internal static Task AuthorizationCodeReceived(AuthorizationCodeReceivedContext context) { Helpers.ThrowIfConditionFailed(() => context.Code == "AAABAAAAvPM1KaPlrEqdFSBzjqfTGGBtrTYVn589oKw4lLgJ6Svz0AhPVOJr0J2-Uu_KffGlqIbYlRAyxmt-vZ7VlSVdrWvOkNhK9OaAMaSD7LDoPbBTVMEkB0MdAgBTV34l2el-s8ZI02_9PvgQaORZs7n8eGaGbcoKAoxiDn2OcKuJVplXYgrGUwU4VpRaqe6RaNzuseM7qBFbLIv4Wps8CndE6W8ccmuu6EvGC6-H4uF9EZL7gU4nEcTcvkE4Qyt8do6VhTVfM1ygRNQgmV1BCig5t_5xfhL6-xWQdy15Uzn_Df8VSsyDXe8s9cxyKlqc_AIyLFy_NEiMQFUqjZWKd_rR3A8ugug15SEEGuo1kF3jMc7dVMdE6OF9UBd-Ax5ILWT7V4clnRQb6-CXB538DlolREfE-PowXYruFBA-ARD6rwAVtuVfCSbS0Zr4ZqfNjt6x8yQdK-OkdQRZ1thiZcZlm1lyb2EquGZ8Deh2iWBoY1uNcyjzhG-L43EivxtHAp6Y8cErhbo41iacgqOycgyJWxiB5J0HHkxD0nQ2RVVuY8Ybc9sdgyfKkkK2wZ3idGaRCdZN8Q9VBhWRXPDMqHWG8t3aZRtvJ_Xd3WhjNPJC0GpepUGNNQtXiEoIECC363o1z6PZC5-E7U3l9xK06BZkcfTOnggUiSWNCrxUKS44dNqaozdYlO5E028UgAEhJ4eDtcP3PZty-0j4j5Mw0F2FmyAA", "context.Code is invalid."); eventsFired.Add(nameof(AuthorizationCodeReceived)); // Verify all events are fired. if (eventsFired.Contains(nameof(RedirectToAuthenticationEndpoint)) && eventsFired.Contains(nameof(MessageReceived)) && eventsFired.Contains(nameof(AuthenticationValidated)) && eventsFired.Contains(nameof(AuthorizationResponseRecieved)) && eventsFired.Contains(nameof(AuthorizationCodeReceived))) { ((ClaimsIdentity)context.AuthenticationTicket.Principal.Identity).AddClaim(new Claim("ManageStore", "Allowed")); } return Task.FromResult(0); }
private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext context) { // 1) Use the code to get the access and refresh token, // As we are using the hybrid flow, we will get a "code" and "access_token" but not "refresh_token". // Using the code we can get a "refresh_token" if the client application is a server side app (like this example) // If the application is a SPA or a native phone app, it is not secure to use the ClientSecret var tokenClient = new TokenClient(Constants.TokenEndpoint, Constants.ClientId, Constants.ClientSecret); var tokensResponse = tokenClient.RequestAuthorizationCodeAsync(context.Code, context.RedirectUri).Result; var expiration = DateTime.Now.AddSeconds(tokensResponse.ExpiresIn) .ToLocalTime() .ToString(CultureInfo.InvariantCulture); List<Claim> oauthClaims = new List<Claim> { new Claim("access_token", tokensResponse.AccessToken), new Claim("refresh_token", tokensResponse.RefreshToken), new Claim("expires_at", expiration) }; // 2) Use the access token to retrieve user info claims // The access token is a JWT token, it can be used to secure WebApi var userInfoClient = new UserInfoClient(new Uri(Constants.UserInfoEndpoint), tokensResponse.AccessToken); var userInfo = await userInfoClient.GetAsync(); List<Claim> userClaims = userInfo.Claims.Select(ui => new Claim(ui.Item1, ui.Item2)).ToList(); // 3) Add claims to authentication ticket ClaimsIdentity identity = context.AuthenticationTicket.Principal.Identity as ClaimsIdentity; if (identity != null) { // Remove all protocol related claims var claimsToRemove = identity.Claims.ToList(); foreach (var claim in claimsToRemove) { identity.RemoveClaim(claim); } // Add oauth and user claims identity.AddClaims(oauthClaims); identity.AddClaims(userClaims); } }
public virtual Task AuthorizationCodeReceived(AuthorizationCodeReceivedContext context) => OnAuthorizationCodeReceived(context);
public virtual Task AuthorizationCodeReceived(AuthorizationCodeReceivedContext context) => OnAuthorizationCodeReceived(context);
public override async Task AuthorizationCodeReceived(AuthorizationCodeReceivedContext context) { var principal = context.AuthenticationTicket.Principal; var surveysTokenService = context.HttpContext.RequestServices.GetService<ISurveysTokenService>(); try { await surveysTokenService.RequestTokenAsync( principal, context.ProtocolMessage.Code, context.AuthenticationTicket.Properties.Items[OpenIdConnectDefaults.RedirectUriForCodePropertiesKey], _adOptions.WebApiResourceId) .ConfigureAwait(false); } catch { // If an exception is thrown within this event, the user is never set on the OWIN middleware, // so there is no need to sign out. However, the access token could have been put into the // cache so we need to clean it up. await surveysTokenService.ClearCacheAsync(principal) .ConfigureAwait(false); throw; } }