public async Task <IActionResult> Register(RegisterViewModel model, string returnUrl = null)
{
ViewData["ReturnUrl"] = returnUrl;
if (ModelState.IsValid)
{
var client = new OktaClient(new OktaClientConfiguration
{
OktaDomain = this._oktaSettings.OktaDomain,
Token = this._oktaSettings.ApiKey,
});
var user = await client.Users.CreateUserAsync(new CreateUserWithPasswordOptions
{
// User profile object
Profile = new UserProfile
{
FirstName = model.FirstName,
LastName = model.LasttName,
Email = model.Email,
Login = model.Login
},
Password = model.Password,
Activate = true
});
}
return(RedirectToAction("Index", "Home"));
}
public async Task <ActionResult> OnPostSaveConsent()
{
//Write Consent JSON to Okta
//Check with Okta to see if concent is required
string userEmail = GetUserName();
//User is logged in. Check on consent
if (userEmail != "ERROR")
{
//Create a new okta client to get profile data for the user
var client = new OktaClient(new Okta.Sdk.Configuration.OktaClientConfiguration
{
OktaDomain = _globalConfiguration.Okta_Org,
Token = helpers.GetOktaAPIToken()
});
var currentUser = await client.Users.GetUserAsync(userEmail);
//TODO: Clean this crap up
Consent_Version = _globalConfiguration.GDPR_Consent_Version;
currentUser.Profile["consent"] = @"{'Version': '" + Consent_Version + "', 'Date': '" + DateTime.Now + "'}";
var updateResult = await currentUser.UpdateAsync();
return(Redirect("~/"));
}
else
{
return(Redirect("~/"));
}
}
public string FindAppByName()
{
ILog logger = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);
NameValueCollection appSettings = ConfigurationManager.AppSettings;
logger.Debug("FindAppByName ");
string appName = appSettings["custom.StorageAppName"];
//check App profile where help desk credentials are stored
try
{
App myApp = new App();
//myApp.Id = appId;
OktaClient oktaClient = new OktaClient(_orgSettings);
AppsClient appsClient = oktaClient.GetAppsClient();
PagedResults <App> integratedApps = appsClient.GetList(query: appName);
myApp.Id = integratedApps.LastId;
return(myApp.Id);
}
catch (OktaException ex)
{
logger.Error(" ErrorCode: " + ex.ErrorCode + " " + ex.ErrorSummary);
return(null);
}//end catch
}
internal static Models.User CreateUser(OktaClient oktaClient, TestUser dbUser, string strDateSuffix, out string strEx)
{
Models.User oktaUser = null;
strEx = string.Empty;
Assert.IsTrue(RegexUtilities.IsValidEmail(dbUser.Login), string.Format("Okta user login {0} is not valid", dbUser.Login));
Assert.IsTrue(RegexUtilities.IsValidEmail(dbUser.Email), string.Format("Okta user email {0} is not valid", dbUser.Email));
string strUserLogin = dbUser.Login;
try
{
var usersClient = oktaClient.GetUsersClient();
Models.User user = new Models.User(strUserLogin, dbUser.Email, dbUser.FirstName, dbUser.LastName);
Models.User existingUser = usersClient.GetByUsername(strUserLogin);
//in case our user already exists, we create a new user with a "more unique" username attribute
if (existingUser != null)
{
string[] arUserLogin = strUserLogin.Split('@');
//changing the username to make it unique (since it's not yet possible to delete Okta users)
strUserLogin = string.Format("{0}_{1}@{2}", arUserLogin[0], strDateSuffix, arUserLogin[1]);
user = new Models.User(strUserLogin, dbUser.Email, dbUser.FirstName, dbUser.LastName);
}
oktaUser = usersClient.Add(user, dbUser.Activate);
}
catch (OktaException e)
{
strEx = string.Format("Error Code: {0} - Summary: {1} - Message: {2}", e.ErrorCode, e.ErrorSummary, e.Message);
}
return(oktaUser);
}
public async Task <ActionResult> OnPostDeleteProfile()
{
//Tell Okta to delete profile
var client = new OktaClient(new Okta.Sdk.Configuration.OktaClientConfiguration
{
OktaDomain = _globalConfiguration.Okta_Org,
Token = helpers.GetOktaAPIToken()
});
oktaProfile.Email = GetUserName();
var currentUser = await client.Users.GetUserAsync(oktaProfile.Email);
// First, deactivate the user
await currentUser.DeactivateAsync();
// Then delete the user
await currentUser.DeactivateOrDeleteAsync();
// Then, remove cookies
foreach (var cookie in Request.Cookies.Keys)
{
Response.Cookies.Delete(cookie);
}
//Log out
return(Redirect("~/"));
}
/************************
* On Signup Button Post *
************************/
//TODO: Currently no error handling and the user auto activates which means anyone can create as many accounts as desired with no verification.
