public ActionResult ValidationEndpoint(string code, string state)
{
//use this for auth code workflow
logger.Debug("Get OIDC for auth code workflow");
logger.Debug(" code = " + code + " state " + state);
string error = null;
string error_description = null;
string token_type = null;
string scope = null;
string id_token_status = null;
string idToken = null;
string access_token_status = null;
string accessToken = null;
string refresh_token_status = null;
string refreshToken = null;
System.Security.Claims.ClaimsPrincipal jsonPayload = null;
IRestResponse <TokenRequestResponse> response = null;
OidcIdToken oidcIdToken = new OidcIdToken();
OidcAccessToken oidcAccessToken = new OidcAccessToken();
string basicAuth = appSettings["oidc.spintweb.clientId"] + ":" + appSettings["oidc.spintweb.clientSecret"];
var bytesBasicAuth = System.Text.Encoding.UTF8.GetBytes(basicAuth);
string encodedBasicAuth = System.Convert.ToBase64String(bytesBasicAuth);
try
{
//var client = new RestClient(MvcApplication.apiUrl + "/oauth2/v1/token");
var client = new RestClient(appSettings["oidc.authServer"] + "/v1/token");
var request = new RestRequest(Method.POST);
request.AddHeader("Accept", "application/json");
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddHeader("Authorization", " Basic " + encodedBasicAuth);
request.AddQueryParameter("grant_type", "authorization_code");
request.AddQueryParameter("code", code);
request.AddQueryParameter("redirect_uri", appSettings["oidc.spintweb.RedirectUri"]);
response = client.Execute <TokenRequestResponse>(request);
if (response.Data != null)
{
error = response.Data.error;
error_description = response.Data.error_description;
token_type = response.Data.token_type;
scope = response.Data.scope;
}
if (response.Data.id_token != null)
{
id_token_status = "id_token present";
idToken = response.Data.id_token;
string issuer = appSettings["oidc.issuer"];
string audience = appSettings["oidc.spintweb.clientId"];
//jsonPayload = oktaOidcHelper.DecodeAndValidateIdToken(idToken, clientId, issuer, audience);
jsonPayload = oktaOidcHelper.ValidateIdToken(idToken, issuer, audience);
if (jsonPayload.Identity.IsAuthenticated)
{
TempData["errMessage"] = jsonPayload.ToString();
//System.IdentityModel.Tokens.Jwt.JwtSecurityToken tokenReceived = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(idToken);
//oidcIdToken = Newtonsoft.Json.JsonConvert.DeserializeObject<OidcIdToken>(idToken);
}
else
{
TempData["errMessage"] = "Invalid ID Token!";
}
TempData["idToken"] = idToken;
}
else
{
id_token_status = "id_token NOT present";
}
if (response.Data.access_token != null)
{
accessToken = response.Data.access_token;
access_token_status = "access_token present";
TempData["accessToken"] = response.Data.access_token;
}
else
{
access_token_status = "access_token NOT present";
}
if (response.Data.refresh_token != null)
{
refreshToken = response.Data.refresh_token;
refresh_token_status = "refresh_token present";
TempData["refreshToken"] = response.Data.refresh_token;
}
else
{
refresh_token_status = "refresh_token NOT present";
}
}
catch (Exception ex)
{
logger.Error(ex.ToString());
}
if (error != null)
{
TempData["errMessage"] = "Error " + error_description;
TempData["oktaOrg"] = apiUrl;
return(RedirectToAction("UnprotectedLanding", "AltLanding"));
}
else
{
TempData["errMessage"] = "SUCCESS token_type = " + token_type + " scope = " + scope + " : " + id_token_status + " : " + access_token_status + " oktaId = " + oidcIdToken.sub;
TempData["oktaOrg"] = apiUrl;
return(RedirectToAction("AuthCodeLanding", "AltLanding"));
}
}
public ActionResult ValidationEndpoint()
{
