Example #1
0
        public static async Task <List <SigningCredentials> > GetSigningCredentials(
            this Client client,
            IJwksStore jwksStore,
            CancellationToken cancellationToken = default)
        {
            var signingKeys = client.JsonWebKeys.Keys.Where(key => key.Use == JsonWebKeyUseNames.Sig)
                              .Select(key => new SigningCredentials(key, key.Alg))
                              .ToList();

            if (signingKeys.Count != 0)
            {
                return(signingKeys);
            }

            var keys = await(client.IdTokenSignedResponseAlg == null
                    ? jwksStore.GetDefaultSigningKey(cancellationToken)
                    : jwksStore.GetSigningKey(client.IdTokenSignedResponseAlg, cancellationToken))
                       .ConfigureAwait(false);

            signingKeys = new List <SigningCredentials> {
                keys
            };

            return(signingKeys);
        }
Example #2
0
        public static async Task <GrantedToken?> GetValidGrantedToken(
            this ITokenStore tokenStore,
            IJwksStore jwksStore,
            string scopes,
            string clientId,
            CancellationToken cancellationToken = default,
            JwtPayload?idTokenJwsPayload        = null,
            JwtPayload?userInfoJwsPayload       = null)
        {
            var token = await tokenStore.GetToken(scopes, clientId, idTokenJwsPayload, userInfoJwsPayload, cancellationToken)
                        .ConfigureAwait(false);

            if (token == null)
            {
                return(null);
            }

            if ((await token.CheckGrantedToken(jwksStore, cancellationToken).ConfigureAwait(false)).IsValid)
            {
                return(token);
            }

            await tokenStore.RemoveAccessToken(token.AccessToken, cancellationToken).ConfigureAwait(false);

            return(null);
        }
Example #3
0
 public GetTokenViaImplicitWorkflowOperation(
     IClientStore clientStore,
     IConsentRepository consentRepository,
     IAuthorizationCodeStore authorizationCodeStore,
     ITokenStore tokenStore,
     IScopeRepository scopeRepository,
     IJwksStore jwksStore,
     IEventPublisher eventPublisher,
     ILogger logger)
 {
     _logger = logger;
     _processAuthorizationRequest = new ProcessAuthorizationRequest(
         clientStore,
         consentRepository,
         jwksStore,
         logger);
     _generateAuthorizationResponse = new GenerateAuthorizationResponse(
         authorizationCodeStore,
         tokenStore,
         scopeRepository,
         clientStore,
         consentRepository,
         jwksStore,
         eventPublisher,
         logger);
 }
        /// <summary>
        /// Initializes a new instance of the <see cref="AuthenticateController"/> class.
        /// </summary>
        /// <param name="dataProtectionProvider">The data protection provider.</param>
        /// <param name="urlHelperFactory">The URL helper factory.</param>
        /// <param name="actionContextAccessor">The action context accessor.</param>
        /// <param name="eventPublisher">The event publisher.</param>
        /// <param name="authenticationService">The authentication service.</param>
        /// <param name="authenticationSchemeProvider">The authentication scheme provider.</param>
        /// <param name="resourceOwnerServices">The resource owner services.</param>
        /// <param name="twoFactorAuthenticationHandler">The two factor authentication handler.</param>
        /// <param name="subjectBuilder">The subject builder.</param>
        /// <param name="authorizationCodeStore">The authorization code store.</param>
        /// <param name="scopeRepository">The scope repository.</param>
        /// <param name="tokenStore">The token store.</param>
        /// <param name="consentRepository">The consent repository.</param>
        /// <param name="confirmationCodeStore">The confirmation code store.</param>
        /// <param name="clientStore">The client store.</param>
        /// <param name="resourceOwnerRepository">The resource owner repository.</param>
        /// <param name="jwksStore"></param>
        /// <param name="accountFilters">The account filters.</param>
        /// <param name="logger">The controller logger.</param>
        /// <param name="runtimeSettings">The runtime settings.</param>
        public AuthenticateController(
            IDataProtectionProvider dataProtectionProvider,
            IUrlHelperFactory urlHelperFactory,
            IActionContextAccessor actionContextAccessor,
            IEventPublisher eventPublisher,
            IAuthenticationService authenticationService,
            IAuthenticationSchemeProvider authenticationSchemeProvider,
            IEnumerable <IAuthenticateResourceOwnerService> resourceOwnerServices,
            ITwoFactorAuthenticationHandler twoFactorAuthenticationHandler,
            ISubjectBuilder subjectBuilder,
            IAuthorizationCodeStore authorizationCodeStore,
            IScopeRepository scopeRepository,
            ITokenStore tokenStore,
            IConsentRepository consentRepository,
            IConfirmationCodeStore confirmationCodeStore,
            IClientStore clientStore,
            IResourceOwnerRepository resourceOwnerRepository,
            IJwksStore jwksStore,
            IEnumerable <AccountFilter> accountFilters,
            ILogger <AuthenticateController> logger,
            RuntimeSettings runtimeSettings)
            : base(
                dataProtectionProvider,
                urlHelperFactory,
                actionContextAccessor,
                eventPublisher,
                authenticationService,
                authenticationSchemeProvider,
                twoFactorAuthenticationHandler,
                authorizationCodeStore,
                consentRepository,
                scopeRepository,
                tokenStore,
                resourceOwnerRepository,
                confirmationCodeStore,
                clientStore,
                jwksStore,
                subjectBuilder,
                accountFilters,
                logger,
                runtimeSettings)
        {
            _eventPublisher = eventPublisher;
            _logger         = logger;
            var services = resourceOwnerServices.ToArray();

