protected override async Task <AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens) { log.LogDebug("CreateTicketAsync called"); var request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.AccessToken); var response = await Backchannel.SendAsync(request, Context.RequestAborted); response.EnsureSuccessStatusCode(); var payload = JObject.Parse(await response.Content.ReadAsStringAsync()); var notification = new OAuthAuthenticatedContext(Context, Options, Backchannel, tokens, payload) { Properties = properties, Principal = new ClaimsPrincipal(identity) }; var identifier = MicrosoftAccountAuthenticationHelper.GetId(payload); if (!string.IsNullOrEmpty(identifier)) { identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, identifier, ClaimValueTypes.String, Options.ClaimsIssuer)); identity.AddClaim(new Claim("urn:microsoftaccount:id", identifier, ClaimValueTypes.String, Options.ClaimsIssuer)); } var name = MicrosoftAccountAuthenticationHelper.GetName(payload); if (!string.IsNullOrEmpty(name)) { identity.AddClaim(new Claim(ClaimTypes.Name, name, ClaimValueTypes.String, Options.ClaimsIssuer)); identity.AddClaim(new Claim("urn:microsoftaccount:name", name, ClaimValueTypes.String, Options.ClaimsIssuer)); } var email = MicrosoftAccountAuthenticationHelper.GetEmail(payload); if (!string.IsNullOrEmpty(email)) { identity.AddClaim(new Claim(ClaimTypes.Email, email, ClaimValueTypes.String, Options.ClaimsIssuer)); } await Options.Notifications.Authenticated(notification); ISiteSettings site = siteResolver.Resolve(); if (site != null) { Claim siteGuidClaim = new Claim("SiteGuid", site.SiteGuid.ToString()); if (!identity.HasClaim(siteGuidClaim.Type, siteGuidClaim.Value)) { identity.AddClaim(siteGuidClaim); } } //return new AuthenticationTicket(notification.Principal, notification.Properties, notification.Options.AuthenticationScheme); return(new AuthenticationTicket(notification.Principal, notification.Properties, AuthenticationScheme.External)); }
protected override async Task <AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens) { var notification = new OAuthAuthenticatedContext(Context, Options, Backchannel, tokens) { Properties = properties, Principal = new ClaimsPrincipal(identity) }; var user = tokens.Response["user"]; var userId = user["id"]?.ToString(); if (userId != null) { identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, userId, ClaimValueTypes.String, Options.ClaimsIssuer)); } var username = user["username"]?.ToString(); if (username != null) { identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, username, ClaimValueTypes.String, Options.ClaimsIssuer)); } var fullname = user["full_name"]?.ToString(); if (fullname != null) { identity.AddClaim(new Claim("urn:instagram:full_name", fullname, ClaimValueTypes.String, Options.ClaimsIssuer)); } var profilePic = user["profile_picture"]?.ToString(); if (profilePic != null) { identity.AddClaim(new Claim("urn:instagram:profile_picture", profilePic, ClaimValueTypes.String, Options.ClaimsIssuer)); } var website = user["website"]?.ToString(); if (website != null) { identity.AddClaim(new Claim("urn:instagram:website", website, ClaimValueTypes.String, Options.ClaimsIssuer)); } await Options.Notifications.Authenticated(notification); return(new AuthenticationTicket(notification.Principal, notification.Properties, notification.Options.AuthenticationScheme)); }
internal static async Task OnAuthenticated(OAuthAuthenticatedContext context) { if (context.Principal != null) { Helpers.ThrowIfConditionFailed(() => context.AccessToken == "ValidAccessToken", "Access token is not valid"); Helpers.ThrowIfConditionFailed(() => context.RefreshToken == "ValidRefreshToken", "Refresh token is not valid"); Helpers.ThrowIfConditionFailed(() => GoogleAuthenticationHelper.GetEmail(context.User) == "*****@*****.**", "Email is not valid"); Helpers.ThrowIfConditionFailed(() => GoogleAuthenticationHelper.GetId(context.User) == "106790274378320830963", "Id is not valid"); Helpers.ThrowIfConditionFailed(() => GoogleAuthenticationHelper.GetFamilyName(context.User) == "AspnetvnextTest", "FamilyName is not valid"); Helpers.ThrowIfConditionFailed(() => GoogleAuthenticationHelper.GetName(context.User) == "AspnetvnextTest AspnetvnextTest", "Name is not valid"); Helpers.ThrowIfConditionFailed(() => context.ExpiresIn.Value == TimeSpan.FromSeconds(1200), "ExpiresIn is not valid"); Helpers.ThrowIfConditionFailed(() => context.User != null, "User object is not valid"); context.Principal.Identities.First().AddClaim(new Claim("ManageStore", "false")); } await Task.FromResult(0); }
