAny <JwsPayload>())) .Returns(Task.FromResult(grantedToken));; // ACT var result = await _getTokenByAuthorizationCodeGrantTypeAction.Execute(authorizationCodeGrantTypeParameter, null); // ASSERTS _grantedTokenRepositoryFake.Verify(g => g.InsertAsync(grantedToken)); _simpleIdentityServerEventSourceFake.Verify(s => s.GrantAccessToClient( clientId, accessToken, identityToken)); Assert.True(result.AccessToken == accessToken); }
public void Add(AuthorizationCode code) { _dbContext.AuthorizationCodes.Add(code); }
/// <inheritdoc /> public Task <bool> Add(AuthorizationCode authorizationCode, CancellationToken cancellationToken) { var json = JsonConvert.SerializeObject(authorizationCode); return(_database.StringSetAsync(authorizationCode.Code, json, _expiry)); }
private async Task <ValidationResult> ValidateAuthorizationCodeRequestAsync(NameValueCollection parameters) { Logger.Info("Start validation of authorization code token request"); ///////////////////////////////////////////// // check if client is authorized for grant type ///////////////////////////////////////////// if (_validatedRequest.Client.Flow != Flows.AuthorizationCode && _validatedRequest.Client.Flow != Flows.Hybrid) { LogError("Client not authorized for code flow"); return(Invalid(Constants.TokenErrors.UnauthorizedClient)); } ///////////////////////////////////////////// // validate authorization code ///////////////////////////////////////////// string code = parameters.Get(Constants.TokenRequest.Code); if (code.IsMissing()) { string error = "Authorization code is missing."; LogError(error); RaiseFailedAuthorizationCodeRedeemedEvent(null, error); return(Invalid(Constants.TokenErrors.InvalidGrant)); } _validatedRequest.AuthorizationCodeHandle = code; AuthorizationCode authZcode = await _authorizationCodes.GetAsync(code); if (authZcode == null) { LogError("Invalid authorization code: " + code); RaiseFailedAuthorizationCodeRedeemedEvent(code, "Invalid handle"); return(Invalid(Constants.TokenErrors.InvalidGrant)); } await _authorizationCodes.RemoveAsync(code); ///////////////////////////////////////////// // validate client binding ///////////////////////////////////////////// if (authZcode.Client.ClientId != _validatedRequest.Client.ClientId) { LogError(string.Format("Client {0} is trying to use a code from client {1}", _validatedRequest.Client.ClientId, authZcode.Client.ClientId)); RaiseFailedAuthorizationCodeRedeemedEvent(code, "Invalid client binding"); return(Invalid(Constants.TokenErrors.InvalidGrant)); } ///////////////////////////////////////////// // validate code expiration ///////////////////////////////////////////// if (authZcode.CreationTime.HasExceeded(_validatedRequest.Client.AuthorizationCodeLifetime)) { string error = "Authorization code is expired"; LogError(error); RaiseFailedAuthorizationCodeRedeemedEvent(code, error); return(Invalid(Constants.TokenErrors.InvalidGrant)); } _validatedRequest.AuthorizationCode = authZcode; ///////////////////////////////////////////// // validate redirect_uri ///////////////////////////////////////////// string redirectUri = parameters.Get(Constants.TokenRequest.RedirectUri); if (redirectUri.IsMissing()) { string error = "Redirect URI is missing."; LogError(error); RaiseFailedAuthorizationCodeRedeemedEvent(code, error); return(Invalid(Constants.TokenErrors.UnauthorizedClient)); } if (redirectUri.Equals(_validatedRequest.AuthorizationCode.RedirectUri, StringComparison.Ordinal) == false) { string error = "Invalid redirect_uri: " + redirectUri; LogError(error); RaiseFailedAuthorizationCodeRedeemedEvent(code, error); return(Invalid(Constants.TokenErrors.UnauthorizedClient)); } ///////////////////////////////////////////// // validate scopes are present ///////////////////////////////////////////// if (_validatedRequest.AuthorizationCode.RequestedScopes == null || !_validatedRequest.AuthorizationCode.RequestedScopes.Any()) { string error = "Authorization code has no associated scopes."; LogError(error); RaiseFailedAuthorizationCodeRedeemedEvent(code, error); return(Invalid(Constants.TokenErrors.InvalidRequest)); } ///////////////////////////////////////////// // make sure user is enabled ///////////////////////////////////////////// if (await _users.IsActiveAsync(_validatedRequest.AuthorizationCode.Subject) == false) { string error = "User has been disabled: " + _validatedRequest.AuthorizationCode.Subject; LogError(error); RaiseFailedAuthorizationCodeRedeemedEvent(code, error); return(Invalid(Constants.TokenErrors.InvalidRequest)); } Logger.Info("Validation of authorization code token request success"); RaiseSuccessfulAuthorizationCodeRedeemedEvent(); return(Valid()); }
