public async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
{
// Acquire a Token for the Graph API and cache it using ADAL. In the TodoListController, we'll use the cache to acquire a token to the Todo List API
context.HttpContext.User = context.Ticket.Principal;
_serviceProvider.GetService <IHttpContextAccessor>().HttpContext = context.HttpContext;
TokenCache tc = _serviceProvider.GetService <TokenCache>();
ClientCredential clientCred = new ClientCredential(_config.ClientId, _config.ClientSecret);
AuthenticationContext authContext = new AuthenticationContext(_config.Authority, tc);
AuthenticationResult authResult = await authContext.AcquireTokenByAuthorizationCodeAsync(
context.ProtocolMessage.Code, new Uri(context.Properties.Items[OpenIdConnectDefaults.RedirectUriForCodePropertiesKey]), clientCred, "https://graph.windows.net");
// Notify the OIDC middleware that we already took care of code redemption.
context.HandleCodeRedemption();
context.HandleResponse();
}
private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext arg, TokenProviderConfiguration configuration, Func <AuthorizationCodeReceivedContext, Task> handler)
{
_logger?.Message("Auth code received...");
var timer = Stopwatch.StartNew();
try
{
arg.HttpContext.User = arg.Principal;
if (IsMfaRequired(arg, configuration) && !arg.Principal.Claims.Any(c => c.Type == "mfa_required" && c.Value == "true"))
{
throw new UnauthorizedAccessException("MFA required");
}
var cache = arg.HttpContext.RequestServices.GetService <TokenCacheBase>();
var context = configuration.ConfidentialClientApplication(cache, s => { _logger?.Message(s); });
var user = await context.AcquireTokenByAuthorizationCode(new[] { configuration.Scope }, arg.ProtocolMessage.Code).ExecuteAsync();
_logger?.Message($"exchanging code with access token took: {timer.ElapsedMilliseconds}ms");
var policyValidator = arg.HttpContext.RequestServices.GetService <IPolicyValidation>();
try
{
if (policyValidator != null)
{
var timer2 = Stopwatch.StartNew();
var policy = await ValidatePolicies(configuration, policyValidator, arg.ProtocolMessage.RedirectUri ?? configuration.PolicyRedirectUrl ?? configuration.RedirectUrl);
timer2.Stop();
_logger?.Message($"Policy check took {timer2.ElapsedMilliseconds}ms. ");
if (policy.AllPoliciesValid)
{
_logger?.Message("Policies validated!");
AdditionalAuthCodeHandling?.Invoke(arg);
}
else
{
_logger?.Message("Not all policies is valid, redirecting to Veracity");
arg.Response.Redirect(policy.RedirectUrl); //Getting the redirect url from the error message.
arg.HandleResponse();
}
}
else
{
AdditionalAuthCodeHandling?.Invoke(arg);
}
}
catch (AggregateException aex)
{
var e = aex.InnerException as ServerException;
if (e != null)
{
HandleServerException(arg, e);
}
}
catch (ServerException ex)
{
HandleServerException(arg, ex);
}
}
catch (Exception ex)
{
ex.Log();
}
timer.Stop();
_logger?.Message($"Total on code received took {timer.ElapsedMilliseconds}ms. ");
await handler(arg);
}
