static void Authenticate()
{
var authorizeClient = new IdentityModel.Client.AuthorizeRequest("https://100.105.80.38:13855/connect/authorize");
var url = authorizeClient.CreateAuthorizeUrl(
clientId: "silicon",
responseType: "code id_token token",
scope: "openid offline_access",
redirectUri: "http://*****:*****@"C:\Program Files (x86)\Mozilla Firefox\firefox.exe", "-private-window \"" + url + "\"");
//Console.WriteLine(client.GetStringAsync(url).Result);
}
private static string RequestAccessTokenAuthorizationCode()
{
// did we store the token before?
var cookie = HttpContext.Current.Request.Cookies.Get("ClientMVCCookie.AuthCode");
if (cookie != null && cookie["access_token"] != null && !string.IsNullOrEmpty(cookie["access_token"]))
{
return(cookie["access_token"]);
}
// no token found - request one
// we'll pass through the URI we want to return to as state
var state = HttpContext.Current.Request.Url.OriginalString;
var authorizeRequest = new IdentityModel.Client.AuthorizeRequest(
IdentityConstants.AuthEndoint);
var url = authorizeRequest.CreateAuthorizeUrl("mvc_client_auth_code", "code", "management",
IdentityConstants.MVCAuthCodeCallback, state);
HttpContext.Current.Response.Redirect(url);
return(null);
}
private static string RequestAccessTokenAuthorizationCode()
{
//did we store the token before?
var cookie = HttpContext.Current.Request.Cookies.Get("tripGalleryCookie");
if (cookie != null && cookie["access_token"] != null)
{
return cookie["access_token"];
}
var authorizeRequest = new IdentityModel.Client.AuthorizeRequest(
TripGallery.Constants.TripGallerySTSAuthorizationEndpoint);
var state = HttpContext.Current.Request.Url.OriginalString;
var url = authorizeRequest.CreateAuthorizeUrl("tripgalleryauthcode", "code", "gallerymanagement",
TripGallery.Constants.TripGalleryMVCSTSCallback, state);
HttpContext.Current.Response.Redirect(url);
return null;
}
public static string CreateAuthorizeUrl(this AuthorizeRequest request,
string clientId,
string responseType,
string scope = null,
string redirectUri = null,
string state = null,
string nonce = null,
string loginHint = null,
string acrValues = null,
string responseMode = null,
object extra = null)
{
var values = new Dictionary <string, string>
{
{ OAuth2Constants.ClientId, clientId },
{ OAuth2Constants.ResponseType, responseType }
};
if (!string.IsNullOrWhiteSpace(scope))
{
values.Add(OAuth2Constants.Scope, scope);
}
if (!string.IsNullOrWhiteSpace(redirectUri))
{
values.Add(OAuth2Constants.RedirectUri, redirectUri);
}
if (!string.IsNullOrWhiteSpace(state))
{
values.Add(OAuth2Constants.State, state);
}
if (!string.IsNullOrWhiteSpace(nonce))
{
values.Add(OAuth2Constants.Nonce, nonce);
}
if (!string.IsNullOrWhiteSpace(loginHint))
{
values.Add(OAuth2Constants.LoginHint, loginHint);
}
if (!string.IsNullOrWhiteSpace(acrValues))
{
values.Add(OAuth2Constants.AcrValues, acrValues);
}
if (!string.IsNullOrWhiteSpace(responseMode))
{
values.Add(OAuth2Constants.ResponseMode, responseMode);
}
return(request.Create(Merge(values, ObjectToDictionary(extra))));
}
private void RequestToken(string scope, string responseType)
{
var request = new AuthorizeRequest(Constants.AuthorizeEndpoint);
var startUrl = request.CreateAuthorizeUrl(
clientId: "hybridclient",
responseType: responseType,
scope: scope,
redirectUri: "oob://localhost/wpfclient",
state: "random_state",
nonce: "random_nonce");
_login.Show();
_login.Start(new Uri(startUrl), new Uri("oob://localhost/wpfclient"));
}
public async static Task<AuthorizeResponse> DoImplicitFlowAsync(
Uri endpoint,
string clientId,
string responseType,
string scope,
Uri redirectUri)
{
var request = new AuthorizeRequest(endpoint);
var state = Guid.NewGuid().ToString("N");
var nonce = Guid.NewGuid().ToString("N");
var startUri = request.CreateAuthorizeUrl(
clientId: clientId,
responseType: responseType,
scope: scope,
redirectUri: redirectUri.AbsoluteUri,
state: state,
nonce: nonce,
responseMode: "form_post");
try
{
var result = await WebAuthenticationBroker.AuthenticateAsync(
WebAuthenticationOptions.UseHttpPost,
new Uri(startUri));
if (result.ResponseStatus == WebAuthenticationStatus.Success)
{
return new AuthorizeResponse(result.ResponseData);
}
else if (result.ResponseStatus == WebAuthenticationStatus.UserCancel)
{
throw new Exception("User cancelled authentication");
}
else if (result.ResponseStatus == WebAuthenticationStatus.ErrorHttp)
{
throw new Exception("HTTP Error returned by AuthenticateAsync() : " + result.ResponseErrorDetail.ToString());
}
else
{
throw new Exception("Error returned by AuthenticateAsync() : " + result.ResponseStatus.ToString());
}
}
catch
{
// Bad Parameter, SSL/TLS Errors and Network Unavailable errors are to be handled here.