//TODO: Currently no factor enrollment is supported in API integrations. Use widget demos for now.
public ActionResult OnPostSignup()
{
try
{
var client = new OktaClient(new Okta.Sdk.Configuration.OktaClientConfiguration
{
OktaDomain = _globalConfiguration.Okta_Org,
Token = helpers.GetOktaAPIToken()
});
// Create a user with the specified password
//TODO: Add capcha to protect from spam. Add more profile bits like phone for mfa.
//TODO: Do a check to make sure that the username is unique or there will be a crash
var createUserResponse = client.Users.CreateUserAsync(new CreateUserWithPasswordOptions
{
// User profile object
Profile = new UserProfile
{
FirstName = FirstNameInput,
LastName = LastNameInput,
Email = EmailInput,
Login = UserNameInput
},
Password = PasswordInput,
Activate = true,
}).Result;
}
catch (Exception ex)
{
//TODO: Handle Errors
}
return(Redirect("page-login-api"));
}
/**************************
* Sign Up Submit *
***************************/
public ActionResult OnPostSignup()
{
try
{
var client = new OktaClient(new Okta.Sdk.Configuration.OktaClientConfiguration
{
OktaDomain = Configuration.GetValue <string>("Okta:OktaDomain"),
Token = Configuration.GetValue <string>("Okta:APIToken")
});
// Create a user with the specified password
//TODO: Add capcha to protect from spam. Add more profile bits like phone for mfa. https://blog.davem.dev/2019/03/integrating-google-recaptcha-v2-with.html
//TODO: Do a check to make sure that the username is unique or there will be a crash
var createUserResponse = client.Users.CreateUserAsync(new CreateUserWithPasswordOptions
{
// User profile object
Profile = new UserProfile
{
FirstName = FirstNameInput,
LastName = LastNameInput,
Email = EmailInput,
Login = EmailInput
},
Activate = true,
}).Result;
}
catch (Exception ex)
{
//TODO: Handle Errors
}
return(Redirect("Index?pendingSignUp=true"));
}
internal static Models.Group CreateGroup(OktaClient oktaClient, TestGroup dbGroup, out string strEx)
{
Models.Group oktaGroup = null;
strEx = string.Empty;
string strGroupName = dbGroup.Name;
try
{
var groupsClient = oktaClient.GetGroupsClient();
Models.Group group = new Models.Group(strGroupName, dbGroup.Description);
Models.Group existingGroup = groupsClient.GetByName(strGroupName);
if (existingGroup == null)
{
oktaGroup = groupsClient.Add(group);
}
else
{
strEx = string.Format("Group {0} already exists", existingGroup.Profile.Name);
}
}
catch (OktaException e)
{
strEx = string.Format("Error Code: {0} - Summary: {1} - Message: {2}", e.ErrorCode, e.ErrorSummary, e.Message);
}
return(oktaGroup);
}
protected async void Button3_Click(object sender, EventArgs e)
{
//initialize sdk client and user
var sdkClient = new OktaClient(new OktaClientConfiguration
{
OktaDomain = ConfigurationManager.AppSettings["OktaDomain"].ToString(),
Token = ConfigurationManager.AppSettings["ApiKey"].ToString(),
});
var user = await sdkClient.Users.GetUserAsync(userParam);
//get email factor id
var emailFactor = await user.Factors.FirstOrDefaultAsync(x => x.FactorType == FactorType.Email);
//ask user for otp
var factorRequest = new ActivateFactorRequest()
{
PassCode = TextBox2.Text,
};
//verify otp
var factorResponse = await sdkClient.UserFactors.ActivateFactorAsync(factorRequest, user.Id, emailFactor.Id);
if (factorResponse.Status == "ACTIVE")
{
Response.Redirect("WebForm2.aspx" + "?email=" + TextBox1.Text);
}
else
{
Label1.Text = factorResponse.Status;
}
}