            _resourceOwnerServices     = services;
            _localOpenIdAuthentication = new LocalOpenIdUserAuthenticationAction(
                authorizationCodeStore,
                services,
                consentRepository,
                tokenStore,
                scopeRepository,
                clientStore,
                jwksStore,
                eventPublisher,
                logger);
        }
Example #5
0
 /// <summary>
 /// Initializes a new instance of the <see cref="SessionController"/> class.
 /// </summary>
 /// <param name="authenticationService">The authentication service.</param>
 /// <param name="jwksStore">The key store.</param>
 /// <param name="clientRepository">The client repository.</param>
 public SessionController(
     IAuthenticationService authenticationService,
     IJwksStore jwksStore,
     IClientStore clientRepository)
 {
     _authenticationService = authenticationService;
     _jwksStore             = jwksStore;
     _clientRepository      = clientRepository;
 }
 public AuthorizationPolicyValidator(
     IJwksStore jwksStore,
     IResourceSetRepository resourceSetRepository,
     IEventPublisher eventPublisher)
 {
     _authorizationPolicy   = new DefaultAuthorizationPolicy();
     _jwksStore             = jwksStore;
     _resourceSetRepository = resourceSetRepository;
     _eventPublisher        = eventPublisher;
 }
 public ProcessAuthorizationRequest(
     IClientStore clientStore,
     IConsentRepository consentRepository,
     IJwksStore jwksStore,
     ILogger logger)
 {
     _clientStore       = clientStore;
     _consentRepository = consentRepository;
     _jwksStore         = jwksStore;
     _logger            = logger;
 }
Example #8
0
        public static async Task <string?> GenerateIdToken(
            this IClientStore clientStore,
            string clientId,
            JwtPayload jwsPayload,
            IJwksStore jwksStore,
            CancellationToken cancellationToken)
        {
            var client = await clientStore.GetById(clientId, cancellationToken).ConfigureAwait(false);