private void RaiseCodeIssuedEvent(string id, AuthorizationCode code) { _events.RaiseAuthorizationCodeIssuedEvent(id, code); }
private TokenRequestValidationResult ValidateAuthorizationCodeWithProofKeyParameters(string codeVerifier, AuthorizationCode authZcode) { if (authZcode.CodeChallenge.IsMissing() || authZcode.CodeChallengeMethod.IsMissing()) { LogError("{clientId} is missing code challenge or code challenge method", _validatedRequest.Client.ClientId); return(Invalid(OidcConstants.TokenErrors.InvalidGrant)); } if (codeVerifier.IsMissing()) { LogError("Missing code_verifier"); return(Invalid(OidcConstants.TokenErrors.InvalidGrant)); } if (codeVerifier.Length < _options.InputLengthRestrictions.CodeVerifierMinLength || codeVerifier.Length > _options.InputLengthRestrictions.CodeVerifierMaxLength) { LogError("code_verifier is too short or too long"); return(Invalid(OidcConstants.TokenErrors.InvalidGrant)); } if (Constants.SupportedCodeChallengeMethods.Contains(authZcode.CodeChallengeMethod) == false) { LogError("Unsupported code challenge method: {codeChallengeMethod}", authZcode.CodeChallengeMethod); return(Invalid(OidcConstants.TokenErrors.InvalidGrant)); } if (ValidateCodeVerifierAgainstCodeChallenge(codeVerifier, authZcode.CodeChallenge, authZcode.CodeChallengeMethod) == false) { LogError("Transformed code verifier does not match code challenge"); return(Invalid(OidcConstants.TokenErrors.InvalidGrant)); } return(Valid()); }
public async Task failed_resource_validation_should_fail() { var mockResourceValidator = new MockResourceValidator(); var client = await _clients.FindEnabledClientByIdAsync("codeclient"); var grants = Factory.CreateAuthorizationCodeStore(); { var code = new AuthorizationCode { CreationTime = DateTime.UtcNow, Subject = new IdentityServerUser("123").CreatePrincipal(), ClientId = client.ClientId, Lifetime = client.AuthorizationCodeLifetime, RedirectUri = "https://server/cb", RequestedScopes = new List <string> { "openid", "scope1" }, RequestedResourceIndicators = new[] { "urn:api1", "urn:api2" } }; var handle = await grants.StoreAuthorizationCodeAsync(code); var validator = Factory.CreateTokenRequestValidator(resourceValidator: mockResourceValidator, authorizationCodeStore: grants); var parameters = new NameValueCollection(); parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.AuthorizationCode); parameters.Add(OidcConstants.TokenRequest.Code, handle); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); parameters.Add(OidcConstants.TokenRequest.Resource, "urn:api1"); mockResourceValidator.Result = new ResourceValidationResult { InvalidScopes = { "foo" } }; var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); result.IsError.Should().BeTrue(); result.Error.Should().Be("invalid_scope"); } { var code = new AuthorizationCode { CreationTime = DateTime.UtcNow, Subject = new IdentityServerUser("123").CreatePrincipal(), ClientId = client.ClientId, Lifetime = client.AuthorizationCodeLifetime, RedirectUri = "https://server/cb", RequestedScopes = new List <string> { "openid", "scope1" }, RequestedResourceIndicators = new[] { "urn:api1", "urn:api2" } }; var handle = await grants.StoreAuthorizationCodeAsync(code); var validator = Factory.CreateTokenRequestValidator(resourceValidator: mockResourceValidator, authorizationCodeStore: grants); var parameters = new NameValueCollection(); parameters.Add(OidcConstants.TokenRequest.GrantType, OidcConstants.GrantTypes.AuthorizationCode); parameters.Add(OidcConstants.TokenRequest.Code, handle); parameters.Add(OidcConstants.TokenRequest.RedirectUri, "https://server/cb"); parameters.Add(OidcConstants.TokenRequest.Resource, "urn:api1"); mockResourceValidator.Result = new ResourceValidationResult { InvalidResourceIndicators = { "foo" } }; var result = await validator.ValidateRequestAsync(parameters, client.ToValidationResult()); result.IsError.Should().BeTrue(); result.Error.Should().Be("invalid_target"); } }
