public IPrincipal Authenticate(string deviceId, string deviceSecret, string clientId, string clientSecret) { // Authenticate IPrincipal retVal = null; using (IRestClient restClient = new RestClient(this.m_configuration.GetIdpDescription())) { try { // Create grant information OAuthTokenRequest request = new OAuthTokenRequest(clientId, clientSecret); request.Scope = "*"; restClient.Requesting += (o, p) => { p.AdditionalHeaders.Add("X-Device-Authorization", $"BASIC {Convert.ToBase64String(Encoding.UTF8.GetBytes(String.Format("{0}:{1}", deviceId, deviceSecret)))}"); }; OAuthTokenResponse response = restClient.Post <OAuthTokenRequest, OAuthTokenResponse>("oauth2_token", "application/x-www-form-urlencoded", request); retVal = new TokenClaimsPrincipal(response.AccessToken, response.IdToken ?? response.AccessToken, response.TokenType, response.RefreshToken); } catch (RestClientException <OAuthTokenResponse> ex) { Trace.TraceError("REST client exception: {0}", ex.Message); var se = new SecurityException($"Error executing OAuth request: {ex.Result.Error}", ex); se.Data.Add("detail", ex.Result); throw se; } catch (SecurityException ex) { Trace.TraceError("TOKEN exception: {0}", ex.Message); throw new SecurityException($"Security error: {ex.Message}", ex); } catch (Exception ex) { Trace.TraceError("Generic exception: {0}", ex); throw; } return(retVal); } }
/// <summary> /// Token request for refresh /// </summary> public OAuthTokenRequest(TokenClaimsPrincipal current, String scope) { this.GrantType = "refresh_token"; this.RefreshToken = current.RefreshToken; this.Scope = scope; }
/// <summary> /// Authenticate the user /// </summary> /// <param name="principal">Principal.</param> /// <param name="password">Password.</param> public System.Security.Principal.IPrincipal Authenticate(System.Security.Principal.IPrincipal principal, string password, String tfaSecret) { // Get the scope being requested String scope = "*"; if (principal is ClaimsPrincipal) { scope = (principal as ClaimsPrincipal).Claims.FirstOrDefault(o => o.Type == "scope")?.Value ?? scope; } else { scope = "*"; } // Authenticate IPrincipal retVal = null; using (IRestClient restClient = new RestClient(this.m_configuration.GetIdpDescription())) { try { // Create grant information OAuthTokenRequest request = null; if (!String.IsNullOrEmpty(password)) { request = new OAuthTokenRequest(principal.Identity.Name, password, scope); } else if (principal is TokenClaimsPrincipal) { request = new OAuthTokenRequest(principal as TokenClaimsPrincipal, scope); } else { request = new OAuthTokenRequest(principal.Identity.Name, null, scope); } // Set credentials request.ClientId = this.m_configuration.ClientId; request.ClientSecret = this.m_configuration.ClientSecret; OAuthTokenResponse response = restClient.Post <OAuthTokenRequest, OAuthTokenResponse>("oauth2_token", "application/x-www-form-urlencoded", request); retVal = new TokenClaimsPrincipal(response.AccessToken, response.IdToken ?? response.AccessToken, response.TokenType, response.RefreshToken); } catch (RestClientException <OAuthTokenResponse> ex) { Trace.TraceError("REST client exception: {0}", ex.Message); var se = new SecurityException($"Error executing OAuth request: {ex.Result.Error}", ex); se.Data.Add("detail", ex.Result); throw se; } catch (SecurityException ex) { Trace.TraceError("TOKEN exception: {0}", ex.Message); throw new SecurityException($"Security error: {ex.Message}", ex); } catch (Exception ex) { Trace.TraceError("Generic exception: {0}", ex); } return(retVal); } }