public async Task FailIfStatusCodeIs4xx(HttpStatusCode statusCode)
{
var response = @"{""error"":""invalid_client"",""error_description"":""The audience claim for client_assertion must be the endpoint invoked for the request.""}";
var messageHandler = new MockHttpMessageHandler(response, statusCode);
var httpClient = new HttpClient(messageHandler);
var configuration = new OktaClientConfiguration();
configuration.OktaDomain = "https://myOktaDomain.oktapreview.com";
configuration.AuthorizationMode = AuthorizationMode.PrivateKey;
configuration.ClientId = "foo";
configuration.PrivateKey = TestCryptoKeys.GetMockRSAPrivateKeyConfiguration();
configuration.Scopes = new List <string> {
"foo"
};
var oktaClient = new OktaClient(configuration);
var logger = Substitute.For <ILogger>();
var resourceFactory = new ResourceFactory(oktaClient, logger);
var tokenProvider = new DefaultOAuthTokenProvider(configuration, resourceFactory, httpClient);
Func <Task <string> > function = async() => await tokenProvider.GetAccessTokenAsync();
function.Should().Throw <OktaOAuthException>().Where(x => x.StatusCode == (int)statusCode && x.Error == "invalid_client" && x.ErrorDescription == "The audience claim for client_assertion must be the endpoint invoked for the request.");
}
public async Task FailIfAccessTokenNotFound()
{
var response = @"{""foo"":""bar""}";
var messageHandler = new MockHttpMessageHandler(response, HttpStatusCode.OK);
var httpClient = new HttpClient(messageHandler);
var configuration = new OktaClientConfiguration();
configuration.OktaDomain = "https://myOktaDomain.oktapreview.com";
configuration.AuthorizationMode = AuthorizationMode.PrivateKey;
configuration.ClientId = "foo";
configuration.PrivateKey = TestCryptoKeys.GetMockRSAPrivateKeyConfiguration();
configuration.Scopes = new List <string> {
"foo"
};
var oktaClient = new OktaClient(configuration);
var logger = Substitute.For <ILogger>();
var resourceFactory = new ResourceFactory(oktaClient, logger);
var tokenProvider = new DefaultOAuthTokenProvider(configuration, resourceFactory, httpClient);
Func <Task <string> > function = async() => await tokenProvider.GetAccessTokenAsync();
function.Should().Throw <MissingFieldException>();
}
public async Task EnrollSmsFactor()
{
var oktaClient = new OktaClient();
var guid = Guid.NewGuid();
// MFA Group w/ SMS policy
var groupId = "{groupId}";
var createdUser = await oktaClient.Users.CreateUserAsync(new CreateUserWithPasswordOptions
{
Profile = new UserProfile
{
FirstName = "John",
LastName = "Enroll-SMS",
Email = $"john-enroll-sms-dotnet-authn-{guid}@example.com",
Login = $"john-enroll-sms-dotnet-authn-{guid}@example.com",
},
Password = "******",
Activate = true,
});
try
{
await oktaClient.Groups.AddUserToGroupAsync(groupId, createdUser.Id);
var authnClient = TestAuthenticationClient.Create();
var authnOptions = new AuthenticateOptions()
{
Username = $"john-enroll-sms-dotnet-authn-{guid}@example.com",
Password = "******",
MultiOptionalFactorEnroll = true,
WarnBeforePasswordExpired = true,
};
var authnResponse = await authnClient.AuthenticateAsync(authnOptions);
authnResponse.Should().NotBeNull();
authnResponse.Embedded.GetArrayProperty <Factor>("factors").Should().NotBeNull();
authnResponse.Embedded.GetArrayProperty <Factor>("factors").Should().HaveCountGreaterThan(0);
authnResponse.AuthenticationStatus.Should().Be(AuthenticationStatus.MfaEnroll);
var enrollOptions = new EnrollSmsFactorOptions()
{
PhoneNumber = "+1 415 555 5555",