internal static async Task OnAuthenticated(OAuthAuthenticatedContext context) { if (context.Principal != null) { Helpers.ThrowIfConditionFailed(() => context.AccessToken == "ValidAccessToken", "Access token is not valid"); Helpers.ThrowIfConditionFailed(() => context.RefreshToken == "ValidRefreshToken", "Refresh token is not valid"); Helpers.ThrowIfConditionFailed(() => MicrosoftAccountAuthenticationHelper.GetFirstName(context.User) == "AspnetvnextTest", "Email is not valid"); Helpers.ThrowIfConditionFailed(() => MicrosoftAccountAuthenticationHelper.GetLastName(context.User) == "AspnetvnextTest", "Email is not valid"); Helpers.ThrowIfConditionFailed(() => MicrosoftAccountAuthenticationHelper.GetId(context.User) == "fccf9a24999f4f4f", "Id is not valid"); Helpers.ThrowIfConditionFailed(() => MicrosoftAccountAuthenticationHelper.GetName(context.User) == "AspnetvnextTest AspnetvnextTest", "Name is not valid"); Helpers.ThrowIfConditionFailed(() => context.ExpiresIn.Value == TimeSpan.FromSeconds(3600), "ExpiresIn is not valid"); Helpers.ThrowIfConditionFailed(() => context.User != null, "User object is not valid"); Helpers.ThrowIfConditionFailed(() => MicrosoftAccountAuthenticationHelper.GetId(context.User) == context.User.SelectToken("id").ToString(), "User id is not valid"); context.Principal.Identities.First().AddClaim(new Claim("ManageStore", "false")); } await Task.FromResult(0); }
internal static async Task OnAuthenticated(OAuthAuthenticatedContext context) { if (context.Principal != null) { Helpers.ThrowIfConditionFailed(() => context.AccessToken == "ValidAccessToken", ""); Helpers.ThrowIfConditionFailed(() => FacebookAuthenticationHelper.GetEmail(context.User) == "*****@*****.**", ""); Helpers.ThrowIfConditionFailed(() => FacebookAuthenticationHelper.GetId(context.User) == "Id", ""); Helpers.ThrowIfConditionFailed(() => FacebookAuthenticationHelper.GetLink(context.User) == "https://www.facebook.com/myLink", ""); Helpers.ThrowIfConditionFailed(() => FacebookAuthenticationHelper.GetName(context.User) == "AspnetvnextTest AspnetvnextTest", ""); Helpers.ThrowIfConditionFailed(() => FacebookAuthenticationHelper.GetUserName(context.User) == "AspnetvnextTest.AspnetvnextTest.7", ""); Helpers.ThrowIfConditionFailed(() => context.User.SelectToken("id").ToString() == FacebookAuthenticationHelper.GetId(context.User), ""); Helpers.ThrowIfConditionFailed(() => context.ExpiresIn.Value == TimeSpan.FromSeconds(100), ""); Helpers.ThrowIfConditionFailed(() => context.AccessToken == "ValidAccessToken", ""); context.Principal.Identities.First().AddClaim(new Claim("ManageStore", "false")); } await Task.FromResult(0); }
protected virtual async Task <AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens) { log.LogDebug("CreateTicketAsync called"); var notification = new OAuthAuthenticatedContext(Context, Options, Backchannel, tokens) { Principal = new ClaimsPrincipal(identity), Properties = properties }; await Options.Notifications.Authenticated(notification); if (notification.Principal?.Identity == null) { return(null); } return(new AuthenticationTicket(notification.Principal, notification.Properties, Options.AuthenticationScheme)); }
protected override async Task <AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens) { var notification = new OAuthAuthenticatedContext(Context, Options, Backchannel, tokens) { Properties = properties, Principal = new ClaimsPrincipal(identity) }; var userId = tokens.Response["user_id"]?.ToString(); if (userId != null) { identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, userId, ClaimValueTypes.String, Options.ClaimsIssuer)); } await Options.Notifications.Authenticated(notification); return(new AuthenticationTicket(notification.Principal, notification.Properties, notification.Options.AuthenticationScheme)); }
