public async Task Initiate(string email, string password) { this.email = email.Trim().ToLowerInvariant(); this.password = password; this.request = await Identity.Verify(this.email); }
public async Task <IActionResult> Authenticate([FromForm] IdentityTokenRequest request) { int idSistema = 3; var response = await _RAISHttpClient.Authenticate(request.Username, request.Password, idSistema); if (!response.Success) { var errorMessage = response.Message; return(new JsonResult(errorMessage) { StatusCode = StatusCodes.Status401Unauthorized }); } var authToken = await _tokenProviderService.GetToken(request); if (authToken.Error != null) { return(new JsonResult(authToken) { StatusCode = StatusCodes.Status401Unauthorized }); } var userId = response.Data.idUsuario; var menu = await _RAISHttpClient.GetMenuStructure(userId, idSistema); return(Ok(new { authToken, response, menu })); }
public IdentityTokenResponse PostJSONToken(IdentityTokenRequest token) { IdentityTokenResponse response = new IdentityTokenResponse(); try { IdentityToken identityToken = null; using (DecodedJsonToken decodedToken = JsonTokenDecoder.Decode(token)) { if (decodedToken.IsValid) { identityToken = new IdentityToken(token, decodedToken.Audience, decodedToken.AuthMetadataUri); } } response.token = identityToken; } catch (Exception ex) { response.errorMessage = ex.Message; } return(response); }
public async Task <TokenMintingResponse> MintIdentityTokenAsync(IdentityTokenRequest identityTokenRequest) { var extensionGrantRequest = ToArbitraryIdentityRequest(identityTokenRequest); var result = await _tokenEndpointHandlerExtra.ProcessRawAsync(extensionGrantRequest); return(ToTokenMintingResponse(result)); }
public async Task Initiate(string email, string password) { this.email = email.Trim().ToLowerInvariant(); this.password = password; var search = await Cards.Search(this.email); if (search.Count != 0) { throw new VirgilException("The card with this e-mail was already created"); } this.request = await Identity.Verify(this.email); }
public async Task <IdentityTokenResponse> GetToken(IdentityTokenRequest request) { var parameters = new NameValueCollection { { "username", request.Username }, { "password", request.Password }, { "grant_type", request.GrantType }, { "scope", request.Scope }, { "refresh_token", request.RefreshToken }, { "response_type", OidcConstants.ResponseTypes.Token } }; var response = await GetIdpToken(parameters); return(GetTokenResponse(response)); }
internal ArbitraryIdentityRequest ToArbitraryIdentityRequest(IdentityTokenRequest identityTokenRequest) { Guard.ArgumentNotNull(nameof(identityTokenRequest), identityTokenRequest); var valid = !string.IsNullOrWhiteSpace(_clientId) || !string.IsNullOrWhiteSpace(identityTokenRequest.ClientId); Guard.OperationValid(valid, "all clientId(s) are null!"); var scopesList = identityTokenRequest.Scope.Split(' ').ToList(); var extensionGrantRequest = new ArbitraryIdentityRequest() { ClientId = string.IsNullOrEmpty(identityTokenRequest.ClientId) ? _clientId : identityTokenRequest.ClientId, Scopes = scopesList, Subject = identityTokenRequest.Subject, ArbitraryClaims = identityTokenRequest.ArbitraryClaims, IdentityTokenLifetime = identityTokenRequest.IdentityTokenLifetime?.ToString() }; return(extensionGrantRequest); }
public async Task Initiate(string email, string password) { this.email = email.Trim().ToLowerInvariant(); this.password = password; var search = await Cards.Search(this.email); if (search.Count == 0) { throw new VirgilException("Account doesn't exist"); } this.recipientCard = search .OrderByDescending(it => it.CreatedAt) .FirstOrDefault(); this.state = States.CardFound; this.request = await Identity.Verify(this.email); }
public Task <TokenMintingResponse> MintIdentityTokenAsync(IdentityTokenRequest identityTokenRequest) { throw new NotImplementedException(); }
public async Task <HttpResponseMessage> Validate([FromBody] IdentityTokenRequest token) { //validate the identity token passed from the client IdentityTokenResponse response = new IdentityTokenResponse(); try { //decode and validate the token passed in IdentityToken identityToken = null; using (DecodedJsonToken decodedToken = JsonTokenDecoder.Decode(token)) { if (decodedToken.IsValid) { identityToken = new IdentityToken(token, decodedToken.Audience, decodedToken.AuthMetadataUri); } } response.token = identityToken; //now that the key is validated, we can perform a lookup against DocDB for it's hased value (combination of metadata document URL with the Exchange identifier) if (identityToken != null) { //the token is valid...check if user is valid (has valid refresh