            return(client == null
                ? null
                : await GenerateIdToken(client, jwsPayload, jwksStore, cancellationToken).ConfigureAwait(false));
        }
Example #9
0
 public GetTokenByRefreshTokenGrantTypeAction(
     IEventPublisher eventPublisher,
     ITokenStore tokenStore,
     IJwksStore jwksRepository,
     IResourceOwnerRepository resourceOwnerRepository,
     IClientStore clientStore)
 {
     _eventPublisher          = eventPublisher;
     _tokenStore              = tokenStore;
     _jwksRepository          = jwksRepository;
     _resourceOwnerRepository = resourceOwnerRepository;
     _clientStore             = clientStore;
     _authenticateClient      = new AuthenticateClient(clientStore, jwksRepository);
 }
 public GetTokenByDeviceAuthorizationTypeAction(
     IDeviceAuthorizationStore deviceAuthorizationStore,
     ITokenStore tokenStore,
     IJwksStore jwksStore,
     IClientStore clientStore,
     IEventPublisher eventPublisher,
     ILogger logger)
 {
     _deviceAuthorizationStore = deviceAuthorizationStore;
     _tokenStore     = tokenStore;
     _jwksStore      = jwksStore;
     _clientStore    = clientStore;
     _eventPublisher = eventPublisher;
     _logger         = logger;
 }
 public GetTokenByAuthorizationCodeGrantTypeAction(
     IAuthorizationCodeStore authorizationCodeStore,
     RuntimeSettings configurationService,
     IClientStore clientStore,
     IEventPublisher eventPublisher,
     ITokenStore tokenStore,
     IJwksStore jwksStore)
 {
     _authorizationCodeStore = authorizationCodeStore;
     _configurationService   = configurationService;
     _authenticateClient     = new AuthenticateClient(clientStore, jwksStore);
     _eventPublisher         = eventPublisher;
     _tokenStore             = tokenStore;
     _jwksStore = jwksStore;
 }
Example #12
0
 public GetTokenByResourceOwnerCredentialsGrantTypeAction(
     IClientStore clientStore,
     IScopeStore scopeRepository,
     ITokenStore tokenStore,
     IJwksStore jwksStore,
     IEnumerable <IAuthenticateResourceOwnerService> resourceOwnerServices,
     IEventPublisher eventPublisher,
     ILogger logger)
 {
     _authenticateClient    = new AuthenticateClient(clientStore, jwksStore);
     _jwtGenerator          = new JwtGenerator(clientStore, scopeRepository, jwksStore, logger);
     _tokenStore            = tokenStore;
     _jwksStore             = jwksStore;
     _resourceOwnerServices = resourceOwnerServices.ToArray();
     _eventPublisher        = eventPublisher;
 }
Example #13
0
 public TokenActions(
     RuntimeSettings simpleAuthOptions,
     IAuthorizationCodeStore authorizationCodeStore,
     IClientStore clientStore,
     IScopeStore scopeRepository,
     IJwksStore jwksStore,
     IResourceOwnerRepository resourceOwnerRepository,
     IEnumerable <IAuthenticateResourceOwnerService> resourceOwnerServices,
     IEventPublisher eventPublisher,
     ITokenStore tokenStore,
     IDeviceAuthorizationStore deviceAuthorizationStore,
     ILogger logger)
 {
     _getTokenByDeviceAuthorizationTypeAction = new GetTokenByDeviceAuthorizationTypeAction(
         deviceAuthorizationStore,
         tokenStore,
         jwksStore,
         clientStore,
         eventPublisher,
         logger);
     _getTokenByResourceOwnerCredentialsGrantType = new GetTokenByResourceOwnerCredentialsGrantTypeAction(
         clientStore,
         scopeRepository,
         tokenStore,
         jwksStore,
         resourceOwnerServices,
         eventPublisher,
         logger);
     _getTokenByAuthorizationCodeGrantTypeAction = new GetTokenByAuthorizationCodeGrantTypeAction(
         authorizationCodeStore,
         simpleAuthOptions,
         clientStore,
         eventPublisher,
         tokenStore,
         jwksStore);
     _getTokenByRefreshTokenGrantTypeAction = new GetTokenByRefreshTokenGrantTypeAction(
         eventPublisher,
         tokenStore,
         jwksStore,
         resourceOwnerRepository,
         clientStore);
     _authenticateClient = new AuthenticateClient(clientStore, jwksStore);
     _revokeTokenAction  = new RevokeTokenAction(clientStore, tokenStore, jwksStore, logger);
     _jwksStore          = jwksStore;
     _eventPublisher     = eventPublisher;
     _tokenStore         = tokenStore;
 }
        public static async Task <Option <GrantedToken> > GenerateToken(
            this IClientStore clientStore,
            IJwksStore jwksStore,
            string clientId,
            string[] scope,
            string issuerName,
            CancellationToken cancellationToken,
            JwtPayload?userInformationPayload = null,
            JwtPayload?idTokenPayload         = null,
            params Claim[] additionalClaims)
        {
            if (string.IsNullOrWhiteSpace(clientId))
            {
                return(new Option <GrantedToken> .Error(new ErrorDetails
                {
                    Title = ErrorCodes.InvalidClient,
                    Detail = SharedStrings.TheClientDoesntExist,
                    Status = HttpStatusCode.NotFound
                }));
            }

            var client = await clientStore.GetById(clientId, cancellationToken).ConfigureAwait(false);

            if (client == null)
            {
                return(new Option <GrantedToken> .Error(new ErrorDetails
                {
                    Title = ErrorCodes.InvalidClient,
                    Detail = SharedStrings.TheClientDoesntExist,
                    Status = HttpStatusCode.NotFound
                }));
            }

            var token = await GenerateToken(
                client,
                jwksStore,
                scope,
                issuerName,
                userInformationPayload,
                idTokenPayload,
                cancellationToken,
                additionalClaims)
                        .ConfigureAwait(false);

