public override async Task <GrantApplicationReply> GrantApplication(GrantApplicationRequest request, ServerCallContext context)
{
AppUser currentUser = await _userManager.GetUserAsync(context.GetHttpContext().User);
OIDCAppSettings settings = await _authDbContext.OIDCAppSettings
.Where(u => u.ClientId == request.AppId)
// FIXME: add this condition
// .Where(u => u.RedirectUrl == request.RedirectUri)
.Where(u => u.AuthApp.UserGroups.Any(u => u.Members.Contains(currentUser)))
.SingleAsync();
OIDCSession session = new OIDCSession
{
CreationTime = SystemClock.Instance.GetCurrentInstant(),
OIDCAppSettings = settings,
User = currentUser,
Nonce = request.Nonce,
};
_authDbContext.Add(session);
await _authDbContext.SaveChangesAsync();
// TODO: encrypt this
string accessToken = session.Id.ToString();
return(new GrantApplicationReply
{
Success = true,
AccessToken = accessToken,
});
}
public async Task <OidcTokenReply> TokenReply(string code, string client_id, string client_secret)
{
// FIXME: should use time-constant comparison
OIDCSession session = await _authDbContext.OIDCSessions
.Where(o => o.OIDCAppSettings.ClientSecret == client_secret && o.OIDCAppSettings.ClientId == client_id)
.Where(o => o.Id == new Guid(code))
.Include(s => s.User)
.Include(s => s.OIDCAppSettings)
.SingleAsync();
string protocolString = (_httpContextAccessor.HttpContext.Request.IsHttps ? "https://" : "http://");
string issuer = protocolString + _httpContextAccessor.HttpContext.Request.Host;
JwtBuilder jwtBuilder = _jwtFactory.Build();
string json = jwtBuilder
.Issuer(issuer)
.Subject(session.User.Id.ToString())
.AddClaim(ClaimName.Nonce, session.Nonce)
.Audience(session.OIDCAppSettings.ClientId)
.AddHeader(HeaderName.KeyId, "1")
.IssuedAt(DateTime.UtcNow)
.ExpirationTime(DateTime.UtcNow.AddHours(10))
.Encode();
// fixme: tokens should expire
return(new OidcTokenReply
{
AccessToken = code,
TokenType = "Bearer",
RefreshToken = code,
ExpiresIn = 3600,
IdToken = json,
});
}