public async Task <ProcessConsentResult> ProcessConsent(ConsentInputModel model) { var result = new ProcessConsentResult(); ConsentResponse grantedConsent = null; // user clicked 'no' - send back the standard 'access_denied' response if (model.Button == "no") { grantedConsent = ConsentResponse.Denied; } // user clicked 'yes' - validate the data else if (model.Button == "yes" && model != null) { // if the user consented to some scope, build the response model if (model.ScopesConsented != null && model.ScopesConsented.Any()) { var scopes = model.ScopesConsented; if (ConsentOptions.EnableOfflineAccess == false) { scopes = scopes.Where(x => x != IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess); } grantedConsent = new ConsentResponse { RememberConsent = model.RememberConsent, ScopesConsented = scopes.ToArray() }; } else { result.ValidationError = ConsentOptions.MustChooseOneErrorMessage; } } else { result.ValidationError = ConsentOptions.InvalidSelectionErrorMessage; } if (grantedConsent != null) { // validate return url is still valid var request = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); if (request == null) { return(result); } // communicate outcome of consent back to identityserver await _interaction.GrantConsentAsync(request, grantedConsent); // indicate that's it ok to redirect back to authorization endpoint result.RedirectUri = model.ReturnUrl; } else { // we need to redisplay the consent UI result.ViewModel = await BuildViewModelAsync(model.ReturnUrl, model); } return(result); }
/*****************************************/ /* helper APIs for the ConsentController */ /*****************************************/ private async Task <ProcessConsentResult> ProcessConsent(ConsentInputModel model) { var result = new ProcessConsentResult(); // validate return url is still valid var request = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); if (request == null) { return(result); } ConsentResponse grantedConsent = null; // user clicked 'no' - send back the standard 'access_denied' response if (model?.Button == "no") { grantedConsent = new ConsentResponse { Error = AuthorizationError.AccessDenied }; // emit event await _events.RaiseAsync(new ConsentDeniedEvent(User.GetSubjectId(), request.Client.ClientId, request.ValidatedResources.RawScopeValues)); } // user clicked 'yes' - validate the data else if (model?.Button == "yes") { // if the user consented to some scope, build the response model if (model.ScopesConsented != null && model.ScopesConsented.Any()) { var scopes = model.ScopesConsented; if (ConsentOptions.EnableOfflineAccess == false) { scopes = scopes.Where(x => x != global::IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess); } grantedConsent = new ConsentResponse { RememberConsent = model.RememberConsent, ScopesValuesConsented = scopes.ToArray(), Description = model.Description }; // emit event await _events.RaiseAsync(new ConsentGrantedEvent(User.GetSubjectId(), request.Client.ClientId, request.ValidatedResources.RawScopeValues, grantedConsent.ScopesValuesConsented, grantedConsent.RememberConsent)); } else { result.ValidationError = ConsentOptions.MustChooseOneErrorMessage; } } else { result.ValidationError = ConsentOptions.InvalidSelectionErrorMessage; } if (grantedConsent != null) { // communicate outcome of consent back to identityserver await _interaction.GrantConsentAsync(request, grantedConsent); // indicate that's it ok to redirect back to authorization endpoint result.RedirectUri = model.ReturnUrl; result.Client = request.Client; } else { // we need to redisplay the consent UI result.ViewModel = await BuildViewModelAsync(model.ReturnUrl, model); } return(result); }
/*****************************************/ /* helper APIs for the ConsentController */ /*****************************************/ private async Task <ProcessConsentResult> ProcessConsent(ConsentInputModel model) { _logger.LogInformation("Process consent for {ReturnUrl}", model.ReturnUrl); var result = new ProcessConsentResult(); // validate return url is still valid var request = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); if (request == null) { return(result); } ConsentResponse grantedConsent = null; // user clicked 'no' - send back the standard 'access_denied' response if (model.Button == "no") { _logger.LogInformation("Consent was denied by user"); grantedConsent = new ConsentResponse { Error = AuthorizationError.AccessDenied }; // emit event await _events.RaiseAsync(new ConsentDeniedEvent(User.GetSubjectId(), request.Client.ClientId, request.ValidatedResources.RawScopeValues)); } // user clicked 'yes' - validate the data else if (model.Button == "yes") { _logger.LogInformation("Consent was accepted by user"); // if the user consented to some scope, build the response model if (model.ScopesConsented != null && model.ScopesConsented.Any()) { var scopes = model.ScopesConsented; grantedConsent = new ConsentResponse { RememberConsent = model.RememberConsent, ScopesValuesConsented = scopes.ToArray(), Description = model.Description }; // emit event await _events.RaiseAsync(new