            return(new Option <GrantedToken> .Result(token));
        }
Example #15
0
 public AuthorizationActions(
     IAuthorizationCodeStore authorizationCodeStore,
     IClientStore clientStore,
     ITokenStore tokenStore,
     IScopeRepository scopeRepository,
     IConsentRepository consentRepository,
     IJwksStore jwksStore,
     IEventPublisher eventPublisher,
     IEnumerable <IAuthenticateResourceOwnerService> resourceOwnerServices,
     ILogger logger)
 {
     _getAuthorizationCodeOperation = new GetAuthorizationCodeOperation(
         authorizationCodeStore,
         tokenStore,
         scopeRepository,
         clientStore,
         consentRepository,
         jwksStore,
         eventPublisher,
         logger);
     _getTokenViaImplicitWorkflowOperation = new GetTokenViaImplicitWorkflowOperation(
         clientStore,
         consentRepository,
         authorizationCodeStore,
         tokenStore,
         scopeRepository,
         jwksStore,
         eventPublisher,
         logger);
     _getAuthorizationCodeAndTokenViaHybridWorkflowOperation =
         new GetAuthorizationCodeAndTokenViaHybridWorkflowOperation(
             clientStore,
             consentRepository,
             authorizationCodeStore,
             tokenStore,
             scopeRepository,
             jwksStore,
             eventPublisher,
             logger);
     _authorizationCodeGrantTypeParameterValidator =
         new AuthorizationCodeGrantTypeParameterAuthEdpValidator(clientStore, logger);
     _eventPublisher        = eventPublisher;
     _logger                = logger;
     _resourceOwnerServices = resourceOwnerServices.ToArray();
 }
Example #16
0
 public GenerateAuthorizationResponse(
     IAuthorizationCodeStore authorizationCodeStore,
     ITokenStore tokenStore,
     IScopeRepository scopeRepository,
     IClientStore clientStore,
     IConsentRepository consentRepository,
     IJwksStore jwksStore,
     IEventPublisher eventPublisher,
     ILogger logger)
 {
     _authorizationCodeStore = authorizationCodeStore;
     _tokenStore             = tokenStore;
     _jwtGenerator           = new JwtGenerator(clientStore, scopeRepository, jwksStore, logger);
     _eventPublisher         = eventPublisher;
     _clientStore            = clientStore;
     _consentRepository      = consentRepository;
     _jwksStore = jwksStore;
 }
 public AuthenticateResourceOwnerOpenIdAction(
     IAuthorizationCodeStore authorizationCodeStore,
     ITokenStore tokenStore,
     IScopeRepository scopeRepository,
     IConsentRepository consentRepository,
     IClientStore clientStore,
     IJwksStore jwksStore,
     IEventPublisher eventPublisher,
     ILogger logger)
 {
     _authenticateHelper = new AuthenticateHelper(
         authorizationCodeStore,
         tokenStore,
         scopeRepository,
         consentRepository,
         clientStore,
         jwksStore,
         eventPublisher,
         logger);
 }
Example #18
0
        public static async Task <string> GenerateIdToken(
            this Client client,
            JwtPayload jwsPayload,
            IJwksStore jwksStore,
            CancellationToken cancellationToken)
        {
            var handler            = new JwtSecurityTokenHandler();
            var signingCredentials =
                await client.GetSigningCredentials(jwksStore, cancellationToken).ConfigureAwait(false);

            var jwt = handler.CreateEncodedJwt(
                jwsPayload.Iss,
                client.ClientName,
                new ClaimsIdentity(jwsPayload.Claims),
                DateTime.UtcNow,
                DateTime.UtcNow.Add(client.TokenLifetime),
                DateTime.UtcNow,
                signingCredentials.First());

