public async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
{
// Use MSAL to swap the code for an access token
// Extract the code from the response notification
var code = context.ProtocolMessage.Code;
string signedInUserID = context.Principal.FindFirst(ClaimTypes.NameIdentifier).Value;
// TODO: Cache tokens?
var tokenCache = new TokenCache();
var redirectUri = new UriBuilder(context.Request.Scheme, context.Request.Host.Host, context.Request.Host.Port ?? 80, context.Request.PathBase + "/signin-oidc");
var cca = new ConfidentialClientApplication(_azureAdB2COptions.ClientId, _azureAdB2COptions.Authority, redirectUri.Uri.ToString(), new ClientCredential(_azureAdB2COptions.ClientSecret), tokenCache, null);
var result = await cca.AcquireTokenByAuthorizationCodeAsync(code, _azureAdB2COptions.ScopeString.Split(' '));
context.HandleCodeRedemption(result.AccessToken, result.IdToken);
// Check if we have an attendee record for this user, and load it up if we do.
var attendee = await _apiClient.GetMeAsync(result.AccessToken);
// If we do, load additional claims. If not, don't and the filter will take care of "welcoming" the user :)
if (attendee != null)
{
var claimsIdentity = (ClaimsIdentity)context.Principal.Identity;
AttendeeClaimMapper.UpdateClaims(claimsIdentity, attendee);
}
}
private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
{
string authority = context.Options.Authority;
string clientId = context.Options.ClientId;
string clientSecret = context.Options.ClientSecret;
string redirectUri = context.TokenEndpointRequest.RedirectUri;
string key = context.Principal.FindFirstValue("http://schemas.microsoft.com/identity/claims/objectidentifier");
string code = context.TokenEndpointRequest.Code;
//IEnumerable<string> scopes = _azOptions.Scopes.Split(";").Where(c => !string.IsNullOrEmpty(c));
IEnumerable <string> scopes = new string[] { "api://core/.default" };
IDistributedCache cache = context.HttpContext.RequestServices.GetService <IDistributedCache>();
IConfidentialClientApplication app = ConfidentialClientApplicationBuilder
.Create(clientId)
.WithClientSecret(clientSecret)
.WithAuthority(authority)
.WithRedirectUri(redirectUri)
.Build();
TokenCacheHelper.Initialize(key: key,
distributedCache: cache,
tokenCache: app.UserTokenCache);
var result = await app.AcquireTokenByAuthorizationCode(scopes, code)
.ExecuteAsync();
context.HandleCodeRedemption(result.AccessToken, result.IdToken);
}
public Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
{
// Use MSAL to swap the code for an access token
// Extract the code from the response notification
var code = context.ProtocolMessage.Code;
string signedInUserID = context.Principal.FindFirst(ClaimTypes.NameIdentifier).Value;
// return Task.FromResult(0);
return(Task.CompletedTask);
// TokenCache userTokenCache = new MSALSessionCache(signedInUserID, context.HttpContext).GetMsalCacheInstance();
// ConfidentialClientApplication cca = new ConfidentialClientApplication(AzureAdB2COptions.ClientId, AzureAdB2COptions.Authority, AzureAdB2COptions.RedirectUri, new ClientCredential(AzureAdB2COptions.ClientSecret), userTokenCache, null);
// try
// {
// AuthenticationResult result = await cca.AcquireTokenByAuthorizationCodeAsync(code, AzureAdB2COptions.ApiScopes.Split(' '));
// context.HandleCodeRedemption(result.AccessToken, result.IdToken);
// }
// catch
// {
// //TODO: Handle
// throw;
// }
}
/// <summary>
/// Redeems the authorization code by calling AcquireTokenByAuthorizationCodeAsync in order to ensure
/// that the cache has a token for the signed-in user, which will then enable the controllers (like the
/// TodoController, to call AcquireTokenSilentAsync successfully.