//use this for implicit workflow
logger.Debug("Post OIDC for implicit workflow");
string myState = Request["state"];
string idToken = Request["id_token"];
string accessToken = Request["access_token"];
string tokenType = Request["token_type"];
string expires = Request["expires_in"];
string scope = Request["scope"];
System.Security.Claims.ClaimsPrincipal jsonPayload = null;
string accessTokenStatus = null;
string idTokenStatus = null;
OidcIdToken oidcIdToken = new OidcIdToken();
OidcIdTokenMin oidcIdTokeMin = new OidcIdTokenMin();
if (idToken != null)
{
idTokenStatus = " ID Token Present";
TempData["idToken"] = idToken;
//string clientId = appSettings["oidc.spintnative.clientId"];
string issuer = appSettings["oidc.issuer"];
string audience = appSettings["oidc.spintweb.clientId"];
//jsonPayload = oktaOidcHelper.DecodeAndValidateIdToken(idToken, clientId, issuer, audience);
jsonPayload = oktaOidcHelper.ValidateIdToken(idToken, issuer, audience);
if (jsonPayload.Identity.IsAuthenticated)
{
TempData["errMessage"] = jsonPayload.ToString();
System.IdentityModel.Tokens.Jwt.JwtSecurityToken tokenReceived = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(idToken);
//oidcIdToken = Newtonsoft.Json.JsonConvert.DeserializeObject<OidcIdToken>(tokenReceived.ToString());
}
else
{
TempData["errMessage"] = "Invalid ID Token!";
}
TempData["idToken"] = idToken;
}
else
{
idTokenStatus = " ID Token Not Found";
}
if (accessToken != null)
{
accessTokenStatus = "access_token Present";
TempData["accessToken"] = accessToken;
}
else
{
accessTokenStatus = "access_token NOT Found";
}
if (accessToken != null || idToken != null)
{
TempData["errMessage"] = "SUCCESS token_type = " + tokenType + " expires = " + expires + " scope = " + scope + " : " + idTokenStatus + " : " + accessTokenStatus + " oktaId = " + oidcIdToken.sub;
TempData["oktaOrg"] = apiUrl;
return(View("../AltLanding/ImplicitLanding", oidcIdTokeMin));
}
else
{
TempData["errMessage"] = "Error token_type = " + tokenType + " expires = " + expires + " scope = " + scope + " : " + idTokenStatus + " : " + accessTokenStatus + " oktaId = " + oidcIdToken.sub;
TempData["oktaOrg"] = apiUrl;
return(View("../AltLanding/UnprotectedLanding"));
}
}
public ActionResult ResourceOwnerRoute()
{
string userName = Request["userName"];
string passWord = Request["passWord"];
//string authnlogin_but = Request["authnlogin_but"];
//string oidclogin_but = Request["oidclogin_but"];
//string oidc_but = Request["oidc_but"];
string location = Request["location"];
// set relayState
string relayState = Request["relayState"];
TempData["relayState"] = relayState;
string error = null;
string error_description = null;
string token_type = null;
string scope = null;
string id_token_status = null;
string idToken = null;
string access_token_status = null;
string accessToken = null;
string refresh_token_status = null;
string refreshToken = null;
System.Security.Claims.ClaimsPrincipal jsonPayload = null;
IRestResponse <TokenRequestResponse> response = null;
OidcIdTokenMin oidcIdToken = new OidcIdTokenMin();
OidcAccessToken oidcAccessToken = new OidcAccessToken();
string basicAuth = appSettings["oidc.spintnative.clientId"] + ":" + appSettings["oidc.spintnative.clientSecret"];
var bytesBasicAuth = System.Text.Encoding.UTF8.GetBytes(basicAuth);
string encodedBasicAuth = System.Convert.ToBase64String(bytesBasicAuth);
try
{
var client = new RestClient(appSettings["oidc.authServer"] + "/v1/token");
var request = new RestRequest(Method.POST);
request.AddHeader("Accept", "application/json");
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddHeader("Authorization", " Basic " + encodedBasicAuth);