protected override async Task <AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens) { // Load the battlenet user info var request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint + "?access_token=" + tokens.AccessToken); var response = await Backchannel.SendAsync(request, Context.RequestAborted); response.EnsureSuccessStatusCode(); var payload = JObject.Parse(await response.Content.ReadAsStringAsync()); var notification = new OAuthAuthenticatedContext(Context, Options, Backchannel, tokens, payload) { Properties = properties, Principal = new ClaimsPrincipal(identity) }; var id = BattlenetAuthenticationHelper.GetId(payload); if (!string.IsNullOrEmpty(id)) { identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, id, ClaimValueTypes.Integer, Options.ClaimsIssuer)); } var battletag = BattlenetAuthenticationHelper.GetBattletag(payload); if (!string.IsNullOrEmpty(battletag)) { identity.AddClaim(new Claim(ClaimTypes.Name, battletag, ClaimValueTypes.String, Options.ClaimsIssuer)); identity.AddClaim(new Claim(BattlenetAuthenticationDefaults.BattletagClaimType, battletag, ClaimValueTypes.String, Options.ClaimsIssuer)); } await Options.Notifications.Authenticated(notification); return(new AuthenticationTicket(notification.Principal, notification.Properties, notification.Options.AuthenticationScheme)); }
protected override async Task <AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens) { log.LogDebug("CreateTicketAsync called"); //Options.AuthenticationScheme = AuthenticationScheme.External; var endpoint = QueryHelpers.AddQueryString(Options.UserInformationEndpoint, "access_token", tokens.AccessToken); if (Options.SendAppSecretProof) { endpoint = QueryHelpers.AddQueryString(endpoint, "appsecret_proof", GenerateAppSecretProof(tokens.AccessToken)); } var response = await Backchannel.GetAsync(endpoint, Context.RequestAborted); response.EnsureSuccessStatusCode(); var payload = JObject.Parse(await response.Content.ReadAsStringAsync()); var notification = new OAuthAuthenticatedContext(Context, Options, Backchannel, tokens, payload) { Properties = properties, Principal = new ClaimsPrincipal(identity) }; var identifier = FacebookAuthenticationHelper.GetId(payload); if (!string.IsNullOrEmpty(identifier)) { log.LogDebug("CreateTicketAsync FacebookAuthenticationHelper.GetId(payload) " + identifier); identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, identifier, ClaimValueTypes.String, Options.ClaimsIssuer)); } var userName = FacebookAuthenticationHelper.GetUserName(payload); if (!string.IsNullOrEmpty(userName)) { log.LogDebug("CreateTicketAsync FacebookAuthenticationHelper.GetUserName(payload) " + userName); identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, userName, ClaimValueTypes.String, Options.ClaimsIssuer)); } var email = FacebookAuthenticationHelper.GetEmail(payload); if (!string.IsNullOrEmpty(email)) { log.LogDebug("CreateTicketAsync FacebookAuthenticationHelper.GetEmail(payload) " + email); identity.AddClaim(new Claim(ClaimTypes.Email, email, ClaimValueTypes.String, Options.ClaimsIssuer)); } var name = FacebookAuthenticationHelper.GetName(payload); if (!string.IsNullOrEmpty(name)) { log.LogDebug("CreateTicketAsync FacebookAuthenticationHelper.GetName(payload) " + name); identity.AddClaim(new Claim("urn:facebook:name", name, ClaimValueTypes.String, Options.ClaimsIssuer)); // Many Facebook accounts do not set the UserName field. Fall back to the Name field instead. if (string.IsNullOrEmpty(userName)) { identity.AddClaim(new Claim(identity.NameClaimType, name, ClaimValueTypes.String, Options.ClaimsIssuer)); } } var link = FacebookAuthenticationHelper.GetLink(payload); if (!string.IsNullOrEmpty(link)) { log.LogDebug("CreateTicketAsync FacebookAuthenticationHelper.GetLink(payload) " + link); identity.AddClaim(new Claim("urn:facebook:link", link, ClaimValueTypes.String, Options.ClaimsIssuer)); } log.LogDebug("CreateTicketAsync notification.Options.AuthenticationScheme " + notification.Options.AuthenticationScheme); await Options.Notifications.Authenticated(notification); ISiteSettings site = siteResolver.Resolve(); if (site != null) { Claim siteGuidClaim = new Claim("SiteGuid", site.SiteGuid.ToString()); if (!identity.HasClaim(siteGuidClaim.Type, siteGuidClaim.Value)) { identity.AddClaim(siteGuidClaim); } } log.LogDebug("CreateTicketAsync notification.Principal " + notification.Principal.Identity.Name.ToString()); //https://github.com/aspnet/Security/blob/dev/src/Microsoft.AspNet.Authentication/AuthenticationTicket.cs //return new AuthenticationTicket(notification.Principal, notification.Properties, notification.Options.AuthenticationScheme); return(new AuthenticationTicket(notification.Principal, notification.Properties, AuthenticationScheme.External)); }