/// </summary>
private async Task OnAuthorizationCodeReceivedAsync(AuthorizationCodeReceivedContext context)
{
// Acquire a Token for the Graph API and cache it using ADAL. In the TodoListController, we'll use the cache to acquire a token for the Todo List API
string userObjectId = (context.Principal.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier"))?.Value;
string signedInUserID = context.Principal.FindFirst(ClaimTypes.NameIdentifier).Value;
var code = context.ProtocolMessage.Code;
TokenCache userTokenCache = new MSALSessionCache(signedInUserID, context.HttpContext).GetMsalCacheInstance();
ConfidentialClientApplication cca = new ConfidentialClientApplication(azureAdOptions.ClientId, azureAdOptions.Authority, azureAdOptions.RedirectUri, new ClientCredential(azureAdOptions.ClientSecret), userTokenCache, null);
try
{
var scopes = azureAdOptions.ApiScopes.Split(' ');
var result = await cca.AcquireTokenByAuthorizationCodeAsync(code, scopes);
//AcquireTokenSilentAsync(scopes, cca.Users.FirstOrDefault(), azureAdOptions.Authority, false);
context.HandleCodeRedemption(result.AccessToken, result.IdToken);
}
catch (Exception ex)
{
//TODO: Handle
throw;
}
// Notify the OIDC middleware that we already took care of code redemption.
}
/// <summary>
/// In a Web App, adds, to the MSAL.NET cache, the account of the user authenticating to the Web App, when the authorization code is received (after the user
/// signed-in and consented)
/// An On-behalf-of token contained in the <see cref="AuthorizationCodeReceivedContext"/> is added to the cache, so that it can then be used to acquire another token on-behalf-of the
/// same user in order to call to downstream APIs.
/// </summary>
/// <param name="context">The context used when an 'AuthorizationCode' is received over the OpenIdConnect protocol.</param>
/// <example>
/// From the configuration of the Authentication of the ASP.NET Core Web API:
/// <code>OpenIdConnectOptions options;</code>
///
/// Subscribe to the authorization code recieved event:
/// <code>
/// options.Events = new OpenIdConnectEvents();
/// options.Events.OnAuthorizationCodeReceived = OnAuthorizationCodeReceived;
/// }
/// </code>
///
/// And then in the OnAuthorizationCodeRecieved method, call <see cref="AddAccountToCacheFromAuthorizationCode"/>:
/// <code>
/// private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
/// {
/// var tokenAcquisition = context.HttpContext.RequestServices.GetRequiredService<ITokenAcquisition>();
/// await _tokenAcquisition.AddAccountToCacheFromAuthorizationCode(context, new string[] { "user.read" });
/// }
/// </code>
/// </example>
public async Task AddAccountToCacheFromAuthorizationCode(AuthorizationCodeReceivedContext context, IEnumerable <string> scopes)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
if (scopes == null)
{
throw new ArgumentNullException(nameof(scopes));
}
try
{
// As AcquireTokenByAuthorizationCodeAsync is asynchronous we want to tell ASP.NET core that we are handing the code
// even if it's not done yet, so that it does not concurrently call the Token endpoint.
context.HandleCodeRedemption();
var application = BuildConfidentialClientApplication(context.HttpContext, context.Principal);
// Do not share the access token with ASP.NET Core otherwise ASP.NET will cache it and will not send the OAuth 2.0 request in
// case a further call to AcquireTokenByAuthorizationCodeAsync in the future for incremental consent (getting a code requesting more scopes)
// Share the ID Token
var result = await application.AcquireTokenByAuthorizationCode(scopes.Except(scopesRequestedByMsalNet), context.ProtocolMessage.Code)
.ExecuteAsync();
context.HandleCodeRedemption(null, result.IdToken);
}
catch (MsalException ex)
{
Debug.WriteLine(ex.Message);
throw;
}
}
public override async Task AuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
{
var principal = context.Principal;
var request = context.HttpContext.Request;
var currentUri = UriHelper.BuildAbsolute(request.Scheme, request.Host, request.PathBase, request.Path);
var properties = context.Properties;
var surveysTokenService = context.HttpContext.RequestServices.GetService <ISurveysTokenService>();
try
{
var result = await surveysTokenService.RequestTokenAsync(
principal,
context.ProtocolMessage.Code,
currentUri,
_adOptions.WebApiResourceId)
.ConfigureAwait(false);
context.HandleCodeRedemption(result.AccessToken, result.IdToken);
}
catch
{
// If an exception is thrown within this event, the user is never set on the OWIN middleware,
// so there is no need to sign out. However, the access token could have been put into the
// cache so we need to clean it up.