token) response.validToken = true; string hash = ComputeSHA256Hash(response.token.uniqueID, response.token.amurl, Salt); response.user = DocumentDBRepository <UserModel> .GetItem("Users", i => i.hash == hash); if (response.user != null) { //check for and validate the refresh token if (!String.IsNullOrEmpty(response.user.refresh_token)) { var graphToken = await TokenHelper.GetAccessTokenWithRefreshToken(response.user.refresh_token, SettingsHelper.O365UnifiedAPIResourceId); if (graphToken != null) { //TODO: get the user details against AAD Graph response.validUser = true; } } } else { //the user doesn't exist, so we can add a placeholder record in the data store...TODO: get more data on user???? response.user = new UserModel() { id = Guid.NewGuid().ToString().ToLower(), hash = hash }; await DocumentDBRepository <UserModel> .CreateItemAsync("Users", response.user); } } else { //this was an invalid token!!!! } } catch (Exception ex) { response.errorMessage = ex.Message; } return(Request.CreateResponse <IdentityTokenResponse>(HttpStatusCode.OK, response)); }
public async Task <List <TokenExchangeResponse> > ProcessExchangeAsync(TokenExchangeRequest tokenExchangeRequest) { if (tokenExchangeRequest.Extras == null || tokenExchangeRequest.Extras.Count == 0) { throw new Exception($"{Name}: We require that extras be populated!"); } List <ValidatedToken> validatedIdentityTokens = new List <ValidatedToken>(); foreach (var item in tokenExchangeRequest.Tokens) { var principal = await _tokenValidator.ValidateTokenAsync(new TokenDescriptor { TokenScheme = item.TokenScheme, Token = item.Token }); var sub = principal.GetSubjectFromPincipal(); if (string.IsNullOrEmpty(sub)) { _summaryLogger.Add("subject", "A subject was not found in the ClaimsPrincipal object!"); throw new Exception("A subject was not found in the ClaimsPrincipal object!"); } validatedIdentityTokens.Add(new ValidatedToken { Token = item.Token, TokenScheme = item.TokenScheme, Principal = principal }); } // for this demo, lets assume all the extras are roles. var roles = tokenExchangeRequest.Extras; roles.Add("user"); ResourceOwnerTokenRequest resourceOwnerTokenRequest = new ResourceOwnerTokenRequest() { AccessTokenLifetime = 3600, ArbitraryClaims = new Dictionary <string, List <string> >() { { "role", roles } }, Scope = "offline_access graphQLPlay", Subject = validatedIdentityTokens[0].Principal.GetSubjectFromPincipal(), ClientId = "arbitrary-resource-owner-client" }; var resourceOwnerResponse = await _tokenMintingService.MintResourceOwnerTokenAsync(resourceOwnerTokenRequest); if (resourceOwnerResponse.IsError) { throw new Exception(resourceOwnerResponse.Error); } var tokenExchangeResponse = new TokenExchangeResponse() { accessToken = new AccessTokenResponse() { hint = nameof(BriarRabbitInProcTokenExchangeHandler), access_token = resourceOwnerResponse.AccessToken, refresh_token = resourceOwnerResponse.RefreshToken, expires_in = resourceOwnerResponse.ExpiresIn, token_type = resourceOwnerResponse.TokenType, authority = $"{_httpContextAssessor.HttpContext.Request.Scheme}://{_httpContextAssessor.HttpContext.Request.Host}", HttpHeaders = new List <HttpHeader> { new HttpHeader() { Name = "x-authScheme", Value = resourceOwnerResponse.Scheme } } } }; IdentityTokenRequest tokenRequest = new IdentityTokenRequest() { IdentityTokenLifetime = 3600, ArbitraryClaims = new Dictionary <string, List <string> >() { { "role", roles } }, Scope = "graphQLPlay", Subject = validatedIdentityTokens[0].Principal.GetSubjectFromPincipal(), ClientId = "arbitrary-resource-owner-client" }; var identityResponse = await _tokenMintingService.MintIdentityTokenAsync(tokenRequest); if (identityResponse.IsError) { throw new Exception(identityResponse.Error); } var identityTokenExchangeResponse = new TokenExchangeResponse() { IdentityToken = new IdentityTokenResponse() { hint = nameof(BriarRabbitInProcTokenExchangeHandler), id_token = identityResponse.IdentityToken, expires_in = identityResponse.ExpiresIn, authority = $"{_httpContextAssessor.HttpContext.Request.Scheme}://{_httpContextAssessor.HttpContext.Request.Host}", HttpHeaders = new List <HttpHeader> { new HttpHeader() { Name = "x-authScheme", Value = identityResponse.Scheme } } } }; return(new List <TokenExchangeResponse>() { new TokenExchangeResponse() { customToken = new CustomTokenResponse() { authority = Guid.NewGuid().ToString(), hint = "briar_rabbit/token-exchange-validator/custom", Type = Guid.NewGuid().ToString(), Token = Guid.NewGuid().ToString(), HttpHeaders = new List <HttpHeader>() { new HttpHeader() { Name = Guid.NewGuid().ToString(), Value = Guid.NewGuid().ToString() } } }, }, identityTokenExchangeResponse, tokenExchangeResponse }); }