request.AddQueryParameter("grant_type", "password");
request.AddQueryParameter("username", userName);
request.AddQueryParameter("password", passWord);
request.AddQueryParameter("scope", appSettings["oidc.scopes"]);
response = client.Execute <TokenRequestResponse>(request);
if (response.Data != null)
{
error = response.Data.error;
error_description = response.Data.error_description;
token_type = response.Data.token_type;
scope = response.Data.scope;
}
if (response.Data.id_token != null)
{
idToken = response.Data.id_token;
id_token_status = "id_token present";
TempData["idToken"] = response.Data.id_token;
string issuer = appSettings["oidc.issuer"];
string audience = appSettings["oidc.spintnative.clientId"];
//jsonPayload = oktaOidcHelper.DecodeAndValidateIdToken(idToken, clientId, issuer, audience);
jsonPayload = oktaOidcHelper.ValidateIdToken(idToken, issuer, audience);
if (jsonPayload.Identity.IsAuthenticated)
{
TempData["errMessage"] = jsonPayload.ToString();
//System.IdentityModel.Tokens.Jwt.JwtSecurityToken tokenReceived = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(idToken);
//oidcIdToken = Newtonsoft.Json.JsonConvert.DeserializeObject<OidcIdToken>(tokenReceived.ToString());
}
else
{
TempData["errMessage"] = "Invalid ID Token!";
}
TempData["idToken"] = idToken;
}
else
{
id_token_status = "id_token NOT present";
}
if (response.Data.access_token != null)
{
accessToken = response.Data.access_token;
access_token_status = "access_token present";
TempData["accessToken"] = response.Data.access_token;
//System.IdentityModel.Tokens.JwtSecurityToken tokenReceived2 = new System.IdentityModel.Tokens.JwtSecurityToken(accessToken);
}
else
{
access_token_status = "access_token NOT present";
}
if (response.Data.refresh_token != null)
{
refreshToken = response.Data.refresh_token;
refresh_token_status = "refresh_token present";
}
else
{
refresh_token_status = "refresh_token NOT present";
}
}
catch (Exception ex)
{
logger.Error(ex.ToString());
}
if (accessToken != null || idToken != null)
{
TempData["errMessage"] = "OIDC_Get Oauth Resource Owner SUCCESS token_type = " + token_type + " scope = " + scope + " : " + id_token_status + " : " + access_token_status + " oktaId = " + oidcIdToken.sub;
TempData["oktaOrg"] = apiUrl;
return(View("../AltLanding/ResOwnerLanding", oidcIdToken));
}
else
{
TempData["errMessage"] = "OIDC_Get Oauth Resource Owner error " + error_description;
TempData["oktaOrg"] = apiUrl;
return(View("../AltLanding/UnprotectedLanding"));
}
}//end resource owner workflow
public ActionResult Endpoint_Implicit()
{
//use this for implicit workflow
logger.Debug("Post OIDC Endpoint_Implicit");
string myState = Request["state"];
string idToken = Request["id_token"];
string accessToken = Request["access_token"];
string refreshToken = Request["refresh_token"];
string tokenType = Request["token_type"];
string expires = Request["expires_in"];
string scope = Request["scope"];
System.Security.Claims.ClaimsPrincipal jsonPayload = null;
System.IdentityModel.Tokens.Jwt.JwtSecurityToken tokenReceived = null;
string accessTokenStatus = null;
string idTokenStatus = null;
if (idToken != null)
{
idTokenStatus = " ID Token Present";
string issuer = appSettings["oidc.issuer"];
string audience = appSettings["oidc.spintweb.clientId"];
jsonPayload = oktaOidcHelper.ValidateIdToken(idToken, issuer, audience);
if (jsonPayload.Identity.IsAuthenticated)
{
TempData["errMessage"] = jsonPayload.ToString();
tokenReceived = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(idToken);
}
else
{
TempData["errMessage"] = "Invalid ID Token!";
}
TempData["idToken"] = idToken;
}