await surveysTokenService.ClearCacheAsync(principal)
.ConfigureAwait(false);
throw;
}
}
private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
{
//var clientCredential = new ClientCredential(context.Options.ClientSecret);
var confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(context.Options.ClientId)
.WithClientSecret(context.Options.ClientSecret)
.WithAuthority(context.Options.Authority)
.WithRedirectUri(_options.RedirectUri)
.Build();
//var userId = context.Principal.FindFirst(ClaimTypes.NameIdentifier).Value;
//var tokenCache = new SessionTokenCache(context.HttpContext, userId);
//var confidentialClientApplication = new ConfidentialClientApplication(
// context.Options.ClientId,
// context.Options.Authority,
// _options.RedirectUri,
// clientCredential,
// tokenCache.GetInstance(),
// null);
try
{
var authenticationResult = confidentialClientApplication.AcquireTokenByAuthorizationCode(_options.ApiScopes.Split(' '), context.ProtocolMessage.Code);
//context.HandleCodeRedemption(authenticationResult.AccessToken, authenticationResult.IdToken);
}
catch (Exception ex)
{
// TODO: Handle
throw;
}
}
public override Task AuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
{
context.TokenEndpointRequest.ClientAssertionType = OidcConstants.ClientAssertionTypes.JwtBearer;
context.TokenEndpointRequest.ClientAssertion = _assertionService.CreateClientToken();
return(Task.CompletedTask);
}
private async Task OnAuthorizationCodeReceivedAsync(AuthorizationCodeReceivedContext context)
{
_logger.LogDebug(string.Format(CultureInfo.InvariantCulture, LogMessages.MethodBegin, nameof(OnAuthorizationCodeReceivedAsync)));
await s_onAuthorizationCodeReceived(context).ConfigureAwait(false);
_logger.LogDebug(string.Format(CultureInfo.InvariantCulture, LogMessages.MethodEnd, nameof(OnAuthorizationCodeReceivedAsync)));
}
public async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
{
// Use MSAL to swap the code for an access token
// Extract the code from the response notification
var code = context.ProtocolMessage.Code;
string signedInUserID = context.Principal.FindFirst(ClaimTypes.NameIdentifier).Value;
IConfidentialClientApplication cca = ConfidentialClientApplicationBuilder.Create(AzureAdB2COptions.ClientId)
.WithB2CAuthority(AzureAdB2COptions.Authority)
.WithRedirectUri(AzureAdB2COptions.RedirectUri)
.WithClientSecret(AzureAdB2COptions.ClientSecret)
.Build();
new MSALStaticCache(signedInUserID, context.HttpContext).EnablePersistence(cca.UserTokenCache);
try
{
AuthenticationResult result = await cca.AcquireTokenByAuthorizationCode(AzureAdB2COptions.ApiScopes.Split(' '), code)
.ExecuteAsync();
context.HandleCodeRedemption(result.AccessToken, result.IdToken);
}
catch (Exception ex)
{
//TODO: Handle
throw ex;
}
}
private async Task OnAuthorizationCodeReceivedAsync(AuthorizationCodeReceivedContext context)
{
var userId = context.Principal.FindFirst(ClaimTypes.NameIdentifier).Value;
var referers = context.HttpContext.Request.Headers["Referer"].ToString().Split('/').FirstOrDefault(t => t.ToLower().StartsWith("b2c_1")).ToLower();
var authority = context.Options.Authority.Replace("b2c_1_susi", referers);
var confidentialClientApplication = ConfidentialClientApplicationBuilder
.Create(context.Options.ClientId)
.WithClientSecret(context.Options.ClientSecret)
.WithAuthority(authority)
.WithRedirectUri(_options.RedirectUri)
.Build();
try
{
var authenticationResult = await confidentialClientApplication
.AcquireTokenByAuthorizationCode(_options.ApiScopes.Split(' '), context.ProtocolMessage.Code)
.WithB2CAuthority(authority)
.ExecuteAsync();
context.HandleCodeRedemption(authenticationResult.AccessToken, authenticationResult.IdToken);