StateToken = authnResponse.StateToken,
};
authnResponse = await authnClient.EnrollFactorAsync(enrollOptions);
authnResponse.Should().NotBeNull();
authnResponse.AuthenticationStatus.Should().Be(AuthenticationStatus.MfaEnrollActivate);
authnResponse.GetProperty <Factor>("factor").Should().NotBeNull();
authnResponse.GetProperty <Factor>("factor").Profile.GetProperty <string>("phoneNumber").Should().NotBeNullOrEmpty();
}
finally
{
await createdUser.DeactivateAsync();
await createdUser.DeactivateOrDeleteAsync();
}
}
public async Task ReturnAccessTokenWhenRequestSuccess()
{
var response = @"{""token_type"":""Bearer"",""expires_in"":3600,""access_token"":""foo"",""scope"":""okta.users.read okta.users.manage""}";
var messageHandler = new MockHttpMessageHandler(response, HttpStatusCode.OK);
var httpClient = new HttpClient(messageHandler);
var configuration = new OktaClientConfiguration();
configuration.OktaDomain = "https://myOktaDomain.oktapreview.com";
configuration.AuthorizationMode = AuthorizationMode.PrivateKey;
configuration.ClientId = "foo";
configuration.PrivateKey = TestCryptoKeys.GetMockRSAPrivateKeyConfiguration();
configuration.Scopes = new List <string> {
"foo"
};
var oktaClient = new OktaClient(configuration);
var logger = Substitute.For <ILogger>();
var resourceFactory = new ResourceFactory(oktaClient, logger);
var tokenProvider = new DefaultOAuthTokenProvider(configuration, resourceFactory, httpClient);
var token = await tokenProvider.GetAccessTokenAsync();
token.Should().Be("foo");
}
public List <string> GetAllApps()
{
List <string> allAppList = new List <string>();
var client = new OktaClient(new OktaClientConfiguration
{
OktaDomain = _config.GetValue <string>("OktaWeb:OktaDomain"),
Token = _config.GetValue <string>("OktaWeb:ApiToken")
});
var myList = client.Applications.ListApplications().ToListAsync().Result;
//var myList = client.Users.ListAppLinks(oktaId, showAll: true).ToListAsync().Result;
foreach (var item in myList)
{
var temp1 = item.Label.IndexOf("CVS");
if (item.Label.IndexOf("CVS") == 0)
{
//var temp = item.Label;
allAppList.Add(item.Label);
}
}
return(allAppList);
}
private bool CreateSdkUser(string f, string l, string u, string p)
{
try
{
var client = new OktaClient(new OktaClientConfiguration
{
OktaDomain = oktaDomain,
Token = apiKey
});
// Create a user with the specified password
var vader = client.Users.CreateUserAsync(new CreateUserWithPasswordOptions
{
// User profile object
Profile = new UserProfile
{
FirstName = f,
LastName = l,
Email = u,
Login = u,
},
Password = p,
Activate = true,
}).Result;
}
catch
{
return(false);
}
return(true);
}
public async Task CreateProfileUpdateNickNameAndCustomAttribute()
{
var client = new OktaClient(
new OktaClientConfiguration
{
OrgUrl = _orgUrl,
Token = _token
});
var identifier = DateTime.Now.Ticks.ToString();
var email = $"Test_{identifier}@test.com";
var user = await client.Users.CreateUserAsync(
// User with password
new CreateUserWithPasswordOptions
{
// User profile object
Profile = new UserProfile
{
FirstName = $"OktaSdk_FN_{identifier}",
LastName = $"OktaSdk_LN_{identifier}",
Email = email,
Login = email,
["nickName"] = $"OnCreate_{identifier}",
["CrmId"] = $"{identifier}"
},
Password = "******",
Activate = false,
});
user.Profile["nickName"] = $"OnUpdate_{identifier}";
user.Profile["CrmId"] = $"CrmId_{identifier}";
user = await user.UpdateAsync();
}
//Save new password to Okta
public async Task <ActionResult> OnPostSetPassword()