public static IdentityServer4.Models.AuthorizationCode ToModel(this AuthorizationCode entity) { return(entity == null ? null : Mapper.Map <IdentityServer4.Models.AuthorizationCode>(entity)); }
public async Task TestMethod1() { IdentityServerTableContext storageContext = new IdentityServerTableContext( new CloudStorageAccount(new StorageCredentials("c1azuretests", File.ReadAllText("C:\\dev\\storagekey.txt")), true)); storageContext.InsertionMode = SInnovations.Azure.TableStorageRepository.InsertionMode.AddOrReplace; var localClients = GetClients().ToArray(); var localScopes = GetScopes().ToArray(); foreach (var client in localClients) { storageContext.Clients.Add(client); } foreach (var scope in localScopes) { storageContext.Scopes.Add(scope); } await storageContext.SaveChangesAsync(); var clients = (from ent in storageContext.Clients select ent).ToArray(); foreach (var client in localClients) { var remoteClient = clients.Single(c => c.ClientId == client.ClientId); Assert.AreEqual(client.AccessTokenLifetime, remoteClient.AccessTokenLifetime); Assert.AreEqual(client.AccessTokenType, remoteClient.AccessTokenType); Assert.AreEqual(client.AllowRememberConsent, remoteClient.AllowRememberConsent); Assert.AreEqual(client.ApplicationType, remoteClient.ApplicationType); Assert.AreEqual(client.AuthorizationCodeLifetime, remoteClient.AuthorizationCodeLifetime); Assert.AreEqual(client.ClientName, remoteClient.ClientName); Assert.AreEqual(client.ClientSecret, remoteClient.ClientSecret); Assert.AreEqual(client.ClientUri, remoteClient.ClientUri); Assert.AreEqual(client.Flow, remoteClient.Flow); Assert.AreEqual(client.IdentityTokenLifetime, remoteClient.IdentityTokenLifetime); Assert.AreEqual(client.IdentityTokenSigningKeyType, remoteClient.IdentityTokenSigningKeyType); Assert.AreEqual(client.LogoUri, remoteClient.LogoUri); CollectionAssert.AreEqual(client.RedirectUris, remoteClient.RedirectUris); Assert.AreEqual(client.RefreshTokenLifetime, remoteClient.RefreshTokenLifetime); Assert.AreEqual(client.RequireConsent, remoteClient.RequireConsent); CollectionAssert.AreEqual(client.ScopeRestrictions, remoteClient.ScopeRestrictions); Assert.AreEqual(client.SectorIdentifierUri, remoteClient.SectorIdentifierUri); Assert.AreEqual(client.SubjectType, remoteClient.SubjectType); } var scopes = (from ent in storageContext.Scopes select ent).ToArray(); foreach (var scope in localScopes) { var remoteScope = scopes.Single(c => c.Name == scope.Name); Assert.AreEqual(scope.Description, remoteScope.Description); Assert.AreEqual(scope.DisplayName, remoteScope.DisplayName); Assert.AreEqual(scope.Emphasize, remoteScope.Emphasize); Assert.AreEqual(scope.IsOpenIdScope, remoteScope.IsOpenIdScope); CollectionAssert.AreEqual(new List<ScopeClaim>(scope.Claims ?? new ScopeClaim[] { }), new List<ScopeClaim>(remoteScope.Claims ?? new ScopeClaim[] { }), new ScopeClaimComparer()); Assert.AreEqual(scope.Required, remoteScope.Required); } var subject = new ClaimsPrincipal(new ClaimsIdentity(new Claim[]{ new Claim("name","poul") }, "Google", "MyName", "MyROle")); var code = new AuthorizationCode { Client = clients.First(), IsOpenId = true, RedirectUri = new Uri("http://www.s-innovations.net"), Subject = subject, RequestedScopes = scopes.Take(3), CreationTime = DateTime.UtcNow }; AzureTableStoreAuthorizationCodeStore store = new AzureTableStoreAuthorizationCodeStore(storageContext); await store.StoreAsync("test", code); var remotecode = await store.GetAsync("test"); Trace.TraceInformation(string.Join(", ", remotecode.Subject.Claims.Select(c => c.Type + "," + c.Value))); Assert.AreEqual(code.Client.ClientId, remotecode.Client.ClientId); Assert.AreEqual(code.CreationTime, remotecode.CreationTime); Assert.AreEqual(code.Subject.Identities.Count(), remotecode.Subject.Identities.Count()); try { await store.GetAsync("test"); Assert.Fail("test should have been removed"); } catch (Exception ex) { Trace.TraceInformation(ex.ToString()); } AzureTableStoreTokenHandlerStore tokens = new AzureTableStoreTokenHandlerStore(storageContext); await tokens.StoreAsync("testtoken", new Token("blabla") { Lifetime = 120, Audience = "asda", Issuer = "adsa", Client = clients.First() }); var token = await tokens.GetAsync("testtoken"); }