ConsentGrantedEvent(User.GetSubjectId(), request.Client.ClientId, request.ValidatedResources.RawScopeValues, grantedConsent.ScopesValuesConsented, grantedConsent.RememberConsent)); } else { _logger.LogInformation("Validation error: {ValidationError}", "You must pick at least one permission"); result.ValidationError = "You must pick at least one permission"; } } else { _logger.LogInformation("User did not accept no deny consent"); result.ValidationError = "Invalid selection"; } if (grantedConsent != null) { // communicate outcome of consent back to identityserver await _interaction.GrantConsentAsync(request, grantedConsent); // indicate that's it ok to redirect back to authorization endpoint result.RedirectUri = model.ReturnUrl; result.Client = request.Client; } else { // we need to redisplay the consent UI result.ViewModel = await BuildViewModelAsync(model.ReturnUrl, model); } return(result); }
public async Task <ProcessConsentResult> ProcessConsent(ConsentInputModel model) { var result = new ProcessConsentResult(); ConsentResponse grantedConsent = null; switch (model.Button) { case "no": { grantedConsent = ConsentResponse.Denied; break; } case "yes" when model.ScopesConsented != null && model.ScopesConsented.Any(): { var scopes = model.ScopesConsented; if (_identityServerCommonOptions.EnableOfflineAccess == false) { scopes = scopes.Where(x => x != IdentityServerConstants.StandardScopes.OfflineAccess); } grantedConsent = new ConsentResponse { RememberConsent = model.RememberConsent, ScopesConsented = scopes.ToArray() }; break; } case "yes": { result.ValidationError = _identityServerCommonOptions.MustChooseOneErrorMessage; break; } default: { result.ValidationError = _identityServerCommonOptions.InvalidSelectionErrorMessage; break; } } if (grantedConsent != null) { // validate return url is still valid var request = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); if (request == null) { return(result); } // communicate outcome of consent back to IdentityServer await _interaction.GrantConsentAsync(request, grantedConsent); // indicate that's it ok to redirect back to authorization endpoint result.RedirectUri = model.ReturnUrl; } else { // we need to redisplay the consent UI result.ViewModel = await BuildViewModelAsync(model.ReturnUrl, model); } return(result); }
/*****************************************/ /* helper APIs for the ConsentController */ /*****************************************/ private async Task <ProcessConsentResult> ProcessConsent(ConsentInputModel model) { var result = new ProcessConsentResult(); var request = await _interaction.GetAuthorizationContextAsync(model.ReturnUrl); if (request == null) { return(result); } ConsentResponse grantedConsent = null; if (model.Button == "no") { grantedConsent = ConsentResponse.Denied; await _events.RaiseAsync(new ConsentDeniedEvent(User.GetSubjectId(), result.ClientId, request.ScopesRequested)); } else if (model.Button == "yes" && model != null) { if (model.ScopesConsented != null && model.ScopesConsented.Any()) { var scopes = model.ScopesConsented; if (ConsentOptions.EnableOfflineAccess == false) { scopes = scopes.Where(x => x != IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess); } grantedConsent = new ConsentResponse { RememberConsent = model.RememberConsent, ScopesConsented = scopes.ToArray() }; await _events.RaiseAsync(new ConsentGrantedEvent(User.GetSubjectId(), request.ClientId, request.ScopesRequested, grantedConsent.ScopesConsented, grantedConsent.RememberConsent)); } else { result.ValidationError = ConsentOptions.MustChooseOneErrorMessage; } } else { result.ValidationError = ConsentOptions.InvalidSelectionErrorMessage; } if (grantedConsent != null) { await _interaction.GrantConsentAsync(request, grantedConsent); result.RedirectUri = model.ReturnUrl; result.ClientId = request.ClientId; } else { result.ViewModel = await BuildViewModelAsync(model.ReturnUrl, model); } return(result); }
private ConsentViewModel CreateConsentViewModel(AuthorizationRequest request, Client client, Resources resources, ConsentInputModel model) { var vm = new ConsentViewModel { ClientName = client.ClientName ?? client.ClientId, ClientLogoUrl = client.LogoUri, ClientUrl = client.ClientUri, AllowRememberConsent = client.AllowRememberConsent, RememberConsent = model?.RememberConsent ?? true, ScopesConsented = model?.ScopesConsented ?? Enumerable.Empty <string>(), }; vm.IdentityScopes = resources.IdentityResources.Select(i => CreateScopeViewModel(i, vm.ScopesConsented.Contains(i.Name) || model == null)); vm.ResourceScopes = resources.ApiResources.SelectMany(a => a.Scopes).Select(s => CreateScopeViewModel(s, vm.ScopesConsented.Contains(s.Name) || model == null)); return(vm); }
public async Task <ConsentViewModel> BuildConsentViewModelAsync(string returnUrl, ConsentInputModel model = null) { var request = await _identityServerInteractionService.GetAuthorizationContextAsync(returnUrl); if (returnUrl == null) { return(null); } var client = await _clientStore.FindEnabledClientByIdAsync(request.Client.ClientId); var resources = await _resourceStore.FindEnabledResourcesByScopeAsync(request.ScopesRequested); var vm = CreateConsentViewModel(request, client, resources, model); vm.ReturnUrl = returnUrl; return(vm); }