            return(jwt);
        }
Example #19
0
 /// <summary>
 /// Initializes a new instance of the <see cref="ResourceOwnersController"/> class.
 /// </summary>
 /// <param name="settings"></param>
 /// <param name="subjectBuilder"></param>
 /// <param name="resourceOwnerRepository">The resource owner repository.</param>
 /// <param name="tokenStore">The token cache</param>
 /// <param name="jwksRepository"></param>
 /// <param name="clientRepository"></param>
 /// <param name="accountFilters">The account filters.</param>
 /// <param name="eventPublisher">The event publisher.</param>
 public ResourceOwnersController(
     RuntimeSettings settings,
     ISubjectBuilder subjectBuilder,
     IResourceOwnerRepository resourceOwnerRepository,
     ITokenStore tokenStore,
     IJwksStore jwksRepository,
     IClientRepository clientRepository,
     IEnumerable <AccountFilter> accountFilters,
     IEventPublisher eventPublisher)
 {
     _refreshOperation = new GetTokenByRefreshTokenGrantTypeAction(
         eventPublisher,
         tokenStore,
         jwksRepository,
         resourceOwnerRepository,
         clientRepository);
     _resourceOwnerRepository = resourceOwnerRepository;
     _tokenStore       = tokenStore;
     _clientRepository = clientRepository;
     _eventPublisher   = eventPublisher;
     _addUserOperation = new AddUserOperation(settings, resourceOwnerRepository, accountFilters, subjectBuilder, eventPublisher);
 }
Example #20
0
 /// <summary>
 /// Initializes a new instance of the <see cref="TokenController"/> class.
 /// </summary>
 /// <param name="settings">The settings.</param>
 /// <param name="authorizationCodeStore">The authorization code store.</param>
 /// <param name="clientStore">The client store.</param>
 /// <param name="scopeRepository">The scope repository.</param>
 /// <param name="resourceOwnerRepository"></param>
 /// <param name="authenticateResourceOwnerServices">The authenticate resource owner services.</param>
 /// <param name="tokenStore">The token store.</param>
 /// <param name="ticketStore">The ticket store.</param>
 /// <param name="jwksStore"></param>
 /// <param name="resourceSetRepository">The resource set repository.</param>
 /// <param name="deviceAuthorizationStore">The device authorization store.</param>
 /// <param name="eventPublisher">The event publisher.</param>
 /// <param name="logger">The logger.</param>
 public TokenController(
     RuntimeSettings settings,
     IAuthorizationCodeStore authorizationCodeStore,
     IClientStore clientStore,
     IScopeRepository scopeRepository,
     IResourceOwnerRepository resourceOwnerRepository,
     IEnumerable <IAuthenticateResourceOwnerService> authenticateResourceOwnerServices,
     ITokenStore tokenStore,
     ITicketStore ticketStore,
     IJwksStore jwksStore,
     IResourceSetRepository resourceSetRepository,
     IDeviceAuthorizationStore deviceAuthorizationStore,
     IEventPublisher eventPublisher,
     ILogger <TokenController> logger)
 {
     _logger       = logger;
     _tokenActions = new TokenActions(
         settings,
         authorizationCodeStore,
         clientStore,
         scopeRepository,
         jwksStore,
         resourceOwnerRepository,
         authenticateResourceOwnerServices,
         eventPublisher,
         tokenStore,
         deviceAuthorizationStore,
         logger);
     _umaTokenActions = new UmaTokenActions(
         ticketStore,
         settings,
         clientStore,
         scopeRepository,
         tokenStore,
         resourceSetRepository,
         jwksStore,
         eventPublisher,
         logger);
 }
 public LocalOpenIdUserAuthenticationAction(
     IAuthorizationCodeStore authorizationCodeStore,
     IAuthenticateResourceOwnerService[] resourceOwnerServices,
     IConsentRepository consentRepository,
     ITokenStore tokenStore,
     IScopeRepository scopeRepository,
     IClientStore clientStore,
     IJwksStore jwksStore,
     IEventPublisher eventPublisher,
     ILogger logger)
 {
     _resourceOwnerServices = resourceOwnerServices;
     _authenticateHelper    = new AuthenticateHelper(
         authorizationCodeStore,
         tokenStore,
         scopeRepository,
         consentRepository,
         clientStore,
         jwksStore,
         eventPublisher,
         logger);
 }
Example #22
0
 public UmaTokenActions(
     ITicketStore ticketStore,
     RuntimeSettings configurationService,
     IClientStore clientStore,
     IScopeStore scopeRepository,
     ITokenStore tokenStore,
     IResourceSetRepository resourceSetRepository,
     IJwksStore jwksStore,
     IEventPublisher eventPublisher,
     ILogger logger)
 {
     _ticketStore                  = ticketStore;
     _configurationService         = configurationService;
     _authorizationPolicyValidator = new AuthorizationPolicyValidator(
         jwksStore,
         resourceSetRepository,
         eventPublisher);
     _authenticateClient = new AuthenticateClient(clientStore, jwksStore);
     _jwtGenerator       = new JwtGenerator(clientStore, scopeRepository, jwksStore, logger);
     _tokenStore         = tokenStore;
     _eventPublisher     = eventPublisher;
     _logger             = logger;
 }
        public static async Task <GrantedToken> GenerateToken(
            this Client client,
            IJwksStore jwksStore,
            string[] scopes,
            string?issuerName,
            JwtPayload?userInformationPayload   = null,
            JwtPayload?idTokenPayload           = null,
            CancellationToken cancellationToken = default,
            params Claim[] additionalClaims)
        {
            var handler     = new JwtSecurityTokenHandler();
            var scopeString = string.Join(' ', scopes);
            var enumerable  =
                new[]
            {
                new Claim(StandardClaimNames.Scopes, scopeString),
                new Claim(StandardClaimNames.Azp, client.ClientId),
            }.Concat(client.Claims)
            .Concat(additionalClaims)
            .GroupBy(x => x.Type)
            .Select(x => new Claim(x.Key, string.Join(" ", x.Select(y => y.Value))));