protected override async Task <AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens) { // Get the Google user var request = new HttpRequestMessage(HttpMethod.Get, Options.UserInformationEndpoint); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.AccessToken); var response = await Backchannel.SendAsync(request, Context.RequestAborted); response.EnsureSuccessStatusCode(); var payload = JObject.Parse(await response.Content.ReadAsStringAsync()); var notification = new OAuthAuthenticatedContext(Context, Options, Backchannel, tokens, payload) { Properties = properties, Principal = new ClaimsPrincipal(identity) }; var identifier = GoogleAuthenticationHelper.GetId(payload); if (!string.IsNullOrEmpty(identifier)) { identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, identifier, ClaimValueTypes.String, Options.ClaimsIssuer)); } var givenName = GoogleAuthenticationHelper.GetGivenName(payload); if (!string.IsNullOrEmpty(givenName)) { identity.AddClaim(new Claim(ClaimTypes.GivenName, givenName, ClaimValueTypes.String, Options.ClaimsIssuer)); } var familyName = GoogleAuthenticationHelper.GetFamilyName(payload); if (!string.IsNullOrEmpty(familyName)) { identity.AddClaim(new Claim(ClaimTypes.Surname, familyName, ClaimValueTypes.String, Options.ClaimsIssuer)); } var name = GoogleAuthenticationHelper.GetName(payload); if (!string.IsNullOrEmpty(name)) { identity.AddClaim(new Claim(ClaimTypes.Name, name, ClaimValueTypes.String, Options.ClaimsIssuer)); } var email = GoogleAuthenticationHelper.GetEmail(payload); if (!string.IsNullOrEmpty(email)) { identity.AddClaim(new Claim(ClaimTypes.Email, email, ClaimValueTypes.String, Options.ClaimsIssuer)); } var profile = GoogleAuthenticationHelper.GetProfile(payload); if (!string.IsNullOrEmpty(profile)) { identity.AddClaim(new Claim("urn:google:profile", profile, ClaimValueTypes.String, Options.ClaimsIssuer)); } await Options.Notifications.Authenticated(notification); return(new AuthenticationTicket(notification.Principal, notification.Properties, notification.Options.AuthenticationScheme)); }
/// <summary> /// Invoked after the provider successfully authenticates a user. /// </summary> /// <param name="context">Contains information about the login session as well as the user <see cref="ClaimsIdentity"/>.</param> /// <returns>A <see cref="Task"/> representing the completed operation.</returns> public virtual Task Authenticated(OAuthAuthenticatedContext context) => OnAuthenticated(context);
protected override async Task <AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens) { var endpoint = Options.UserInformationEndpoint + "?access_token=" + UrlEncoder.UrlEncode(tokens.AccessToken); if (Options.SendAppSecretProof) { endpoint += "&appsecret_proof=" + GenerateAppSecretProof(tokens.AccessToken); } var response = await Backchannel.GetAsync(endpoint, Context.RequestAborted); response.EnsureSuccessStatusCode(); var payload = JObject.Parse(await response.Content.ReadAsStringAsync()); var notification = new OAuthAuthenticatedContext(Context, Options, Backchannel, tokens, payload) { Properties = properties, Principal = new ClaimsPrincipal(identity) }; var identifier = FacebookAuthenticationHelper.GetId(payload); if (!string.IsNullOrEmpty(identifier)) { identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, identifier, ClaimValueTypes.String, Options.ClaimsIssuer)); } var userName = FacebookAuthenticationHelper.GetUserName(payload); if (!string.IsNullOrEmpty(userName)) { identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, userName, ClaimValueTypes.String, Options.ClaimsIssuer)); } var email = FacebookAuthenticationHelper.GetEmail(payload); if (!string.IsNullOrEmpty(email)) { identity.AddClaim(new Claim(ClaimTypes.Email, email, ClaimValueTypes.String, Options.ClaimsIssuer)); } var name = FacebookAuthenticationHelper.GetName(payload); if (!string.IsNullOrEmpty(name)) { identity.AddClaim(new Claim("urn:facebook:name", name, ClaimValueTypes.String, Options.ClaimsIssuer)); // Many Facebook accounts do not set the UserName field. Fall back to the Name field instead. if (string.IsNullOrEmpty(userName)) { identity.AddClaim(new Claim(identity.NameClaimType, name, ClaimValueTypes.String, Options.ClaimsIssuer)); } } var link = FacebookAuthenticationHelper.GetLink(payload); if (!string.IsNullOrEmpty(link)) { identity.AddClaim(new Claim("urn:facebook:link", link, ClaimValueTypes.String, Options.ClaimsIssuer)); } await Options.Notifications.Authenticated(notification); return(new AuthenticationTicket(notification.Principal, notification.Properties, notification.Options.AuthenticationScheme)); }