private static async Task <SessionAuthorizationTransaction> GenerateTransaction(
IJSRuntime jsRuntime,
OpenId.Models.AuthorizeOptions authorizeOptions,
bool responseTypeIncludesIdToken)
{
string lastUsedConnection = string.IsNullOrEmpty(authorizeOptions.Realm) ? authorizeOptions.Connection : authorizeOptions.Realm;
string appState = string.IsNullOrEmpty(authorizeOptions.AppState) ? Auth0.CommonAuthentication.GenerateNonce(authorizeOptions.KeyLength) : authorizeOptions.AppState;
authorizeOptions.State = string.IsNullOrEmpty(authorizeOptions.State) ? Auth0.CommonAuthentication.GenerateNonce(authorizeOptions.KeyLength) : authorizeOptions.State;
string nonce = responseTypeIncludesIdToken ? string.IsNullOrEmpty(authorizeOptions.Nonce) ? Auth0.CommonAuthentication.GenerateNonce(authorizeOptions.KeyLength) : authorizeOptions.Nonce : null;
SessionAuthorizationTransaction transaction = new SessionAuthorizationTransaction()
{
Nonce = nonce,
AppState = appState,
State = authorizeOptions.State,
CodeVerifier = authorizeOptions.CodeVerifier,
RedirectUri = authorizeOptions.RedirectUri,
Connnection = lastUsedConnection,
};
await Storage.SetItem(
jsRuntime,
$"{authorizeOptions.Namespace}{authorizeOptions.State}",
transaction
).ConfigureAwait(false);
return(transaction);
}
/// <summary>
/// Builds the an authorization URI.
/// </summary>
/// <param name="buildAuthorizedUrlOptions">A <see cref="AuthorizeOptions"/> param.</param>
/// <returns>An <see cref="string"/> representing an authorization URI.</returns>
public static string BuildAuthorizeUrl(OpenId.Models.AuthorizeOptions buildAuthorizedUrlOptions)
{
if (buildAuthorizedUrlOptions is null)
{
throw new ArgumentNullException(nameof(buildAuthorizedUrlOptions));
}
Utils.ValidateObject(buildAuthorizedUrlOptions);
var responseType = Auth0.CommonAuthentication.ParseResponseType(buildAuthorizedUrlOptions.ResponseType);
var responseMode = Auth0.CommonAuthentication.ParseResponseMode(buildAuthorizedUrlOptions.ResponseMode);
var query = new QueryString();
query = query.Add("response_type", responseType);
query = query.Add("state", buildAuthorizedUrlOptions.State);
query = query.Add("nonce", buildAuthorizedUrlOptions.Nonce);
query = query.Add("client_id", buildAuthorizedUrlOptions.ClientID);
query = query.Add("scope", buildAuthorizedUrlOptions.Scope);
if (buildAuthorizedUrlOptions.CodeChallengeMethod != CodeChallengeMethods.None)
{
var codechallengeMethod = Auth0.CommonAuthentication.ParseCodeChallengeMethod(buildAuthorizedUrlOptions.CodeChallengeMethod);
query = query.Add("code_challenge_method", codechallengeMethod);
query = query.Add("code_challenge", buildAuthorizedUrlOptions.CodeChallenge);
}
if (!string.IsNullOrEmpty(buildAuthorizedUrlOptions.Connection))
{
query = query.Add("connection", buildAuthorizedUrlOptions.Connection);
}
if (!string.IsNullOrEmpty(buildAuthorizedUrlOptions.Audience))
{
query = query.Add("audience", buildAuthorizedUrlOptions.Audience);
}
if (!string.IsNullOrEmpty(responseMode))
{
query = query.Add("response_mode", responseMode);
}
query = query.Add("redirect_uri", buildAuthorizedUrlOptions.RedirectUri);
var uriBuilder = new UriBuilder()
{
Scheme = buildAuthorizedUrlOptions.AuthorizeEndpoint.Scheme,
Host = buildAuthorizedUrlOptions.AuthorizeEndpoint.Host,
Path = buildAuthorizedUrlOptions.AuthorizeEndpoint.PathAndQuery,
Query = query.ToUriComponent(),
};
return(uriBuilder.Uri.AbsoluteUri);
}
/// <summary>
/// Process a new Authentication trasanction.
/// </summary>
/// <param name="jsRuntime">The <see cref="IJSRuntime"/> instance.</param>
/// <param name="authorizeOptions">The <see cref="AuthorizeOptions"/> instance.</param>
/// <returns>A <see cref="Task{TResult}"/> representing the result of the asynchronous operation.</returns>
internal static async Task <OpenId.Models.AuthorizeOptions> Proccess(IJSRuntime jsRuntime, OpenId.Models.AuthorizeOptions authorizeOptions)
{
if (authorizeOptions is null)
{
throw new ArgumentNullException(nameof(authorizeOptions));
}
Utils.ValidateObject(authorizeOptions);
bool responseTypeIncludesIdToken = authorizeOptions.ResponseType == ResponseTypes.IdToken || authorizeOptions.ResponseType == ResponseTypes.TokenAndIdToken;
SessionAuthorizationTransaction transaction = await GenerateTransaction(
jsRuntime,
authorizeOptions,
responseTypeIncludesIdToken
).ConfigureAwait(false);
if (string.IsNullOrEmpty(authorizeOptions.State))
{
authorizeOptions.State = transaction.State;
}
if (responseTypeIncludesIdToken && string.IsNullOrEmpty(authorizeOptions.Nonce))
{
authorizeOptions.Nonce = transaction.Nonce;
}
return(authorizeOptions);
}
/// <summary>
/// Initiates the Authorization flow by calling the IDP's /authorize enpoint.
/// </summary>
/// <param name="jsRuntime">A <see cref="IJSRuntime"/> param.</param>
/// <param name="navigationManager">A <see cref="NavigationManager"/> param.</param>
/// <param name="authorizeOptions">A <see cref="AuthorizeOptions"/> param.</param>
/// <returns>A <see cref="Task"/> representing the result of the asynchronous operation.</returns>
public static async Task Authorize(IJSRuntime jsRuntime, NavigationManager navigationManager, OpenId.Models.AuthorizeOptions authorizeOptions)
{
if (jsRuntime is null)
{
throw new ArgumentNullException(nameof(jsRuntime));
}
if (navigationManager is null)
{
throw new ArgumentNullException(nameof(navigationManager));
}
if (authorizeOptions is null)
{
throw new ArgumentNullException(nameof(authorizeOptions));
}
Utils.ValidateObject(authorizeOptions);
authorizeOptions = await TransactionManager.Proccess(jsRuntime, authorizeOptions).ConfigureAwait(false);
var authorizeUrl = BuildAuthorizeUrl(authorizeOptions);
navigationManager.NavigateTo(authorizeUrl);
}