}
catch (Exception ex)
{
// TODO: Handle
//throw ex;
}
}
protected virtual async Task RedeemAuthorizationCodeAsync(AuthorizationCodeReceivedContext context)
{
var configuration = await context.Options.ConfigurationManager.GetConfigurationAsync(CancellationToken.None);
var requestMessage = new HttpRequestMessage(HttpMethod.Post, configuration.TokenEndpoint);
string authInfo = context.TokenEndpointRequest.ClientId + ":" + context.TokenEndpointRequest.ClientSecret;
authInfo = Convert.ToBase64String(Encoding.Default.GetBytes(authInfo));
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Basic", authInfo);
var msg = context.TokenEndpointRequest.Clone();
msg.ClientSecret = null;
requestMessage.Content = new FormUrlEncodedContent(msg.Parameters);
var responseMessage = await context.Backchannel.SendAsync(requestMessage);
if (!responseMessage.IsSuccessStatusCode)
{
Console.WriteLine(await responseMessage.Content.ReadAsStringAsync());
return;
}
try
{
var responseContent = await responseMessage.Content.ReadAsStringAsync();
var message = new OpenIdConnectMessage(responseContent);
context.HandleCodeRedemption(message);
}
catch (Exception)
{
}
}
static async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
{
Debug.WriteLine($"4. Begin {nameof(OnAuthorizationCodeReceived)}");
await onAuthorizationCodeReceived(context);
Debug.WriteLine($"4. End - {nameof(OnAuthorizationCodeReceived)}");
}
/// <summary>
/// Is called whenever B2C retrieves a new auth token.
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
{
// Use MSAL to swap the code for an access token
// Extract the authorization code from the response notification
var code = context.ProtocolMessage.Code;
var signedInUserId = context.Principal.FindFirst(ClaimTypes.NameIdentifier).Value;
var userTokenCache = new MsalSessionCache(signedInUserId, context.HttpContext).GetMsalCacheInstance();
var clientApplication = new ConfidentialClientApplication(
AzureAdB2COptions.ClientId,
AzureAdB2COptions.Authority,
AzureAdB2COptions.RedirectUri,
new ClientCredential(AzureAdB2COptions.ClientSecret),
userTokenCache,
null);
// try to retrieve the baerer token
try
{
var result = await clientApplication.AcquireTokenByAuthorizationCodeAsync(code, AzureAdB2COptions.ApiScopes.Split(' '));
context.HandleCodeRedemption(result.AccessToken, result.IdToken);
}
catch (Exception ex)
{
Trace.TraceError(ex.Message);
throw;
}
}
public async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
{
// Use MSAL to swap the code for an access token
// Extract the code from the response notification
var authorization_code = context.ProtocolMessage.Code;
string signedInUserID = context.Principal.FindFirst(c => c.Type == "userId").Value;
//string signedInUserID = context.Principal.FindFirst(ClaimTypes.NameIdentifier).Value;
IConfidentialClientApplication cca = ConfidentialClientApplicationBuilder.Create(AzureAdB2COptions.ClientId)
.WithB2CAuthority(AzureAdB2COptions.Authority)
.WithRedirectUri(AzureAdB2COptions.RedirectUri)
.WithClientSecret(AzureAdB2COptions.ClientSecret)
.Build();
try
{
AuthenticationResult result = await cca.AcquireTokenByAuthorizationCode(AzureAdB2COptions.DataApiScope.Split(' '), authorization_code)
.ExecuteAsync();
context.HandleCodeRedemption(result.AccessToken, result.IdToken);
Startup.userTokenCache[signedInUserID] = result.AccessToken;
Debug.WriteLine(result.AccessToken + "\n\n\n\n", "\n\n\n\nAccess Token\n\t");
}
catch (Exception ex)
{
//TODO:
Debug.WriteLine(ex.ToString() + "\n\n\n\n", "\n\n\n\nFetch access token failed\n\t");
throw;
}
}
private async Task OnAuthorizationCodeReceivedAsync(AuthorizationCodeReceivedContext context)