public static async Task RaiseAuthorizationCodeIssuedEventAsync(this IEventService events, string id, AuthorizationCode code) { //var evt = new Event<AuthorizationCodeDetails>( // EventConstants.Categories.TokenService, // "Authorization code issued", // EventTypes.Information, // EventConstants.Ids.AuthorizationCodeIssued); //evt.DetailsFunc = () => new AuthorizationCodeDetails //{ // HandleId = id, // ClientId = code.ClientId, // Scopes = code.RequestedScopes, // SubjectId = code.Subject.GetSubjectId(), // RedirectUri = code.RedirectUri, // Lifetime = code.Lifetime //}; //await events.RaiseEventAsync(evt); }
/// <summary> /// Stores the data. /// </summary> /// <param name="key">The key.</param> /// <param name="value">The value.</param> /// <returns></returns> public Task StoreAsync(string key, AuthorizationCode value) { return(_bucket.InsertAsync(AuthorizationCodeWrapper.AuthorizationCodeId(key), new AuthorizationCodeWrapper(key, value))); }
public List <AuthorizationCode> GetAuthorizationCodes([FromRoute] string routeCode) { // Verify whether route is not presale if (IsPresaleRoute(routeCode)) { // Return empty list return(new List <AuthorizationCode>()); } // Query authorization codes from database List <AuthorizationCode> authorizationCodes = _context .AuthorizationCodes .Where(x => x.Route == routeCode) .Where( x => x.CreatedAt.Year == DateTime.Now.Year && x.CreatedAt.Month == DateTime.Now.Month && x.CreatedAt.Day == DateTime.Now.Day ) .ToList(); // Verify whether none authorization code is already save in the database if (!authorizationCodes.Any()) { // Create authorization codes quantity key string AUTHORIZATION_CODES_QUANTITY = "AUTHORIZATION_CODES_QUANTITY"; // Create authorization codes quantity int authorizationCodesQuantity = 30; // Get quantity of authorization codes to be created from application settings ApplicationSetting applicationSetting = _context .ApplicationSettings .Where(x => x.Name == AUTHORIZATION_CODES_QUANTITY) .FirstOrDefault(); // Verify whether any application setting was found in the database if (applicationSetting != null) { authorizationCodesQuantity = Int32.Parse(applicationSetting.Value); } // Create password options PasswordOptions passwordOptions = new PasswordOptions() { RequiredLength = 8, RequiredUniqueChars = 4, RequireDigit = true, RequireLowercase = true, RequireNonAlphanumeric = false, RequireUppercase = false }; // Iterate through the number of authorization codes to be created for (int i = 0; i < authorizationCodesQuantity; i++) { // Create a brand new random code by route string randomCode = CreateRandomCode(routeCode, passwordOptions); // Create a new authorization code entity AuthorizationCode authorizationCode = new AuthorizationCode { Code = randomCode, Route = routeCode, Status = Enumerations.Status.Active, CreatedAt = DateTimeOffset.Now }; // Add authorization code to database context _context.AuthorizationCodes.Add(authorizationCode); // Save authorization code _context.SaveChanges(); // Add new authorization code created to authorization code list authorizationCodes.Add(authorizationCode); } } return(authorizationCodes); }
public async Task <EndpointResult> Generate( EndpointResult endpointResult, AuthorizationParameter authorizationParameter, ClaimsPrincipal claimsPrincipal, Client client, string?issuerName, CancellationToken cancellationToken) { var allowedTokenScopes = string.Empty; GrantedToken?grantedToken = null; var responses = authorizationParameter.ResponseType.ParseResponseTypes(); var generateIdToken = await GenerateIdTokenPayload( claimsPrincipal, authorizationParameter, issuerName, cancellationToken) .ConfigureAwait(false); if (generateIdToken is Option <JwtPayload> .Result p) { var idTokenPayload = p.Item; var payload = await