OAuthAuthorizeEndpointContext, Microsoft.Owin.Security.OAuth C# (CSharp) Code Examples

Example #1

0

Show file

File: OAuthServerProvider.cs Project: jcorioland/techdays-paris-2014-mvc-webapi

 // /oauth/authorize
 public override async Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context)
 {
     if (context.Request.User != null && context.Request.User.Identity.IsAuthenticated)
     {
         // si l'utilisateur est loggé,
         // on crée un ticket d'authent, on crée un authorization code et on fait le redirect
         var redirectUri = context.Request.Query["redirect_uri"];
         var clientId = context.Request.Query["client_id"];
         var authorizeCodeContext = new Microsoft.Owin.Security.Infrastructure.AuthenticationTokenCreateContext(context.OwinContext, context.Options.AuthorizationCodeFormat,
             new Microsoft.Owin.Security.AuthenticationTicket((ClaimsIdentity)context.Request.User.Identity, new Microsoft.Owin.Security.AuthenticationProperties(new Dictionary<string, string>
             {
                 {"client_id", clientId},
                 {"redirect_uri", redirectUri}
             })
             {
                 IssuedUtc = DateTimeOffset.UtcNow,
                 ExpiresUtc = DateTimeOffset.UtcNow.Add(context.Options.AuthorizationCodeExpireTimeSpan)
             }));
         await context.Options.AuthorizationCodeProvider.CreateAsync(authorizeCodeContext);
         
         // clear cookies
         var cookies = context.Request.Cookies.ToList();
         foreach (var c in cookies)
         {
             context.Response.Cookies.Delete(c.Key, new Microsoft.Owin.CookieOptions());
         }
         context.Response.Redirect(redirectUri + "?code=" + Uri.EscapeDataString(authorizeCodeContext.Token));
     }
     else
     {
         // si on n'est pas loggé, on redirige vers la page de login
         context.Response.Redirect("/account/login?returnUrl=" + Uri.EscapeDataString(context.Request.Uri.ToString()));
     }
     context.RequestCompleted();
 }

Example #2

0

Show file

File: CIRImplicitAuthorizationServerProvider.cs Project: codenewa/CookieToToken

 public override Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context)
 {
     // The authentication types should be set to "Bearer" while setting up the ClaimsIdentity
     // I have set up basic mandatory ClaimsIdentity. You can add the necessary claims if required.
     System.Security.Claims.ClaimsIdentity ci = new System.Security.Claims.ClaimsIdentity("Bearer");
     context.OwinContext.Authentication.SignIn(ci);
     context.RequestCompleted();
     return Task.FromResult<object>(null);
 }

Example #3

0

Show file

File: OpenAuthorizationServerProvider.cs Project: shoy160/Shoy.Common

        /// <summary>
        /// 生成 authorization_code（authorization code 授权方式）、生成 access_token （implicit 授权模式）
        /// </summary>
        public override async Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context)
        {
            if (context.AuthorizeRequest.IsImplicitGrantType)
            {
                //implicit 授权方式
                var identity = new ClaimsIdentity("Bearer");
                context.OwinContext.Authentication.SignIn(identity);
                context.RequestCompleted();
            }
            else if (context.AuthorizeRequest.IsAuthorizationCodeGrantType)
            {
                //authorization code 授权方式
                var redirectUri = context.Request.Query["redirect_uri"] ?? "/code";
                var clientId = context.Request.Query["client_id"];
                var identity = new ClaimsIdentity(new GenericIdentity(
                    clientId, OAuthDefaults.AuthenticationType));

                var authorizeCodeContext = new AuthenticationTokenCreateContext(
                    context.OwinContext,
                    context.Options.AuthorizationCodeFormat,
                    new AuthenticationTicket(
                        identity,
                        new AuthenticationProperties(new Dictionary<string, string>
                        {
                            {"client_id", clientId},
                            {"redirect_uri", redirectUri}
                        })
                        {
                            IssuedUtc = DateTimeOffset.UtcNow,
                            ExpiresUtc = DateTimeOffset.UtcNow.Add(context.Options.AuthorizationCodeExpireTimeSpan)
                        }));

                await context.Options.AuthorizationCodeProvider.CreateAsync(authorizeCodeContext);
                context.Response.Redirect(redirectUri + "?code=" + Uri.EscapeDataString(authorizeCodeContext.Token));
                context.RequestCompleted();
            }
        }

