private async Task <AuthorizeRequestValidationResult> LoadClientAsync(ValidatedAuthorizeRequest request)
{
//////////////////////////////////////////////////////////
// client_id must be present
/////////////////////////////////////////////////////////
var clientId = request.Raw.Get(OidcConstants.AuthorizeRequest.ClientId);
if (clientId.IsMissingOrTooLong(_options.InputLengthRestrictions.ClientId))
{
LogError("client_id is missing or too long", request);
return(Invalid(request, description: "Invalid client_id"));
}
request.ClientId = clientId;
//////////////////////////////////////////////////////////
// check for valid client
//////////////////////////////////////////////////////////
var client = await _clients.FindEnabledClientByIdAsync(request.ClientId);
if (client == null)
{
LogError("Unknown client or not enabled", request.ClientId, request);
return(Invalid(request, OidcConstants.AuthorizeErrors.UnauthorizedClient, "Unknown client or client not enabled"));
}
request.SetClient(client);
return(Valid(request));
}
private async Task <AuthorizeRequestValidationResult> ValidateClientAsync(ValidatedAuthorizeRequest request)
{
//////////////////////////////////////////////////////////
// client_id must be present
/////////////////////////////////////////////////////////
var clientId = request.Raw.Get(OidcConstants.AuthorizeRequest.ClientId);
if (clientId.IsMissingOrTooLong(_options.InputLengthRestrictions.ClientId))
{
LogError("client_id is missing or too long", request);
return(Invalid(request, description: "Invalid client_id"));
}
request.ClientId = clientId;
//////////////////////////////////////////////////////////
// redirect_uri must be present, and a valid uri
//////////////////////////////////////////////////////////
var redirectUri = request.Raw.Get(OidcConstants.AuthorizeRequest.RedirectUri);
if (redirectUri.IsMissingOrTooLong(_options.InputLengthRestrictions.RedirectUri))
{
LogError("redirect_uri is missing or too long", request);
return(Invalid(request, description: "Invalid redirect_uri"));
}
if (!Uri.TryCreate(redirectUri, UriKind.Absolute, out var _))
{
LogError("malformed redirect_uri", redirectUri, request);
return(Invalid(request, description: "Invalid redirect_uri"));
}
//////////////////////////////////////////////////////////
// check for valid client
//////////////////////////////////////////////////////////
var client = await _clients.FindEnabledClientByIdAsync(request.ClientId);
if (client == null)
{
LogError("Unknown client or not enabled", request.ClientId, request);
return(Invalid(request, OidcConstants.AuthorizeErrors.UnauthorizedClient));
}
request.SetClient(client);
//////////////////////////////////////////////////////////
// check if client protocol type is oidc
//////////////////////////////////////////////////////////
if (request.Client.ProtocolType != IdentityServerConstants.ProtocolTypes.OpenIdConnect)
{
LogError("Invalid protocol type for OIDC authorize endpoint", request.Client.ProtocolType, request);
return(Invalid(request, OidcConstants.AuthorizeErrors.UnauthorizedClient, description: "Invalid protocol"));
}
//////////////////////////////////////////////////////////
// check if redirect_uri is valid
//////////////////////////////////////////////////////////
if (await _uriValidator.IsRedirectUriValidAsync(redirectUri, request.Client) == false)
{
LogError("Invalid redirect_uri", redirectUri, request);
return(Invalid(request, OidcConstants.AuthorizeErrors.UnauthorizedClient, "Invalid redirect_uri"));
}
request.RedirectUri = redirectUri;
return(Valid(request));
}