{
if (oktaChangePasswordProfile.NewPassword == oktaChangePasswordProfile.VerifyPassword)
{
//Post password reset to Okta
var client = new OktaClient(new Okta.Sdk.Configuration.OktaClientConfiguration
{
OktaDomain = _globalConfiguration.Okta_Org,
Token = helpers.GetOktaAPIToken()
});
oktaProfile.Email = GetUserName();
var currentUser = await client.Users.GetUserAsync(oktaProfile.Email);
ChangePasswordOptions options = new ChangePasswordOptions {
CurrentPassword = oktaChangePasswordProfile.CurrentPassword, NewPassword = oktaChangePasswordProfile.NewPassword
};
var changePassResult = await currentUser.ChangePasswordAsync(options);
//TODO: Do some error checking here
SuccessMessage = "Your Password Has Been Changed";
bShowSuccessMessage = true;
}
else
{
ErrorMessage = "The Passwords Dont Match";
bShowErrorMessage = true;
}
//TODO Present result / error to user in banner
return(Redirect("page-profile-settings-1"));
}
public async Task NotRetryRequestOnceWhenResponseIsNot401AndAuthorizationModeIsPrivateKeyAsync(HttpStatusCode statusCode)
{
var requestMessageHandler = new MockHttpMessageHandler(string.Empty, statusCode);
var httpClientRequest = new HttpClient(requestMessageHandler);
var configuration = new OktaClientConfiguration();
configuration.OktaDomain = "https://myOktaDomain.oktapreview.com";
configuration.AuthorizationMode = AuthorizationMode.PrivateKey;
configuration.ClientId = "foo";
configuration.PrivateKey = TestCryptoKeys.GetMockRSAPrivateKeyConfiguration();
configuration.Scopes = new List <string> {
"foo"
};
var oktaClient = new OktaClient(configuration);
var logger = Substitute.For <ILogger>();
var resourceFactory = new ResourceFactory(oktaClient, logger);
var tokenResponse = @"{""token_type"":""Bearer"",""expires_in"":3600,""access_token"":""foo"",""scope"":""okta.users.read okta.users.manage""}";
var tokenMessageHandler = new MockHttpMessageHandler(tokenResponse, HttpStatusCode.OK);
var httpClientToken = new HttpClient(tokenMessageHandler);
var tokenProvider = new DefaultOAuthTokenProvider(configuration, resourceFactory, httpClientToken);
var requestExecutor = new DefaultRequestExecutor(configuration, httpClientRequest, logger, new NoRetryStrategy(), tokenProvider);
var response = await requestExecutor.GetAsync("foo", null, default(CancellationToken));
response.StatusCode.Should().Be((int)statusCode);
tokenMessageHandler.NumberOfCalls.Should().Be(1);
requestMessageHandler.NumberOfCalls.Should().Be(1);
}
public UserController(IConfiguration configuration)
{
oktaClient = new OktaClient(new OktaClientConfiguration
{
OktaDomain = configuration["Okta:OktaDomain"],
Token = configuration["Okta:ApiToken"]
});
}
//private string userId;
public UserController()
{
client = new OktaClient(new OktaClientConfiguration
{
OrgUrl = "https://dev-613050.oktapreview.com",
Token = "00irV9xpiSe5upDotwfq6l4wb40JAiL61GdW8ZAV9f"
});
}
public GroupsToRolesTransformer(IOktaSettings settings)
{
client = new OktaClient(new OktaClientConfiguration
{
OktaDomain = settings.OktaDomain,
Token = settings.Token
});
}
public OktaUserStore(IConfiguration configuration, DbContext context, IdentityErrorDescriber describer = null) : base(context, describer)
{
oktaClient = new OktaClient(new OktaClientConfiguration
{
OktaDomain = configuration["Okta:Domain"],
Token = configuration["Okta:ApiToken"]
});
}
public HomeController()
{
//TODO appsettings.json (inject config object)
client = new OktaClient(new OktaClientConfiguration