throw;
}
}
static void Authenticate()
{
var authorizeClient = new IdentityModel.Client.AuthorizeRequest("https://100.105.80.38:13855/connect/authorize");
var url = authorizeClient.CreateAuthorizeUrl(
clientId: "silicon",
responseType: "code id_token token",
scope: "openid offline_access",
redirectUri: "http://*****:*****@"C:\Program Files (x86)\Mozilla Firefox\firefox.exe", "-private-window \"" + url + "\"");
//Console.WriteLine(client.GetStringAsync(url).Result);
}
private void RequestToken(string scope, string responseType)
{
var request = new AuthorizeRequest(Constants.AuthorizeEndpoint);
var startUrl = request.CreateAuthorizeUrl(
clientId: "implicitclient",
responseType: responseType,
scope: scope,
redirectUri: "oob://localhost/wpfclient",
state: "random_state",
nonce: "random_nonce" /**,
loginHint: "alice",
acrValues: "idp:Google b c" **/);
_login.Show();
_login.Start(new Uri(startUrl), new Uri("oob://localhost/wpfclient"));
}
private string CreateUrl()
{
_nonce = CryptoRandom.CreateUniqueId(32);
_verifier = CryptoRandom.CreateUniqueId(32);
var challenge = _verifier.ToCodeChallenge();
var request = new AuthorizeRequest(_config.AuthorizationEndpoint);
return request.CreateAuthorizeUrl(
clientId: _settings.ClientId,
responseType: "code id_token",
scope: _settings.Scope,
redirectUri: _settings.RedirectUri,
nonce: _nonce,
responseMode: OidcConstants.ResponseModes.FormPost,
codeChallenge: challenge,
codeChallengeMethod: OidcConstants.CodeChallengeMethods.Sha256);
}
public IHttpActionResult ExternalLogin()
{
var state = Guid.NewGuid().ToString("N");
var nonce = Guid.NewGuid().ToString("N");
//SetTempState(state, nonce);
var request = new AuthorizeRequest("https://localhost:44302/connect/authorize");
var url = request.CreateAuthorizeUrl(
clientId: "AngularClient2",
responseType: "code",
scope: "Api",
redirectUri: Url.Link("externalLoginCallBack", new {} ),
state: state,
nonce: nonce,acrValues:"idp:Facebook");
return Redirect(url);
}
public ActionResult Index(string scopes)
{
var state = Guid.NewGuid().ToString("N");
var nonce = Guid.NewGuid().ToString("N");
SetTempState(state, nonce);
var request = new AuthorizeRequest(Constants.AuthorizeEndpoint);
var url = request.CreateAuthorizeUrl(
clientId: "codeclient",
responseType: "code",
scope: scopes,
redirectUri: "https://localhost:44312/callback",
state: state,
nonce: nonce);
return Redirect(url);
}
private static string RequestTokenAuthorizationCode()
{
var cookie = HttpContext.Current.Request.Cookies.Get("ideal.auth");
if (cookie?["access_token"] != null)
{
return cookie["access_token"];
}
var authorizeRequest = new AuthorizeRequest(IdealConstants.STSAuthorizationEndpoint);
var state = HttpContext.Current.Request.Url.OriginalString;
var url = authorizeRequest.CreateAuthorizeUrl(IdealConstants.ClientId, "code", "sampleApi",
IdealConstants.ClientCallbackUrl, state);
HttpContext.Current.Response.Redirect(url);
return null;
}
private static string RequestAccessTokenAuthorizationCode()
{
// did we store the token before?
var cookie = HttpContext.Current.Request.Cookies.Get("TripGalleryCookie");
if (cookie != null && cookie["access_token"] != null)
{
return(cookie["access_token"]);
}
var authorizeRequest = new IdentityModel.Client.AuthorizeRequest(
TripGallery.Constants.TripGallerySTSAuthorizationEndpoint);
var state = HttpContext.Current.Request.Url.OriginalString;
var url = authorizeRequest.CreateAuthorizeUrl("tripgalleryauthcode", "code", "gallerymanagement",
TripGallery.Constants.TripGalleryMVCSTSCallback, state);
HttpContext.Current.Response.Redirect(url);
return(null);
}
private async Task LoginUsingUsernameAndPasswordAsync()
{
const string responseType = "code id_token"; //implicit flow: "id_token token"
// Space-separated list of scopes we want to receive
var scopes = $"openid email profile offline_access {TimesheetConstants.ApiScope}";
var nonce = GenerateNonce(); // Unique token for the authorization request.