Example #4

0

Show file

File: OAuthAuthorizationServerHandler.cs Project: zhangrl/katana

        private async Task <bool> InvokeAuthorizeEndpoint()
        {
            _logger.WriteVerbose("InvokeAuthorizeEndpoint");

            var authorizeRequest = new AuthorizeRequest(Request.GetQuery());
            var clientIdContext  = new OAuthValidateClientCredentialsContext(
                Request.Environment,
                authorizeRequest.ClientId,
                null,
                authorizeRequest.RedirectUri);

            await Options.Provider.ValidateClientCredentials(clientIdContext);

            if (clientIdContext.IsValidated)
            {
                authorizeRequest.RedirectUri = clientIdContext.RedirectUri;
                _authorizeRequest            = authorizeRequest;
            }

            var authorizeEndpointContext = new OAuthAuthorizeEndpointContext(Request.Environment);
            await Options.Provider.AuthorizeEndpoint(authorizeEndpointContext);

            return(authorizeEndpointContext.IsRequestCompleted);
        }

Example #5

0

Show file

File: OAuthAuthorizationServerProvider.cs Project: Kstal/Microsoft.Owin

 /// <summary>
 /// Called at the final stage of an incoming Authorize endpoint request before the execution continues on to the web application component 
 /// responsible for producing the html response. Anything present in the OWIN pipeline following the Authorization Server may produce the
 /// response for the Authorize page. If running on IIS any ASP.NET technology running on the server may produce the response for the 
 /// Authorize page. If the web application wishes to produce the response directly in the AuthorizeEndpoint call it may write to the 
 /// context.Response directly and should call context.RequestCompleted to stop other handlers from executing. If the web application wishes
 /// to grant the authorization directly in the AuthorizeEndpoint call it cay call context.OwinContext.Authentication.SignIn with the
 /// appropriate ClaimsIdentity and should call context.RequestCompleted to stop other handlers from executing.
 /// </summary>
 /// <param name="context">The context of the event carries information in and results out.</param>
 /// <returns>Task to enable asynchronous execution</returns>
 public virtual Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context)
 {
     return OnAuthorizeEndpoint.Invoke(context);
 }

Example #6

0

Show file

 /// <summary>
 /// Called at the final stage of an incoming Authorize endpoint request before the execution continues on to the web application component
 /// responsible for producing the html response. Anything present in the OWIN pipeline following the Authorization Server may produce the
 /// response for the Authorize page. If running on IIS any ASP.NET technology running on the server may produce the response for the
 /// Authorize page. If the web application wishes to produce the response directly in the AuthorizeEndpoint call it may write to the
 /// context.Response directly and should call context.RequestCompleted to stop other handlers from executing. If the web application wishes
 /// to grant the authorization directly in the AuthorizeEndpoint call it cay call context.OwinContext.Authentication.SignIn with the
 /// appropriate ClaimsIdentity and should call context.RequestCompleted to stop other handlers from executing.
 /// </summary>
 /// <param name="context">The context of the event carries information in and results out.</param>
 /// <returns>Task to enable asynchronous execution</returns>
 public virtual Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context)
 {
     return(OnAuthorizeEndpoint.Invoke(context));
 }

Example #7

0

Show file

File: HaloAuthorizationServerProvider.cs Project: no1dead/HaloOnlineServer

 public override Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context)
 {
     return base.AuthorizeEndpoint(context);
 }

Example #8

0

Show file

File: OAuthAuthorizationServerHandler.cs Project: xushuai02555/WebPrinter

        private async Task <bool> InvokeAuthorizeEndpointAsync()
        {
            var authorizeRequest = new AuthorizeEndpointRequest(Request.Query);

            var clientContext = new OAuthValidateClientRedirectUriContext(
                Context,
                Options,
                authorizeRequest.ClientId,
                authorizeRequest.RedirectUri);

