/// <summary>
/// Creates an instance of this context
/// </summary>
public OAuthAuthorizeEndpointContext(
IOwinContext context,
OAuthAuthorizationServerOptions options,
AuthorizeEndpointRequest authorizeRequest)
: base(context, options)
{
AuthorizeRequest = authorizeRequest;
}
/// <summary>
/// Initializes a new instance of the <see cref="OAuthValidateAuthorizeRequestContext"/> class
/// </summary>
/// <param name="context"></param>
/// <param name="options"></param>
/// <param name="authorizeRequest"></param>
/// <param name="clientContext"></param>
public OAuthValidateAuthorizeRequestContext(
IOwinContext context,
OAuthAuthorizationServerOptions options,
AuthorizeEndpointRequest authorizeRequest,
OAuthValidateClientRedirectUriContext clientContext) : base(context, options)
{
AuthorizeRequest = authorizeRequest;
ClientContext = clientContext;
}
/// <summary>
/// Initializes a new instance of the <see cref="OAuthAuthorizationEndpointResponseContext"/> class
/// </summary>
/// <param name="context"></param>
/// <param name="options"></param>
/// <param name="ticket"></param>
/// <param name="tokenEndpointRequest"></param>
public OAuthAuthorizationEndpointResponseContext(
IOwinContext context,
OAuthAuthorizationServerOptions options,
AuthenticationTicket ticket,
AuthorizeEndpointRequest authorizeEndpointRequest,
string accessToken,
string authorizationCode)
: base(context, options)
{
if (ticket == null)
{
throw new ArgumentNullException("ticket");
}
Identity = ticket.Identity;
Properties = ticket.Properties;
AuthorizeEndpointRequest = authorizeEndpointRequest;
AdditionalResponseParameters = new Dictionary <string, object>(StringComparer.Ordinal);
AccessToken = accessToken;
AuthorizationCode = authorizationCode;
}
private async Task <bool> InvokeAuthorizeEndpointAsync()
{
var authorizeRequest = new AuthorizeEndpointRequest(Request.Query);
var clientContext = new OAuthValidateClientRedirectUriContext(
Context,
Options,
authorizeRequest.ClientId,
authorizeRequest.RedirectUri);
if (!String.IsNullOrEmpty(authorizeRequest.RedirectUri))
{
bool acceptableUri = true;
Uri validatingUri;
if (!Uri.TryCreate(authorizeRequest.RedirectUri, UriKind.Absolute, out validatingUri))
{
// The redirection endpoint URI MUST be an absolute URI
// http://tools.ietf.org/html/rfc6749#section-3.1.2
acceptableUri = false;
}
else if (!String.IsNullOrEmpty(validatingUri.Fragment))
{
// The endpoint URI MUST NOT include a fragment component.
// http://tools.ietf.org/html/rfc6749#section-3.1.2
acceptableUri = false;
}
else if (!Options.AllowInsecureHttp &&
String.Equals(validatingUri.Scheme, Uri.UriSchemeHttp, StringComparison.OrdinalIgnoreCase))
{
// The redirection endpoint SHOULD require the use of TLS
// http://tools.ietf.org/html/rfc6749#section-3.1.2.1
acceptableUri = false;
}
if (!acceptableUri)
{
clientContext.SetError(Constants.Errors.InvalidRequest);
return(await SendErrorRedirectAsync(clientContext, clientContext));
}
}
await Options.Provider.ValidateClientRedirectUriAsync(clientContext);
if (!clientContext.IsValidated)
{
_logger.WriteVerbose("Unable to validate client information");
return(await SendErrorRedirectAsync(clientContext, clientContext));
}
var validatingContext = new OAuthValidateAuthorizeRequestContext(
Context,
Options,
authorizeRequest,
clientContext);
if (string.IsNullOrEmpty(authorizeRequest.ResponseType))
{
_logger.WriteVerbose("Authorize endpoint request missing required response_type parameter");
validatingContext.SetError(Constants.Errors.InvalidRequest);
}
else if (!authorizeRequest.IsAuthorizationCodeGrantType &&
!authorizeRequest.IsImplicitGrantType)
{
_logger.WriteVerbose("Authorize endpoint request contains unsupported response_type parameter");
validatingContext.SetError(Constants.Errors.UnsupportedResponseType);
}
else
{
await Options.Provider.ValidateAuthorizeRequest(validatingContext);
}
if (!validatingContext.IsValidated)
{
// an invalid request is not processed further
return(await SendErrorRedirectAsync(clientContext, validatingContext));
}
_clientContext = clientContext;
_authorizeEndpointRequest = authorizeRequest;
var authorizeEndpointContext = new OAuthAuthorizeEndpointContext(Context, Options, authorizeRequest);
await Options.Provider.AuthorizeEndpoint(authorizeEndpointContext);
return(authorizeEndpointContext.IsRequestCompleted);
}