            if (idTokenPayload is { Iss : null } && issuerName != null)
Example #24
0
 public DisplayConsentAction(
     IScopeRepository scopeRepository,
     IClientStore clientRepository,
     IConsentRepository consentRepository,
     IAuthorizationCodeStore authorizationCodeStore,
     ITokenStore tokenStore,
     IJwksStore jwksStore,
     IEventPublisher eventPublisher,
     ILogger logger)
 {
     _scopeRepository               = scopeRepository;
     _clientRepository              = clientRepository;
     _consentRepository             = consentRepository;
     _generateAuthorizationResponse = new GenerateAuthorizationResponse(
         authorizationCodeStore,
         tokenStore,
         scopeRepository,
         clientRepository,
         consentRepository,
         jwksStore,
         eventPublisher,
         logger);
 }
Example #25
0
 public AuthenticateHelper(
     IAuthorizationCodeStore authorizationCodeStore,
     ITokenStore tokenStore,
     IScopeRepository scopeRepository,
     IConsentRepository consentRepository,
     IClientStore clientRepository,
     IJwksStore jwksStore,
     IEventPublisher eventPublisher,
     ILogger logger)
 {
     _generateAuthorizationResponse = new GenerateAuthorizationResponse(
         authorizationCodeStore,
         tokenStore,
         scopeRepository,
         clientRepository,
         consentRepository,
         jwksStore,
         eventPublisher,
         logger);
     _consentRepository = consentRepository;
     _clientRepository  = clientRepository;
     _logger            = logger;
 }
Example #26
0
 /// <summary>
 /// Initializes a new instance of the <see cref="ConsentController"/> class.
 /// </summary>
 /// <param name="scopeRepository">The scope repository.</param>
 /// <param name="clientStore">The client store.</param>
 /// <param name="consentRepository">The consent repository.</param>
 /// <param name="dataProtectionProvider">The data protection provider.</param>
 /// <param name="eventPublisher">The event publisher.</param>
 /// <param name="tokenStore">The token store.</param>
 /// <param name="jwksStore">The JWKS store.</param>
 /// <param name="authorizationCodeStore">The authorization code store.</param>
 /// <param name="authenticationService">The authentication service.</param>
 /// <param name="logger">The controller logger.</param>
 public ConsentController(
     IScopeRepository scopeRepository,
     IClientStore clientStore,
     IConsentRepository consentRepository,
     IDataProtectionProvider dataProtectionProvider,
     IEventPublisher eventPublisher,
     ITokenStore tokenStore,
     IJwksStore jwksStore,
     IAuthorizationCodeStore authorizationCodeStore,
     IAuthenticationService authenticationService,
     ILogger <ConsentController> logger)
     : base(authenticationService)
 {
     _dataProtector  = dataProtectionProvider.CreateProtector("Request");
     _clientStore    = clientStore;
     _eventPublisher = eventPublisher;
     _logger         = logger;
     _displayConsent = new DisplayConsentAction(
         scopeRepository,
         clientStore,
         consentRepository,
         authorizationCodeStore,
         tokenStore,
         jwksStore,
         eventPublisher,
         logger);
     _confirmConsent = new ConfirmConsentAction(
         authorizationCodeStore,
         tokenStore,
         consentRepository,
         clientStore,
         scopeRepository,
         jwksStore,
         eventPublisher,
         logger);
 }
Example #27
0
 /// <summary>
 /// Initializes a new instance of the <see cref="AuthenticateClient"/> class.
 /// </summary>
 /// <param name="clientRepository">The client repository.</param>
 /// <param name="jwksStore">The key store.</param>
 public AuthenticateClient(IClientStore clientRepository, IJwksStore jwksStore)
 {
     _clientAssertionAuthentication = new ClientAssertionAuthentication(clientRepository, jwksStore);
     _clientRepository = clientRepository;
 }
Example #28
0
        public static async Task <GrantedTokenValidationResult> CheckGrantedToken(this GrantedToken grantedToken, IJwksStore jwksStore, CancellationToken cancellationToken = default)
        {
            if (grantedToken == null)
            {
                return(new GrantedTokenValidationResult
                {
                    MessageErrorCode = ErrorCodes.InvalidToken,
                    MessageErrorDescription = Strings.TheTokenIsNotValid,
                    IsValid = false
                });
            }

