public async Task <JwsPayload> Unsign(string jws, string clientId, CancellationToken cancellationToken)
{
var client = await _oauthClientRepository.FindOAuthClientById(clientId, cancellationToken);
if (client == null)
{
throw new OAuthException(ErrorCodes.INVALID_CLIENT, string.Format(ErrorMessages.UNKNOWN_CLIENT, clientId));
}
return(await Unsign(jws, client));
}
protected async Task <IActionResult> Authenticate(string returnUrl, string currentAmr, OAuthUser user, bool rememberLogin = false)
{
var unprotectedUrl = Unprotect(returnUrl);
var query = unprotectedUrl.GetQueries().ToJObj();
var acrValues = query.GetAcrValuesFromAuthorizationRequest();
var clientId = query.GetClientIdFromAuthorizationRequest();
var client = (OpenIdClient)await _oauthClientRepository.FindOAuthClientById(clientId);
var acr = await _amrHelper.FetchDefaultAcr(acrValues, client);
string amr;
if (acr == null || string.IsNullOrWhiteSpace(amr = _amrHelper.FetchNextAmr(acr, currentAmr)))
{
var claims = user.ToClaims();
claims.Add(new Claim(ClaimTypes.AuthenticationInstant, DateTime.UtcNow.ToString()));
var claimsIdentity = new ClaimsIdentity(claims, currentAmr);
var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
await HttpContext.SignInAsync(claimsPrincipal, new AuthenticationProperties
{
IsPersistent = rememberLogin
});
return(Redirect(unprotectedUrl));
}
return(RedirectToAction("Index", "Authenticate", new { area = amr, ReturnUrl = returnUrl }));
}
public virtual async Task <IActionResult> GetClient(string id)
{
var client = await _oauthClientQueryRepository.FindOAuthClientById(id);
if (client == null)
{
return(new NotFoundResult());
}
return(new OkObjectResult(client.ToDto()));
}
public virtual async Task <IActionResult> GetClient(string id, CancellationToken cancellationToken)
{
var client = await _oauthClientQueryRepository.FindOAuthClientById(id, cancellationToken);
if (client == null)
{
return(new NotFoundResult());
}
return(new OkObjectResult(client.ToDto(Request.GetAbsoluteUriWithVirtualPath())));
}
public async Task <IActionResult> Index(string returnUrl)
{
if (string.IsNullOrWhiteSpace(returnUrl))
{
return(RedirectToAction("Index", "Errors", new { code = "invalid_request", ReturnUrl = $"{Request.Path}{Request.QueryString}" }));
}
try
{
var unprotectedUrl = _dataProtector.Unprotect(returnUrl);
var query = unprotectedUrl.GetQueries().ToJObj();
var uiLocales = query.GetUILocalesFromAuthorizationRequest();
var cancellationUrl = query.GetRedirectUriFromAuthorizationRequest();
if (!string.IsNullOrWhiteSpace(cancellationUrl))
{
var state = query.GetStateFromAuthorizationRequest();
if (!string.IsNullOrWhiteSpace(state))
{
cancellationUrl = QueryHelpers.AddQueryString(cancellationUrl, AuthorizationRequestParameters.State, state);
}
}
var scopes = query.GetScopesFromAuthorizationRequest();
var claims = query.GetClaimsFromAuthorizationRequest();
var clientId = query.GetClientIdFromAuthorizationRequest();
var oauthClient = await _oauthClientRepository.FindOAuthClientById(clientId);
var defaultLanguage = TranslationHelper.SwitchCulture(uiLocales, _oauthHostOptions.DefaultCulture);
var consent = _userConsentFetcher.BuildFromAuthorizationRequest(query);
var claimDescriptions = new List <string>();
if (claims != null && claims.Any())
{
claimDescriptions = claims.Select(c => c.Name).ToList();
}
return(View(new ConsentsIndexViewModel(
oauthClient.ClientNames.GetTranslation(defaultLanguage, oauthClient.ClientId),
returnUrl,
oauthClient.AllowedScopes.Where(c => scopes.Contains(c.Name)).Select(s => s.Name),
claimDescriptions,
cancellationUrl)));
}
catch (CryptographicException)
{
return(RedirectToAction("Index", "Errors", new { code = "invalid_request", ReturnUrl = $"{Request.Path}{Request.QueryString}" }));
}
}
private async Task <OAuthClient> Validate(JObject jObj)
{
var responseTypes = jObj.GetResponseTypesFromAuthorizationRequest();
var responseMode = jObj.GetResponseModeFromAuthorizationRequest();
var clientId = jObj.GetClientIdFromAuthorizationRequest();
var state = jObj.GetStateFromAuthorizationRequest();
var redirectUri = jObj.GetRedirectUriFromAuthorizationRequest();
if (string.IsNullOrWhiteSpace(clientId))
{
throw new OAuthException(ErrorCodes.INVALID_REQUEST, string.Format(ErrorMessages.MISSING_PARAMETER, AuthorizationRequestParameters.ClientId));
}
if (string.IsNullOrWhiteSpace(state))
{
throw new OAuthException(ErrorCodes.INVALID_REQUEST, string.Format(ErrorMessages.MISSING_PARAMETER, AuthorizationRequestParameters.State));
}
var client = await _oauthClientRepository.FindOAuthClientById(clientId);
if (client == null)
{
throw new OAuthException(ErrorCodes.INVALID_CLIENT, string.Format(ErrorMessages.UNKNOWN_CLIENT, clientId));