{
_logger.LogDebug($"4. Begin {nameof(OnAuthorizationCodeReceivedAsync)}");
await s_onAuthorizationCodeReceived(context).ConfigureAwait(false);
_logger.LogDebug($"4. End - {nameof(OnAuthorizationCodeReceivedAsync)}");
}
public async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
{
// Use MSAL to swap the code for an access token
// Extract the code from the response notification
var code = context.ProtocolMessage.Code;
string signedInUserID = context.Principal.FindFirst(ClaimTypes.NameIdentifier).Value;
string displayName = context.Principal.FindFirst("Name").Value;
string email = context.Principal.FindFirst("Emails").Value;
string country = String.Empty;
if (context.Principal.FindFirst("Country") != null)
{
country = context.Principal.FindFirst("Country").Value;
}
TokenCache userTokenCache = new MSALSessionCache(signedInUserID, context.HttpContext).GetMsalCacheInstance();
ConfidentialClientApplication cca = new ConfidentialClientApplication(AzureAdB2COptions.ClientId, AzureAdB2COptions.Authority, AzureAdB2COptions.RedirectUri, new ClientCredential(AzureAdB2COptions.ClientSecret), userTokenCache, null);
try
{
AuthenticationResult result = await cca.AcquireTokenByAuthorizationCodeAsync(code, AzureAdB2COptions.ApiScopes.Split(' '));
context.HandleCodeRedemption(result.AccessToken, result.IdToken);
}
catch (Exception ex)
{
//TODO: Handle
throw;
}
}
private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
{
var clientCredential = new ClientCredential(context.Options.ClientSecret);
var userId = context.Principal.FindFirst(ClaimTypes.NameIdentifier).Value;
var tokenCache = new SessionTokenCache(context.HttpContext, userId);
var confidentialClientApplication = new ConfidentialClientApplication(
context.Options.ClientId,
context.Options.Authority,
_options.RedirectUri,
clientCredential,
tokenCache.GetInstance(),
null);
try
{
var authenticationResult = await confidentialClientApplication.AcquireTokenByAuthorizationCodeAsync(context.ProtocolMessage.Code, _options.ApiScopes.Split(' '));
context.HandleCodeRedemption(authenticationResult.AccessToken, authenticationResult.IdToken);
}
catch (Exception ex)
{
// TODO: Handle
throw;
}
}
public async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
{
// Use MSAL to swap the code for an access token
// Extract the code from the response notification
var code = context.ProtocolMessage.Code;
foreach (var claim in context.Ticket.Principal.Claims)
{
System.Console.WriteLine(claim.Type + "-->" + claim.Value);
}
string signedInUserID = context.Ticket.Principal.FindFirst(ClaimTypes.NameIdentifier).Value;
TokenCache userTokenCache = new MSALSessionCache(signedInUserID, context.HttpContext).GetMsalCacheInstance();
ConfidentialClientApplication cca = new ConfidentialClientApplication(AzureAdB2COptions.ClientId, AzureAdB2COptions.Authority, AzureAdB2COptions.RedirectUri, new ClientCredential(AzureAdB2COptions.ClientSecret), userTokenCache, null);
try
{
AuthenticationResult result = await cca.AcquireTokenByAuthorizationCodeAsync(code, AzureAdB2COptions.ApiScopes.Split(' '));
context.HandleCodeRedemption(result.AccessToken, result.IdToken);
}
catch (Exception ex)
{
//TODO: Handle
throw;
}
}
private static async Task OnAuthorizationCodeReceivedAsync(AuthorizationCodeReceivedContext context)
{
Debug.WriteLine($"4. Begin {nameof(OnAuthorizationCodeReceivedAsync)}");
await s_onAuthorizationCodeReceived(context).ConfigureAwait(false);
Debug.WriteLine($"4. End - {nameof(OnAuthorizationCodeReceivedAsync)}");
}
private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
{
// Acquire a Token for the Graph API and cache it using ADAL.