            var expirationDateTime = grantedToken.CreateDateTime.AddSeconds(grantedToken.ExpiresIn);
            var tokenIsExpired     = DateTimeOffset.UtcNow > expirationDateTime;

            if (tokenIsExpired)
            {
                return(new GrantedTokenValidationResult
                {
                    MessageErrorCode = ErrorCodes.InvalidToken,
                    MessageErrorDescription = Strings.TheTokenIsExpired,
                    IsValid = false
                });
            }

            var publicKeys = await jwksStore.GetPublicKeys(cancellationToken).ConfigureAwait(false);

            var handler = new JwtSecurityTokenHandler();
            var validationParameters = new TokenValidationParameters
            {
                ValidateActor     = false,
                ValidAudience     = grantedToken.ClientId,
                ValidateIssuer    = false,
                IssuerSigningKeys = publicKeys.Keys
            };

            try
            {
                handler.ValidateToken(grantedToken.AccessToken, validationParameters, out _);

                return(new GrantedTokenValidationResult {
                    IsValid = true
                });
            }
            catch (Exception exception)
            {
                return(new GrantedTokenValidationResult
                {
                    IsValid = false,
                    MessageErrorCode = exception.Message,
                    MessageErrorDescription = exception.Message
                });
            }
        }
        /// <summary>
        /// Initializes a new instance of the <see cref="AuthenticateController"/> class.
        /// </summary>
        /// <param name="smsClient">The SMS client.</param>
        /// <param name="dataProtectionProvider">The data protection provider.</param>
        /// <param name="urlHelperFactory">The URL helper factory.</param>
        /// <param name="actionContextAccessor">The action context accessor.</param>
        /// <param name="eventPublisher">The event publisher.</param>
        /// <param name="authorizationCodeStore">The authorization code store.</param>
        /// <param name="authenticationService">The authentication service.</param>
        /// <param name="authenticationSchemeProvider">The authentication scheme provider.</param>
        /// <param name="twoFactorAuthenticationHandler">The two factor authentication handler.</param>
        /// <param name="subjectBuilder">The subject builder.</param>
        /// <param name="consentRepository">The consent repository.</param>
        /// <param name="scopeRepository">The scope repository.</param>
        /// <param name="tokenStore">The token store.</param>
        /// <param name="resourceOwnerRepository">The resource owner repository.</param>
        /// <param name="confirmationCodeStore">The confirmation code store.</param>
        /// <param name="clientStore">The client store.</param>
        /// <param name="jwksStore">The JWKS store.</param>
        /// <param name="accountFilters">The account filters.</param>
        /// <param name="logger">The controller logger.</param>
        /// <param name="runtimeSettings">The runtime settings.</param>
        public AuthenticateController(
            ISmsClient smsClient,
            IDataProtectionProvider dataProtectionProvider,
            IUrlHelperFactory urlHelperFactory,
            IActionContextAccessor actionContextAccessor,
            IEventPublisher eventPublisher,
            IAuthorizationCodeStore authorizationCodeStore,
            IAuthenticationService authenticationService,
            IAuthenticationSchemeProvider authenticationSchemeProvider,
            ITwoFactorAuthenticationHandler twoFactorAuthenticationHandler,
            ISubjectBuilder subjectBuilder,
            IConsentRepository consentRepository,
            IScopeRepository scopeRepository,
            ITokenStore tokenStore,
            IResourceOwnerRepository resourceOwnerRepository,
            IConfirmationCodeStore confirmationCodeStore,
            IClientStore clientStore,
            IJwksStore jwksStore,
            IEnumerable <IAccountFilter> accountFilters,
            ILogger <AuthenticateController> logger,
            RuntimeSettings runtimeSettings)
            : base(
                dataProtectionProvider,
                urlHelperFactory,
                actionContextAccessor,
                eventPublisher,
                authenticationService,
                authenticationSchemeProvider,
                twoFactorAuthenticationHandler,
                authorizationCodeStore,
                consentRepository,
                scopeRepository,
                tokenStore,
                resourceOwnerRepository,
                confirmationCodeStore,
                clientStore,
                jwksStore,
                subjectBuilder,
                accountFilters,
                logger,
                runtimeSettings)
        {
            _eventPublisher        = eventPublisher;
            _confirmationCodeStore = confirmationCodeStore;
            _logger           = logger;
            _getUserOperation = new GetUserOperation(resourceOwnerRepository, logger);
            var generateSms = new GenerateAndSendSmsCodeOperation(smsClient, confirmationCodeStore, logger);