}
var redirectionUrls = await client.GetRedirectionUrls(_httpClientFactory);
if (!string.IsNullOrWhiteSpace(redirectUri) && !redirectionUrls.Contains(redirectUri))
{
throw new OAuthException(ErrorCodes.INVALID_REQUEST, string.Format(ErrorMessages.BAD_REDIRECT_URI, redirectUri));
}
if (!string.IsNullOrWhiteSpace(responseMode) && !_oauthResponseModes.Any(o => o.ResponseMode == responseMode))
{
throw new OAuthException(ErrorCodes.UNSUPPORTED_RESPONSE_MODE, string.Format(ErrorMessages.BAD_RESPONSE_MODE, responseMode));
}
var unsupportedResponseTypes = responseTypes.Where(t => !client.ResponseTypes.Contains(t));
if (unsupportedResponseTypes.Any())
{
throw new OAuthException(ErrorCodes.UNSUPPORTED_RESPONSE_TYPE, string.Format(ErrorMessages.BAD_RESPONSE_TYPES_CLIENT, string.Join(",", unsupportedResponseTypes)));
}
return(client);
}
public async Task <OAuthClient> Authenticate(AuthenticateInstruction authenticateInstruction, string issuerName, bool isAuthorizationCodeGrantType = false)
{
if (authenticateInstruction == null)
{
throw new ArgumentNullException(nameof(authenticateInstruction));
}
OAuthClient client = null;
var clientId = TryGettingClientId(authenticateInstruction);
if (!string.IsNullOrWhiteSpace(clientId))
{
client = await _oauthClientRepository.FindOAuthClientById(clientId);
}
if (client == null)
{
throw new OAuthException(ErrorCodes.INVALID_CLIENT, string.Format(ErrorMessages.UNKNOWN_CLIENT, clientId));
}
if (isAuthorizationCodeGrantType)
{
return(client);
}
var tokenEndPointAuthMethod = client.TokenEndPointAuthMethod;
var handler = _handlers.FirstOrDefault(h => h.AuthMethod == tokenEndPointAuthMethod);
if (handler == null)
{
throw new OAuthException(ErrorCodes.INVALID_CLIENT_AUTH, string.Format(ErrorMessages.UNKNOWN_AUTH_METHOD, tokenEndPointAuthMethod));
}
if (!await handler.Handle(authenticateInstruction, client, issuerName).ConfigureAwait(false))
{
throw new OAuthException(ErrorCodes.INVALID_CLIENT_AUTH, ErrorMessages.BAD_CLIENT_CREDENTIAL);
}
return(client);
}
public async Task <IActionResult> Index(string returnUrl, CancellationToken cancellationToken)
{
if (string.IsNullOrWhiteSpace(returnUrl))
{
return(RedirectToAction("Index", "Errors", new { code = "invalid_request", ReturnUrl = $"{Request.Path}{Request.QueryString}" }));
}
try
{
var unprotectedUrl = _dataProtector.Unprotect(returnUrl);
var query = unprotectedUrl.GetQueries().ToJObj();
var cancellationUrl = query.GetRedirectUriFromAuthorizationRequest();
if (!string.IsNullOrWhiteSpace(cancellationUrl))
{
var state = query.GetStateFromAuthorizationRequest();
if (!string.IsNullOrWhiteSpace(state))
{
cancellationUrl = QueryHelpers.AddQueryString(cancellationUrl, AuthorizationRequestParameters.State, state);
}
}
var clientId = query.GetClientIdFromAuthorizationRequest();
var claims = query.GetClaimsFromAuthorizationRequest();
var claimName = User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier);
var consentId = claims.Single(c => c.Name == _openbankingApiOptions.OpenBankingApiConsentClaimName).Values.First();
var oauthClient = await _oauthClientRepository.FindOAuthClientById(clientId, cancellationToken);
var defaultLanguage = CultureInfo.DefaultThreadCurrentUICulture != null ? CultureInfo.DefaultThreadCurrentUICulture.Name : _oauthHostOptions.DefaultCulture;
var claimDescriptions = new List <string>();
if (claims != null && claims.Any())
{
claimDescriptions = claims.Select(c => c.Name).ToList();
}
var consent = await _accountAccessConsentRepository.Get(consentId, cancellationToken);
if (consent == null)
{
_logger.LogError($"Account Access Consent '{consentId}' doesn't exist");
throw new OAuthException(ErrorCodes.INVALID_REQUEST, string.Format(Global.UnknownAccountAccessConsent, consentId));
}
var accounts = await _accountRepository.GetBySubject(claimName.Value, cancellationToken);
return(View(new OpenBankingApiAccountConsentIndexViewModel(
returnUrl,
cancellationUrl,
oauthClient.ClientNames.GetTranslation(defaultLanguage, oauthClient.ClientId),
accounts.Select(a => new OpenBankingApiAccountViewModel
{
Id = a.AggregateId,
AccountSubType = a.AccountSubType.Name,
CashAccounts = a.Accounts.Select(ac => new OpenBankingApiCashAccountViewModel
{
Identification = ac.Identification,
SecondaryIdentification = ac.SecondaryIdentification
})
}).ToList(),
new OpenBankingApiConsentAccountViewModel
{
Id = consent.AggregateId,
ExpirationDateTime = consent.ExpirationDateTime,
Permissions = consent.Permissions.Select(p => p.Name)
})));
}
catch (CryptographicException)
{
return(RedirectToAction("Index", "Errors", new { code = "invalid_request", ReturnUrl = $"{Request.Path}{Request.QueryString}" }));
}
}