public async Task <List <TokenExchangeResponse> > ProcessExchangeAsync( TokenExchangeRequest tokenExchangeRequest, Dictionary <string, List <KeyValuePair <string, string> > > mapOpaqueKeyValuePairs) { var access_token = await GetTokenAsync(); if (string.IsNullOrEmpty(access_token)) { throw new Exception("Unable to fetch client_credentials access_token"); } var headers = new List <HttpHeader>(_externalExchangeRecord.oAuth2_client_credentials.AdditionalHeaders) { new HttpHeader() { Name = "Authorization", Value = $"Bearer {access_token}" }, new HttpHeader() { Name = "Accept", Value = $"application/json" } }; var passThrough = _externalExchangeRecord.MintType == "passThroughHandler"; var externalUrl = passThrough ? _externalExchangeRecord.PassThroughHandler.Url : _externalExchangeRecord.ExternalFinalExchangeHandler.Url; (string content, HttpStatusCode statusCode)responseBag; using (var httpClient = _defaultHttpClientFactory.HttpClient) { responseBag = await Utils.EfficientApiCalls.HttpClientHelpers.PostStreamAsync( _defaultHttpClientFactory.HttpClient, externalUrl, headers, new TokenExchangeRequestPackage(tokenExchangeRequest) { MapOpaqueKeyValuePairs = mapOpaqueKeyValuePairs }, CancellationToken.None); } if (responseBag.statusCode == HttpStatusCode.OK) { if (passThrough) { var passThroughResult = JsonConvert.DeserializeObject <List <TokenExchangeResponse> >(responseBag.content); return(passThroughResult); } else { var tokenExchangeResponses = new List <TokenExchangeResponse>(); var externalExchangeTokenRequests = JsonConvert.DeserializeObject <List <ExternalExchangeTokenResponse> >(responseBag.content); foreach (var externalExchangeResourceOwnerTokenRequest in externalExchangeTokenRequests) { if (externalExchangeResourceOwnerTokenRequest.CustomTokenResponse != null) { var tokenExchangeResponse = new TokenExchangeResponse() { customToken = externalExchangeResourceOwnerTokenRequest.CustomTokenResponse }; tokenExchangeResponses.Add(tokenExchangeResponse); } if (externalExchangeResourceOwnerTokenRequest.ArbitraryIdentityTokenRequest != null) { var arbitraryIdentityTokenRequest = externalExchangeResourceOwnerTokenRequest .ArbitraryIdentityTokenRequest; IdentityTokenRequest tokenRequest = new IdentityTokenRequest() { IdentityTokenLifetime = arbitraryIdentityTokenRequest.IdentityTokenLifetime, ArbitraryClaims = arbitraryIdentityTokenRequest.ArbitraryClaims, Scope = arbitraryIdentityTokenRequest.Scope, Subject = arbitraryIdentityTokenRequest.Subject, ClientId = _externalExchangeRecord.ExternalFinalExchangeHandler.ClientId // configured value }; var response = await _tokenMintingService.MintIdentityTokenAsync(tokenRequest); if (response.IsError) { throw new Exception(response.Error); } var tokenExchangeResponse = new TokenExchangeResponse() { IdentityToken = new IdentityTokenResponse() { hint = arbitraryIdentityTokenRequest.Hint, id_token = response.IdentityToken, expires_in = response.ExpiresIn, authority = $"{_httpContextAssessor.HttpContext.Request.Scheme}://{_httpContextAssessor.HttpContext.Request.Host}", HttpHeaders = arbitraryIdentityTokenRequest.HttpHeaders } }; tokenExchangeResponses.Add(tokenExchangeResponse); } if (externalExchangeResourceOwnerTokenRequest.ArbitraryResourceOwnerTokenRequest != null) { var arbitraryResourceOwnerTokenRequest = externalExchangeResourceOwnerTokenRequest .ArbitraryResourceOwnerTokenRequest; ResourceOwnerTokenRequest resourceOwnerTokenRequest = new ResourceOwnerTokenRequest() { AccessTokenLifetime = arbitraryResourceOwnerTokenRequest.AccessTokenLifetime, ArbitraryClaims = arbitraryResourceOwnerTokenRequest.ArbitraryClaims, Scope = arbitraryResourceOwnerTokenRequest.Scope, Subject = arbitraryResourceOwnerTokenRequest.Subject, ClientId = _externalExchangeRecord.ExternalFinalExchangeHandler.ClientId // configured value }; var response = await _tokenMintingService.MintResourceOwnerTokenAsync(resourceOwnerTokenRequest); if (response.IsError) { throw new Exception(response.Error); } var tokenExchangeResponse = new TokenExchangeResponse() { accessToken = new AccessTokenResponse() { hint = arbitraryResourceOwnerTokenRequest.Hint, access_token = response.AccessToken, refresh_token = response.RefreshToken, expires_in = response.ExpiresIn, token_type = response.TokenType, authority = $"{_httpContextAssessor.HttpContext.Request.Scheme}://{_httpContextAssessor.HttpContext.Request.Host}", HttpHeaders = arbitraryResourceOwnerTokenRequest.HttpHeaders } }; tokenExchangeResponses.Add(tokenExchangeResponse); } } return(tokenExchangeResponses); } } return(null); }