{
OrgUrl = "https://your-okta-host-url", //e.g. https://your-hostname.oktapreview.com
Token = "your-okta-api-key"
});
}
// TODO: SETUP DEPENDENCY INJECTION
public UsersController(IConfiguration config)
{
Config = config;
Client = new OktaClient(new OktaClientConfiguration
{
OktaDomain = Config["Okta:OktaDomain"],
Token = Config["Okta:ApiKey"]
});
}
private static void GetUserTest(string id)
{
var user = new OktaClient().GetUserAsync(id).GetAwaiter().GetResult();
Console.WriteLine("User (searching on '" + id + "'):");
WriteUser(user);
Console.WriteLine("===============================");
Console.WriteLine(string.Empty);
}
public static void CreateUser()
{
oktaTenantUrl = ConfigurationManager.AppSettings["OktaTenantUrl"];
oktaApiKey = ConfigurationManager.AppSettings["OktaApiKey"];
oktaUserLogin = ConfigurationManager.AppSettings["NewUserLogin"];
oktaUserEmail = ConfigurationManager.AppSettings["NewUserEmail"];
Console.WriteLine("\r\nWelcome to the {0} Okta organization.\r\n", oktaTenantUrl);
//A valid Api Key IS necessary when using the generic Okta Client (a convenience client to create other clients)
if (!string.IsNullOrWhiteSpace(oktaApiKey))
{
oktaClient = new OktaClient(oktaApiKey, new Uri(oktaTenantUrl));
//the OktaClient object can be used to instantiate other clients such as the UsersClient object (to manage Okta users)
usersClient = oktaClient.GetUsersClient();
}
try
{
if (string.IsNullOrEmpty(oktaUserLogin))
{
Console.Write("Please enter the login of the new user (as an email address) and press Enter: ");
oktaUserLogin = Console.ReadLine();
}
if (string.IsNullOrEmpty(oktaUserEmail))
{
Console.Write("Please enter the email address for your new user and press Enter: ");
oktaUserEmail = Console.ReadLine();
}
//create the Okta user
User newUser = new User(oktaUserLogin, oktaUserEmail, "First Name", "Last Name");
//this is what you would do to set a custom attribute on the Okta user's profile
newUser.Profile.SetProperty("employeeNumber", "1234");
//Activating the user though the API will trigger an email to the user's primary email (i.e. oktaUserEmail)
usersClient.Add(newUser, true);
Console.WriteLine("An activation email to {0} is on its way!", oktaUserEmail);
}
catch (OktaException oex)
{
Console.WriteLine(oex.ErrorCode + ":" + oex.ErrorSummary);
Console.ReadKey();
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
Console.ReadKey();
throw;
}
}
private static void UpdateUserProfileTest(string email)
{
var user = new OktaClient().GetUserAsync(email).GetAwaiter().GetResult();
user.Profile.FirstName = "Kyle";
Console.WriteLine("Attempting to update with email '" + email + "'...");
var updatedUser = new OktaClient().UpdateUserProfileAsync(user).GetAwaiter().GetResult();
WriteUser(updatedUser);
}
public AccountController(IConfiguration configuration, IFido2 fido2)
{
this.fido2 = fido2;
oktaClient = new OktaClient(new OktaClientConfiguration
{
OktaDomain = configuration["Okta:Domain"],
Token = configuration["Okta:ApiToken"]
});
}
public void ThrowForNullTokenWhenAuthorizationModeIsSSWS()
{
Assert.Throws <ArgumentNullException>(() =>
{
var client = new OktaClient(new OktaClientConfiguration
{
OktaDomain = "https://dev-12345.oktapreview.com",
Token = string.Empty,
});
});
}
public void ThrowForNullOktaDomain()
{
Assert.Throws <ArgumentNullException>(() =>
{
var client = new OktaClient(new OktaClientConfiguration
{
OktaDomain = string.Empty,
Token = "foobar",
});
});
}
