/// <summary>
/// Sets the CallbackUrl and session.ReferrerUrl if not set and initializes the session tokens for this AuthProvider
/// </summary>
/// <param name="authService"></param>
/// <param name="session"></param>
/// <param name="request"> </param>
/// <returns></returns>
protected IAuthTokens Init(IServiceBase authService, ref IAuthSession session, Authenticate request)
{
AssertValidState();
if (this.CallbackUrl.IsNullOrEmpty())
{
this.CallbackUrl = authService.Request.AbsoluteUri;
}
if (RestoreSessionFromState == true)
{
var state = authService.Request.GetQueryStringOrForm(Keywords.State);
if (!string.IsNullOrEmpty(state))
{
(authService.Request.Response as IHttpResponse)?.ClearCookies();
authService.Request.CreateTemporarySessionId(state);
session = authService.Request.GetSession(reload: true);
}
}
session.ReferrerUrl = GetReferrerUrl(authService, session, request);
var tokens = session.GetAuthTokens(Provider);
if (tokens == null)
{
session.AddAuthToken(tokens = new AuthTokens {
Provider = Provider
});
}
return(tokens);
}
protected IAuthTokens Init(IServiceBase authService, ref IAuthSession session, Authenticate request)
{
var requestUri = authService.Request.AbsoluteUri;
if (this.CallbackUrl.IsNullOrEmpty())
{
this.CallbackUrl = requestUri;
}
if (session.ReferrerUrl.IsNullOrEmpty())
{
session.ReferrerUrl = request?.Continue ?? authService.Request.GetHeader("Referer");
}
if (session.ReferrerUrl.IsNullOrEmpty() || session.ReferrerUrl.IndexOf("/auth", StringComparison.OrdinalIgnoreCase) >= 0)
{
session.ReferrerUrl = this.RedirectUrl
?? HostContext.Config.WebHostUrl
?? requestUri.Substring(0, requestUri.IndexOf("/", "https://".Length + 1, StringComparison.Ordinal));
}
var tokens = session.GetAuthTokens(this.Provider);
if (tokens == null)
{
session.AddAuthToken(tokens = new AuthTokens {
Provider = this.Provider
});
}
return(tokens);
}
/// <summary>
/// Sets the CallbackUrl and session.ReferrerUrl if not set and initializes the session tokens for this AuthProvider
/// </summary>
/// <param name="authService"></param>
/// <param name="session"></param>
/// <param name="request"> </param>
/// <returns></returns>
protected IAuthTokens Init(IServiceBase authService, ref IAuthSession session, Authenticate request)
{
if (this.CallbackUrl.IsNullOrEmpty())
{
this.CallbackUrl = authService.Request.AbsoluteUri;
}
session.ReferrerUrl = GetReferrerUrl(authService, session, request);
var tokens = session.GetAuthTokens(Provider);
if (tokens == null)
{
session.AddAuthToken(tokens = new AuthTokens {
Provider = Provider
});
}
return(tokens);
}
public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request)
{
ServiceStack.Logging.ILog log = ServiceStack.Logging.LogManager.GetLogger(typeof(OpenIDConnectProvider));
var config = getOIDConfig();
var tokens = Init(authService, ref session, request);
string redirectUri = authService.Request.GetAbsoluteUrl($"~/auth/openid");
log.Debug($"redirect uri: {redirectUri}");
var httpRequest = authService.Request;
if (httpRequest.GetParam("code") != null)
{
WebClient webClient = new WebClient();
NameValueCollection formData = new NameValueCollection();
formData["code"] = httpRequest.GetParam("code");
formData["client_id"] = this.ConsumerKey;
formData["redirect_uri"] = redirectUri.ToLower();
formData["grant_type"] = "authorization_code";
formData["client_secret"] = this.ConsumerSecret;
string maxAge = httpRequest.GetParam("max_age");
if (!string.IsNullOrWhiteSpace(maxAge))
{
formData["max_age"] = maxAge;
}
string prompt = httpRequest.GetParam("prompt");
if (!string.IsNullOrWhiteSpace(prompt))
{
formData["prompt"] = maxAge;
}