else
{
idTokenStatus = " ID Token Not Found";
}
if (accessToken != null)
{
accessTokenStatus = "access_token Present";
TempData["accessToken"] = accessToken;
}
else
{
accessTokenStatus = "access_token NOT Found";
}
if (accessToken != null || idToken != null)
{
TempData["errMessage"] = "OIDC_Get Oauth Endpoint_Native SUCCESS = " + idTokenStatus + " : " + accessTokenStatus;
TempData["oktaOrg"] = primaryOrgUrl;
return(View("../AltLanding/ImplicitLanding", tokenReceived));
}
else
{
TempData["errMessage"] = "OIDC_Get Oauth Endpoint_Native Error = " + idTokenStatus + " : " + accessTokenStatus;
TempData["oktaOrg"] = primaryOrgUrl;
return(View("../AltLanding/UnprotectedLanding"));
}
}
public ActionResult Endpoint_PKCE(string code, string state)
{
//use this for auth code with PKCE workflow
logger.Debug("Get OIDC Endpoint_Code");
logger.Debug(" code = " + code + " state " + state);
string error = null;
string error_description = null;
string token_type = null;
string scope = null;
string id_token_status = null;
string idToken = null;
string access_token_status = null;
string accessToken = null;
string refresh_token_status = null;
string refreshToken = null;
System.Security.Claims.ClaimsPrincipal jsonPayload = null;
IRestResponse <TokenRequestResponse> response = null;
OidcAccessToken oidcAccessToken = new OidcAccessToken();
string codeVerifier = cacheService.GetPasscode("myKey");
try
{
var client = new RestClient(appSettings["oidc.authServer"] + "/oauth2/v1/token");
var request = new RestRequest(Method.POST);
request.AddHeader("Accept", "application/json");
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddQueryParameter("grant_type", "authorization_code");
request.AddQueryParameter("code", code);
request.AddQueryParameter("code_verifier", codeVerifier);
request.AddQueryParameter("redirect_uri", appSettings["oidc.spintnative.RedirectUri_PKCE"]);
request.AddQueryParameter("client_id", appSettings["oidc.spintnative.clientId"]);
response = client.Execute <TokenRequestResponse>(request);
error = response.Data.error;
error_description = response.Data.error_description;
token_type = response.Data.token_type;
scope = response.Data.scope;
if (response.Data.id_token != null)
{
id_token_status = "id_token present";
idToken = response.Data.id_token;
string issuer = appSettings["oidc.issuer"];
string audience = appSettings["oidc.spintweb.clientId"];
jsonPayload = oktaOidcHelper.ValidateIdToken(idToken, issuer, audience);
if (jsonPayload.Identity.IsAuthenticated)
{
TempData["errMessage"] = jsonPayload.ToString();
}
else
{
TempData["errMessage"] = "Invalid ID Token!";
}
TempData["idToken"] = idToken;
}
else
{
id_token_status = "id_token NOT present";
}
if (response.Data.access_token != null)
{
accessToken = response.Data.access_token;
access_token_status = "access_token present";
TempData["accessToken"] = accessToken;
}
else
{
access_token_status = "access_token NOT present";
}
if (response.Data.refresh_token != null)
{
refreshToken = response.Data.refresh_token;
refresh_token_status = "refresh_token present";
TempData["refreshToken"] = refreshToken;
}
else
{
refresh_token_status = "refresh_token NOT present";
}
}
catch (Exception ex)
{
logger.Error(ex.ToString());
}
if (error != null)
{
TempData["errMessage"] = "OIDC_Get Oauth Endpoint_Web error " + error_description;
TempData["oktaOrg"] = apiUrl;
return(RedirectToAction("UnprotectedLanding", "AltLanding"));
}
else
{
TempData["errMessage"] = "OIDC_Get Oauth Endpoint_Web SUCCESS = " + id_token_status + " : " + access_token_status;
TempData["oktaOrg"] = apiUrl;
return(RedirectToAction("AuthCodeLanding", "AltLanding"));
}
}