try
{
var redirectUri = WebAuthenticationBroker.GetCurrentApplicationCallbackUri();
var request = new AuthorizeRequest(TimesheetConstants.AuthorizeEndpoint);
var authUrl = request.CreateAuthorizeUrl(TimesheetConstants.ClientId, responseType, scopes, redirectUri.ToString(), nonce: nonce);
var requestUri = new Uri(authUrl);
var result =
await
WebAuthenticationBroker.AuthenticateAsync(WebAuthenticationOptions.None, requestUri, redirectUri);
if (result.ResponseStatus == WebAuthenticationStatus.Success)
{
// Successful authentication, but we only have the ID token.
var response = new AuthorizeResponse(result.ResponseData);
// We need to ask for the access token and refresh tokens now.
var tokenResponse = await GetAuthTokenAsync(response);
// Store the tokens in the password vault
ApiService.StoreTokenInVault(tokenResponse);
// And finish the login process
await FinishLoginAsync(tokenResponse);
}
}
catch (Exception ex)
{
var dlg = new MessageDialog(ex.Message, "Error");
await dlg.ShowAsync();
}
}
private async Task<string> CreateUrlAsync(AuthorizeResult result, string codeChallenge, object extraParameters)
{
var request = new AuthorizeRequest((await _options.GetEndpointsAsync()).Authorize);
var url = request.CreateAuthorizeUrl(
clientId: _options.ClientId,
responseType: OidcConstants.ResponseTypes.CodeIdToken,
scope: _options.Scope,
redirectUri: result.RedirectUri,
responseMode: _options.UseFormPost ? OidcConstants.ResponseModes.FormPost : null,
nonce: result.Nonce,
codeChallenge: codeChallenge,
codeChallengeMethod: _options.UseProofKeys ? OidcConstants.CodeChallengeMethods.Sha256 : null,
extra: extraParameters);
return url;
}
public void StartFlow(string responseType, string scope)
{
// create URI to authorize endpoint - use WebHost or SelfHost from the
// samples solution.
var authorizeRequest =
new AuthorizeRequest("https://localhost:44333/core/connect/authorize");
// dictionary with values for the authorize request
var dic = new Dictionary<string, string>();
dic.Add("client_id", "implicitclient");
dic.Add("response_type", responseType);
dic.Add("scope", scope);
dic.Add("redirect_uri", "https://xamarin-oidc-sample/redirect");
dic.Add("nonce", Guid.NewGuid().ToString("N"));
// add CSRF token to protect against cross-site request forgery attacks.
_currentCSRFToken = Guid.NewGuid().ToString("N");
dic.Add("state", _currentCSRFToken);
var authorizeUri = authorizeRequest.Create(dic);
// or use CreateAuthorizeUrl, passing in the values we defined in the dictionary.
// authorizeRequest.CreateAuthorizeUrl("implicitclient", ...);
wvLogin.Source = authorizeUri;
wvLogin.IsVisible = true;
}
public string CreateAuthorizeUrl(
string clientId,
string responseType,
string scope = null,
string redirectUri = null,
string state = null,
string nonce = null,
string loginHint = null,
string acrValues = null,
string responseMode = null,
object extra = null)
{
var url = new AuthorizeRequest(AuthorizeEndpoint).CreateAuthorizeUrl(
clientId: clientId,
responseType: responseType,
scope: scope,
redirectUri: redirectUri,
state: state,
nonce: nonce,
loginHint: loginHint,
acrValues: acrValues,
responseMode: responseMode,
extra: extra);
return url;
}
/// <summary>Creates the authorize URL.</summary>
/// <param name="request">The request.</param>
/// <param name="values">The values (either using a string Dictionary or an object's properties).</param>
/// <returns></returns>
public static string Create(this AuthorizeRequest request, object values)
{
return(request.Create(ObjectToDictionary(values)));
}
public void StartFlow(string responseType, string scope)
{
// create URI to auth endpoint
var authorizeRequest =
new AuthorizeRequest("https://xamarinoidcsamplests.azurewebsites.net/identity/connect/authorize");
// note: change URI to wherever you deployed your STS (CTRL-SHIFT-F is your friend :)).
// For use with IIS Express, check https://www.github.com/KevinDockx/XamarinFormsOIDCSample.
// dictionary with values for the authorize request
var dic = new Dictionary<string, string>();
dic.Add("client_id", "xamarinsampleimplicit");
dic.Add("response_type", responseType);
dic.Add("scope", scope);
dic.Add("redirect_uri", "https://xamarin-oidc-sample/redirect");
dic.Add("nonce", Guid.NewGuid().ToString("N"));
// add CSRF token to protect against cross-site request forgery attacks.
_currentCSRFToken = Guid.NewGuid().ToString("N");
dic.Add("state", _currentCSRFToken);
var authorizeUri = authorizeRequest.Create(dic);
// or use CreateAuthorizeUrl, passing in the values we defined in the dictionary.
// authorizeRequest.CreateAuthorizeUrl("xamarinsampleimplicit", ...);
wvLogin.Source = authorizeUri;
wvLogin.IsVisible = true;
}