string userObjectId = (context.Ticket.Principal.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier"))?.Value;
ClientCredential clientCred = new ClientCredential(ClientId, ClientSecret);
// Gets Authentication Tokens From Azure
AuthenticationContext authContext = new AuthenticationContext(Authority, new NaiveSessionCache(userObjectId, context.HttpContext.Session));
// Gets the Access Token To Graph API
AuthenticationResult authResult = await authContext.AcquireTokenByAuthorizationCodeAsync(
context.ProtocolMessage.Code, new Uri(context.Properties.Items[OpenIdConnectDefaults.RedirectUriForCodePropertiesKey]), clientCred, GraphResourceId);
// Gets the Access Token for Application Only Permissions
AuthenticationResult clientAuthResult = await authContext.AcquireTokenAsync(GraphResourceId, clientCred);
// The user's unique identifier from the signin event
string userId = authResult.UserInfo.UniqueId;
// Get the users roles and groups from the Graph Api. Then return the roles and groups in a new identity
ClaimsIdentity identity = await GetUsersRoles(clientAuthResult.AccessToken, userId);
// Add the roles to the Principal User
context.Ticket.Principal.AddIdentity(identity);
// Notify the OIDC middleware that we already took care of code redemption.
context.HandleCodeRedemption();
}
public override async Task AuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
{
var principal = context.AuthenticationTicket.Principal;
var surveysTokenService = context.HttpContext.RequestServices.GetService <ISurveysTokenService>();
try
{
await surveysTokenService.RequestTokenAsync(
principal,
context.ProtocolMessage.Code,
context.AuthenticationTicket.Properties.Items[OpenIdConnectDefaults.RedirectUriForCodePropertiesKey],
_adOptions.WebApiResourceId)
.ConfigureAwait(false);
}
catch
{
// If an exception is thrown within this event, the user is never set on the OWIN middleware,
// so there is no need to sign out. However, the access token could have been put into the
// cache so we need to clean it up.
await surveysTokenService.ClearCacheAsync(principal)
.ConfigureAwait(false);
throw;
}
}
private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
{
var confidentialClientApplication = ConfidentialClientApplicationBuilder.Create(context.Options.ClientId)
.WithClientSecret(context.Options.ClientSecret)
.WithB2CAuthority(context.Options.Authority)
.WithRedirectUri(_options.RedirectUri)
.Build();
var userId = context.Principal.FindFirst(ClaimTypes.NameIdentifier).Value;
var tokenCache = new SessionTokenCache(context.HttpContext, userId);
tokenCache.Initialize(confidentialClientApplication.UserTokenCache);
try
{
var authenticationResult = await confidentialClientApplication.AcquireTokenByAuthorizationCode(_options.ApiScopes.Split(' '), context.ProtocolMessage.Code)
.ExecuteAsync();
context.HandleCodeRedemption(authenticationResult.AccessToken, authenticationResult.IdToken);
}
catch (Exception ex)
{
// TODO: Handle
throw;
}
}
public async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
{
var clientCredential = new ClientCredential(context.Options.ClientSecret);
var userId = context.Principal.FindFirst(ClaimTypes.NameIdentifier).Value;
var userTokenCache = new MSALSessionCache(userId, context.HttpContext).GetMsalCacheInstance();
var confidentialClientApplication = new ConfidentialClientApplication(
context.Options.ClientId,
context.Options.Authority,
$"{context.Request.Scheme}://{context.Request.Host}{context.Request.Path}",
clientCredential,
userTokenCache,
null);
try
{
var authenticationResult = await confidentialClientApplication.AcquireTokenByAuthorizationCodeAsync(
context.ProtocolMessage.Code,
new[]
{
"https://contoso.onmicrosoft.com/api/user_impersonation"
});
context.HandleCodeRedemption(authenticationResult.AccessToken, authenticationResult.IdToken);
}
catch (Exception ex)
{
// TODO: Handle.