webClient.Headers.Add("Content-Type", "application/x-www-form-urlencoded");
var response = webClient.UploadValues(config.TokenEndpoint, formData);
var str = System.Text.Encoding.Default.GetString(response);
var json = JsonObject.Parse(str);
try
{
tokens.AccessToken = json.Get <string>("access_token");
tokens.RequestToken = json.Get <string>("id_token");
session.AddAuthToken(tokens);
setSession(json.Get <string>("id_token"), session);
this.SaveSession(authService, session, SessionExpiry);
}
catch
{
return(this.Logout(authService, request));
}
string redirectTo = authService.Request.GetAbsoluteUrl($"~/");
string stateId = httpRequest.GetParam("state");
log.Debug($"stateId: {stateId}");
if (!string.IsNullOrWhiteSpace(stateId))
{
Guid stateGuid;
if (Guid.TryParse(stateId, out stateGuid))
{
if (redirectUrls.ContainsKey(stateGuid))
{
if (!string.IsNullOrWhiteSpace(redirectUrls[stateGuid]))
{
redirectTo = redirectUrls[stateGuid];
log.Debug($"redirectTo: {redirectTo}");
redirectUrls.Remove(stateGuid);
}
}
}
else
{
string redirUrl = HttpUtility.UrlDecode(stateId);
if (redirUrl.StartsWith("http", StringComparison.InvariantCultureIgnoreCase))
{
redirectTo = redirUrl;
}
}
}
return(OnAuthenticated(authService, session, tokens, httpRequest.FormData.ToDictionary())
?? doRedirect(authService, SuccessRedirectUrlFilter(this, redirectTo))); //Haz Access!
}
else
{
log.Debug($"referrer: {session.ReferrerUrl}");
Guid stateId = Guid.NewGuid();
redirectUrls[stateId] = cleanSiteUrl(session.ReferrerUrl);
var maxAge = httpRequest.GetParam("max_age");
if (!string.IsNullOrWhiteSpace(maxAge))
{
maxAge = $"&max_age={maxAge}";
}
var prompt = "";
//if (ServiceDefaults.Instance.Authentication.PromptForLogin)
//{
// prompt = $"&prompt=login";
//}
var error = httpRequest.GetParam("f");
if (!string.IsNullOrWhiteSpace(error))
{
return(HttpError.Unauthorized("AccessToken validation failed."));
}
else
{
return(authService.Redirect($"{config.AuthorizationEndpoint}?client_id={this.ConsumerKey}&redirect_uri={redirectUri.ToLower()}&response_type=code&scope=openid%20email&state={stateId}{maxAge}{prompt}"));
}
}
}
protected IAuthTokens Init(IServiceBase authService, ref IAuthSession session, Authenticate request)
{
var requestUri = authService.Request.AbsoluteUri;
if (this.CallbackUrl.IsNullOrEmpty())
{
this.CallbackUrl = requestUri;
}
if (session.ReferrerUrl.IsNullOrEmpty())
{
session.ReferrerUrl = (request != null ? request.Continue : null) ?? authService.Request.GetHeader("Referer");
}
if (session.ReferrerUrl.IsNullOrEmpty() || session.ReferrerUrl.IndexOf("/auth", StringComparison.OrdinalIgnoreCase) >= 0)
{
session.ReferrerUrl = this.RedirectUrl
?? HttpHandlerFactory.GetBaseUrl()
?? requestUri.Substring(0, requestUri.IndexOf("/", "https://".Length + 1, StringComparison.Ordinal));
}
var tokens = session.GetAuthTokens(this.Provider);
if (tokens == null)
{
session.AddAuthToken(tokens = new AuthTokens { Provider = this.Provider });
}
return tokens;
}
/// <summary>
/// Sets the CallbackUrl and session.ReferrerUrl if not set and initializes the session tokens for this AuthProvider
/// </summary>
/// <param name="authService"></param>
/// <param name="session"></param>
/// <param name="request"> </param>
/// <returns></returns>
protected IAuthTokens Init(IServiceBase authService, ref IAuthSession session, Authenticate request)
{
if (this.CallbackUrl.IsNullOrEmpty())
this.CallbackUrl = authService.Request.AbsoluteUri;
session.ReferrerUrl = GetReferrerUrl(authService, session, request);
var tokens = session.GetAuthTokens(Provider);
if (tokens == null)
session.AddAuthToken(tokens = new AuthTokens { Provider = Provider });
return tokens;
}