            _smsAuthenticationOperation = new SmsAuthenticationOperation(
                runtimeSettings,
                smsClient,
                confirmationCodeStore,
                resourceOwnerRepository,
                subjectBuilder,
                accountFilters.ToArray(),
                eventPublisher,
                logger);
            _validateConfirmationCode = new ValidateConfirmationCodeAction(confirmationCodeStore);
            _authenticateHelper       = new AuthenticateHelper(
                authorizationCodeStore,
                tokenStore,
                scopeRepository,
                consentRepository,
                clientStore,
                jwksStore,
                eventPublisher,
                logger);
            _generateAndSendSmsCodeOperation = generateSms;
        }
 /// <summary>
 /// Initializes a new instance of the <see cref="BaseAuthenticateController"/> class.
 /// </summary>
 /// <param name="dataProtectionProvider">The data protection provider.</param>
 /// <param name="urlHelperFactory">The URL helper factory.</param>
 /// <param name="actionContextAccessor">The action context accessor.</param>
 /// <param name="eventPublisher">The event publisher.</param>
 /// <param name="authenticationService">The authentication service.</param>
 /// <param name="authenticationSchemeProvider">The authentication scheme provider.</param>
 /// <param name="twoFactorAuthenticationHandler">The two factor authentication handler.</param>
 /// <param name="authorizationCodeStore">The authorization code store.</param>
 /// <param name="consentRepository">The consent repository.</param>
 /// <param name="scopeRepository">The scope repository.</param>
 /// <param name="tokenStore">The token store.</param>
 /// <param name="resourceOwnerRepository">The resource owner repository.</param>
 /// <param name="confirmationCodeStore">The confirmation code store.</param>
 /// <param name="clientStore">The client store.</param>
 /// <param name="jwksStore"></param>
 /// <param name="subjectBuilder"></param>
 /// <param name="accountFilters">The account filters.</param>
 /// <param name="logger">The controller logger.</param>
 /// <param name="runtimeSettings">The runtime settings.</param>
 protected BaseAuthenticateController(
     IDataProtectionProvider dataProtectionProvider,
     IUrlHelperFactory urlHelperFactory,
     IActionContextAccessor actionContextAccessor,
     IEventPublisher eventPublisher,
     IAuthenticationService authenticationService,
     IAuthenticationSchemeProvider authenticationSchemeProvider,
     ITwoFactorAuthenticationHandler twoFactorAuthenticationHandler,
     IAuthorizationCodeStore authorizationCodeStore,
     IConsentRepository consentRepository,
     IScopeRepository scopeRepository,
     ITokenStore tokenStore,
     IResourceOwnerRepository resourceOwnerRepository,
     IConfirmationCodeStore confirmationCodeStore,
     IClientStore clientStore,
     IJwksStore jwksStore,
     ISubjectBuilder subjectBuilder,
     IEnumerable <IAccountFilter> accountFilters,
     ILogger logger,
     RuntimeSettings runtimeSettings)
     : base(authenticationService)
 {
     _generateAndSendCode = new GenerateAndSendCodeAction(
         resourceOwnerRepository,
         confirmationCodeStore,
         twoFactorAuthenticationHandler,
         logger);
     _validateConfirmationCode = new ValidateConfirmationCodeAction(confirmationCodeStore);
     _authenticateHelper       = new AuthenticateHelper(
         authorizationCodeStore,
         tokenStore,
         scopeRepository,
         consentRepository,
         clientStore,
         jwksStore,
         eventPublisher,
         logger);
     _authenticateResourceOwnerOpenId = new AuthenticateResourceOwnerOpenIdAction(
         authorizationCodeStore,
         tokenStore,
         scopeRepository,
         consentRepository,
         clientStore,
         jwksStore,
         eventPublisher,
         logger);
     DataProtector   = dataProtectionProvider.CreateProtector("Request");
     _urlHelper      = urlHelperFactory.GetUrlHelper(actionContextAccessor.ActionContext !);
     _eventPublisher = eventPublisher;
     _authenticationSchemeProvider = authenticationSchemeProvider;
     _addUser = new AddUserOperation(
         runtimeSettings,
         resourceOwnerRepository,
         accountFilters,
         subjectBuilder,
         eventPublisher);
     _getUserOperation               = new GetUserOperation(resourceOwnerRepository, logger);
     _updateUserClaimsOperation      = new UpdateUserClaimsOperation(resourceOwnerRepository, logger);
     _runtimeSettings                = runtimeSettings;
     _twoFactorAuthenticationHandler = twoFactorAuthenticationHandler;
     _resourceOwnerRepository        = resourceOwnerRepository;
     _confirmationCodeStore          = confirmationCodeStore;
     _logger = logger;
 }