GenerateUserInformationPayload( claimsPrincipal, authorizationParameter, cancellationToken) .ConfigureAwait(false); if (payload is Option <JwtPayload> .Error er) { return(EndpointResult.CreateBadRequestResult(er.Details)); } var userInformationPayload = (payload as Option <JwtPayload> .Result) !.Item; if (responses.Contains(ResponseTypeNames.Token)) { // 1. Generate an access token. var tokenScopes = authorizationParameter.Scope.ParseScopes(); allowedTokenScopes = string.Join(' ', tokenScopes); grantedToken = await _tokenStore.GetValidGrantedToken( _jwksStore, allowedTokenScopes, client.ClientId, cancellationToken, idTokenJwsPayload : userInformationPayload, userInfoJwsPayload : idTokenPayload) .ConfigureAwait(false) ?? await client.GenerateToken( _jwksStore, tokenScopes, issuerName, userInformationPayload, idTokenPayload, cancellationToken : cancellationToken, claimsPrincipal.Claims.Where( c => client.UserClaimsToIncludeInAuthToken.Any( r => r.IsMatch(c.Type))) .ToArray()) .ConfigureAwait(false); endpointResult = endpointResult with { RedirectInstruction = endpointResult.RedirectInstruction !.AddParameter( StandardAuthorizationResponseNames.AccessTokenName, grantedToken.AccessToken) }; } AuthorizationCode?authorizationCode = null; var authorizationParameterClientId = authorizationParameter.ClientId; if (responses.Contains(ResponseTypeNames.Code)) // 2. Generate an authorization code. { var subject = claimsPrincipal.GetSubject() !; var assignedConsent = await _consentRepository .GetConfirmedConsents(subject, authorizationParameter, cancellationToken) .ConfigureAwait(false); if (assignedConsent != null) { if (authorizationParameterClientId == null || authorizationParameter.RedirectUrl == null || authorizationParameter.Scope == null) { throw new ArgumentException(Strings.MissingValues, nameof(authorizationParameter)); } // Insert a temporary authorization code // It will be used later to retrieve tha id_token or an access token. authorizationCode = new AuthorizationCode { Code = Id.Create(), RedirectUri = authorizationParameter.RedirectUrl, CreateDateTime = DateTimeOffset.UtcNow, ClientId = authorizationParameterClientId, Scopes = authorizationParameter.Scope, IdTokenPayload = idTokenPayload, UserInfoPayLoad = userInformationPayload }; endpointResult = endpointResult with { RedirectInstruction = endpointResult.RedirectInstruction !.AddParameter( StandardAuthorizationResponseNames.AuthorizationCodeName, authorizationCode.Code) }; } } _jwtGenerator.FillInOtherClaimsIdentityTokenPayload( idTokenPayload, authorizationCode == null ? string.Empty : authorizationCode.Code, grantedToken == null ? string.Empty : grantedToken.AccessToken, client); if (grantedToken != null) // 3. Insert the stateful access token into the DB OR insert the access token into the caching. { if (authorizationParameterClientId == null || authorizationParameter.ResponseType == null) { throw new ArgumentException(Strings.MissingValues, nameof(authorizationParameter)); } await _tokenStore.AddToken(grantedToken, cancellationToken).ConfigureAwait(false); await _eventPublisher.Publish( new TokenGranted( Id.Create(), claimsPrincipal.GetSubject(), authorizationParameterClientId, allowedTokenScopes, authorizationParameter.ResponseType, DateTimeOffset.UtcNow)) .ConfigureAwait(false); } if (authorizationCode != null) // 4. Insert the authorization code into the caching. { if (client.RequirePkce) { authorizationCode = authorizationCode with { CodeChallenge = authorizationParameter.CodeChallenge ?? string.Empty, CodeChallengeMethod = authorizationParameter.CodeChallengeMethod ?? string.Empty }; } await _authorizationCodeStore.Add(authorizationCode, cancellationToken).ConfigureAwait(false); await _eventPublisher.Publish( new AuthorizationGranted( Id.Create(), claimsPrincipal.GetSubject(), authorizationParameterClientId !, DateTimeOffset.UtcNow)) .ConfigureAwait(false); } if (responses.Contains(ResponseTypeNames.IdToken)) { var idToken = await _clientStore.GenerateIdToken( authorizationParameterClientId !, idTokenPayload, _jwksStore, cancellationToken) .ConfigureAwait(false); endpointResult = endpointResult with { RedirectInstruction = endpointResult.RedirectInstruction !.AddParameter( StandardAuthorizationResponseNames.IdTokenName, idToken) }; } if (!string.IsNullOrWhiteSpace(authorizationParameter.State)) { endpointResult = endpointResult with { RedirectInstruction = endpointResult.RedirectInstruction !.AddParameter( StandardAuthorizationResponseNames.StateName, authorizationParameter.State) }; } var sessionState = GetSessionState( authorizationParameterClientId, authorizationParameter.OriginUrl, authorizationParameter.SessionId); if (sessionState != null) { endpointResult = endpointResult with { RedirectInstruction = endpointResult.RedirectInstruction !.AddParameter( StandardAuthorizationResponseNames.SessionState, sessionState) }; } if (authorizationParameter.ResponseMode == ResponseModes.FormPost) { endpointResult = endpointResult with { Type = ActionResultType.RedirectToAction, RedirectInstruction = endpointResult.RedirectInstruction !.AddParameter( "redirect_uri", authorizationParameter.RedirectUrl?.AbsoluteUri) with { Action = SimpleAuthEndPoints.FormIndex } }; } // Set the response mode if (endpointResult.Type == ActionResultType.RedirectToCallBackUrl) { var responseMode = authorizationParameter.ResponseMode; if (responseMode == ResponseModes.None) { var responseTypes = authorizationParameter.ResponseType.ParseResponseTypes(); var authorizationFlow = responseTypes.GetAuthorizationFlow(authorizationParameter.State); switch (authorizationFlow) { case Option <AuthorizationFlow> .Error error: return(EndpointResult.CreateBadRequestResult(error.Details)); case Option <AuthorizationFlow> .Result r: responseMode = CoreConstants.MappingAuthorizationFlowAndResponseModes[r.Item]; break; } } endpointResult = endpointResult with { RedirectInstruction = endpointResult.RedirectInstruction !with { ResponseMode = responseMode } }; } return(endpointResult); } var e = generateIdToken as Option <JwtPayload> .Error; return(EndpointResult.CreateBadRequestResult(e !.Details)); }
public Task StoreAuthorizationCodeAsync(string handle, AuthorizationCode code) { return(StoreItem(handle, code, Constants.PersistedGrantTypes.AuthorizationCode, code.ClientId, code.Subject.GetSubjectId(), code.CreationTime, code.Lifetime)); }
public async Task StoreAsync(string key, AuthorizationCode value) { var record = new AuthorizationCodeHandle(key, value); await CreateAsync(record); }
public async Task StoreAsync(string key, AuthorizationCode value) { await _cache.StringSetAsync(key, SerializeCode(value)); }
public static async Task RaiseAuthorizationCodeIssuedEventAsync(this IEventService events, string id, AuthorizationCode code) { var evt = new Event <AuthorizationCodeDetails>( EventConstants.Categories.TokenService, "Authorization code issued", EventTypes.Information, EventConstants.Ids.AuthorizationCodeIssued); evt.DetailsFunc = () => new AuthorizationCodeDetails { HandleId = id, ClientId = code.ClientId, Scopes = code.Scopes, SubjectId = code.SubjectId, RedirectUri = code.RedirectUri, Lifetime = code.Client.AuthorizationCodeLifetime }; await events.RaiseEventAsync(evt); }
private string SerializeCode(AuthorizationCode code) { return(JsonConvert.SerializeObject(code, GetJsonSerializerSettings())); }
public Task StoreAsync(string key, AuthorizationCode value) { _repository[key] = value; return(Task.FromResult <object>(null)); }
public override bool Equals(object obj) { if (obj == null) { return(false); } if (obj == this) { return(true); } return(obj is CreateMobileAuthorizationCodeResponse other && ((Context == null && other.Context == null) || (Context?.Equals(other.Context) == true)) && ((AuthorizationCode == null && other.AuthorizationCode == null) || (AuthorizationCode?.Equals(other.AuthorizationCode) == true)) && ((ExpiresAt == null && other.ExpiresAt == null) || (ExpiresAt?.Equals(other.ExpiresAt) == true)) && ((Error == null && other.Error == null) || (Error?.Equals(other.Error) == true))); }
private async Task RaiseCodeIssuedEventAsync(string id, AuthorizationCode code) { await _events.RaiseAuthorizationCodeIssuedEventAsync(id, code); }
public async Task StoreAsync(string key, AuthorizationCode value) { var data = _serializer.Serialize(value); await _cache.SetAsync(key, data, _dceo); }