throw;
}
}
public async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
{
// Use MSAL to swap the code for an access token
// Extract the code from the response notification
var code = context.ProtocolMessage.Code;
string signedInUserID = context.Principal.FindFirst(ClaimTypes.NameIdentifier).Value;
IConfidentialClientApplication cca = ConfidentialClientApplicationBuilder.Create(AzureAdB2COptions.ClientId)
.WithB2CAuthority(AzureAdB2COptions.Authority)
.WithRedirectUri(AzureAdB2COptions.RedirectUri)
.WithClientSecret(AzureAdB2COptions.ClientSecret)
.Build();
new MSALStaticCache(signedInUserID, context.HttpContext).EnablePersistence(cca.UserTokenCache);
if (context.Principal != null)
{
using (var scope = _scopeFactory.CreateScope())
{
var db = scope.ServiceProvider.GetRequiredService <DataContext>();
string email = context.Principal.Identities.First().Claims.Where(x => x.Type == "emails").First().Value;
var user = db.Users.Where(x => x.Email == email).FirstOrDefault();
if (user == null)
{
string firstName = context.Principal.Identities.First().Claims.Where(x => x.Type == ClaimTypes.GivenName).First().Value;
db.Users.Add(new User()
{
Email = email, Role = Enums.Role.User, Name = firstName
});
db.SaveChanges();
user = db.Users.Include(x => x.Role).Where(x => x.Email == email).FirstOrDefault();
}
context.Principal.Identities.First().AddClaim(new Claim(ClaimTypes.Role, user.Role.ToString()));
context.Principal.Identities.First().AddClaim(new Claim(context.Principal.Identities.First().NameClaimType, user.Name));
context.Principal.Identities.First().AddClaim(new Claim(ClaimTypes.Email, user.Email.ToString()));
}
var p = context.Principal.Identities.First();
}
try
{
AuthenticationResult result = await cca.AcquireTokenByAuthorizationCode(AzureAdB2COptions.ApiScopes.Split(' '), code)
.ExecuteAsync();
context.HandleCodeRedemption(result.AccessToken, result.IdToken);
}
catch
{
//TODO: Handle
throw;
}
}
private void HandleServerException(AuthorizationCodeReceivedContext arg, ServerException e)
{
_logger?.Error(e);
if (e.Status == HttpStatusCode.NotAcceptable)
{
arg.Response.Redirect(e.GetErrorData <ValidationError>().Url); //Getting the redirect url from the error message.
}
}
//private Task HandleTicketRecieved(TicketReceivedContext context)
//{
// _log.LogWarning($"ticket received");
// return Task.CompletedTask;
//}
//private Task HandleTokenResponseRecieved(TokenResponseReceivedContext context)
//{
// _log.LogWarning($"token response received");
// return Task.CompletedTask;
//}
//private Task HandleUserInformationResponseRecieved(UserInformationReceivedContext context)
//{
// _log.LogWarning($"user info received");
// return Task.CompletedTask;
//}
private async Task HandleAuthorizationCodeRecieved(AuthorizationCodeReceivedContext context)
{
_log.LogWarning($"authorization code received {context.JwtSecurityToken}");
if (!string.IsNullOrWhiteSpace(context.JwtSecurityToken.RawPayload))
{
await _oidcHybridFlowHelper.CaptureJwt(context.Principal, context.JwtSecurityToken.RawPayload);
}
}
private static Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
{
var passcode = $"{context.Options.ClientId}:{context.Options.ClientSecret}";
var plainTextBytes = System.Text.Encoding.UTF8.GetBytes(passcode);
var authHeaderValue = Convert.ToBase64String(plainTextBytes);
context.Backchannel.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", authHeaderValue);
return(Task.CompletedTask);
}
private async Task AcquireTokenForMicrosoftGraph(AuthorizationCodeReceivedContext context)
{
// Acquire a Token for the Graph API and cache it in Session.
string userObjectId = context.Ticket.Principal.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;
ClientCredential clientCred = new ClientCredential(ClientId, ClientSecret);
AuthenticationContext authContext = new AuthenticationContext(Authority, new SessionCache(userObjectId, context.HttpContext));
AuthenticationResult authResult = await authContext.AcquireTokenByAuthorizationCodeAsync(
context.JwtSecurityToken.Id, new Uri(context.ProtocolMessage.RedirectUri), clientCred, GraphResourceId);
}
// Redeem the auth code for a token to the Graph API and cache it for later.
private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
{
// Redeem auth code for access token and cache it for later use
context.HttpContext.User = context.Ticket.Principal;
IAzureAdTokenService tokenService = (IAzureAdTokenService)context.HttpContext.RequestServices.GetService(typeof(IAzureAdTokenService));
await tokenService.RedeemAuthCodeForAadGraph(context.ProtocolMessage.Code, context.Properties.Items[OpenIdConnectDefaults.RedirectUriForCodePropertiesKey]);
// Notify the OIDC middleware that we already took care of code redemption.
context.HandleCodeRedemption();
}