            if (!String.IsNullOrEmpty(authorizeRequest.RedirectUri))
            {
                bool acceptableUri = true;
                Uri  validatingUri;
                if (!Uri.TryCreate(authorizeRequest.RedirectUri, UriKind.Absolute, out validatingUri))
                {
                    // The redirection endpoint URI MUST be an absolute URI
                    // http://tools.ietf.org/html/rfc6749#section-3.1.2
                    acceptableUri = false;
                }
                else if (!String.IsNullOrEmpty(validatingUri.Fragment))
                {
                    // The endpoint URI MUST NOT include a fragment component.
                    // http://tools.ietf.org/html/rfc6749#section-3.1.2
                    acceptableUri = false;
                }
                else if (!Options.AllowInsecureHttp &&
                         String.Equals(validatingUri.Scheme, Uri.UriSchemeHttp, StringComparison.OrdinalIgnoreCase))
                {
                    // The redirection endpoint SHOULD require the use of TLS
                    // http://tools.ietf.org/html/rfc6749#section-3.1.2.1
                    acceptableUri = false;
                }
                if (!acceptableUri)
                {
                    clientContext.SetError(Constants.Errors.InvalidRequest);
                    return(await SendErrorRedirectAsync(clientContext, clientContext));
                }
            }

            await Options.Provider.ValidateClientRedirectUri(clientContext);

            if (!clientContext.IsValidated)
            {
                _logger.WriteVerbose("Unable to validate client information");
                return(await SendErrorRedirectAsync(clientContext, clientContext));
            }

            var validatingContext = new OAuthValidateAuthorizeRequestContext(
                Context,
                Options,
                authorizeRequest,
                clientContext);

            if (string.IsNullOrEmpty(authorizeRequest.ResponseType))
            {
                _logger.WriteVerbose("Authorize endpoint request missing required response_type parameter");
                validatingContext.SetError(Constants.Errors.InvalidRequest);
            }
            else if (!authorizeRequest.IsAuthorizationCodeGrantType &&
                     !authorizeRequest.IsImplicitGrantType)
            {
                _logger.WriteVerbose("Authorize endpoint request contains unsupported response_type parameter");
                validatingContext.SetError(Constants.Errors.UnsupportedResponseType);
            }
            else
            {
                await Options.Provider.ValidateAuthorizeRequest(validatingContext);
            }

            if (!validatingContext.IsValidated)
            {
                // an invalid request is not processed further
                return(await SendErrorRedirectAsync(clientContext, validatingContext));
            }

            _clientContext            = clientContext;
            _authorizeEndpointRequest = authorizeRequest;

            var authorizeEndpointContext = new OAuthAuthorizeEndpointContext(Context, Options);

            await Options.Provider.AuthorizeEndpoint(authorizeEndpointContext);

            return(authorizeEndpointContext.IsRequestCompleted);
        }

Example #9

0

Show file

File: AuthorizationServerProvider.cs Project: RolandTG/OwinSamples

 public Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context)
 {
     throw new NotImplementedException();
 }

Example #10

0

Show file

File: Startup.Auth.cs Project: RobGibbens/OAuthServerMVCandMobileClient

        private async Task AuthEndPoint(OAuthAuthorizeEndpointContext context)
        {
            var authentication = context.OwinContext.Authentication;
            var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>();

            //if (authentication.AuthenticateAsync(DefaultAuthenticationTypes.ApplicationCookie).Result?.Identity == null)
            if ( ! context.Request.User.Identity.IsAuthenticated)
            {
                authentication.Challenge(DefaultAuthenticationTypes.ApplicationCookie);
                context.RequestCompleted();
                return;
            }

            //Since we also do OAuth, we have to sign in the OAuth Identification Type as well
            var user = userManager.FindByName(context.Request.User?.Identity?.Name);

            ClaimsIdentity oAuthIdentity = await userManager.CreateIdentityAsync(user, OAuthDefaults.AuthenticationType);

            authentication.SignIn(oAuthIdentity);
            context.RequestCompleted();
            
            return;
        }

Example #11

0

Show file

File: CustomOAuthProvider.cs Project: jayway/JayLabs.Owin.OAuthAuthorization

        public override async Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context)
        {
            string uri = context.Request.Uri.ToString();

            if (string.IsNullOrWhiteSpace(_options.JwtOptions.SupportedScope))
            {
                Error(context, OAuthImplicitFlowError.ServerError, "no supported scope defined");
                return;
            }

            if (!HasSupportedScope(context, _options.JwtOptions.SupportedScope))
            {
                string errorDescription = string.Format("only {0} scope is supported",
                    _options.JwtOptions.SupportedScope);
                Error(context, OAuthImplicitFlowError.Scope, errorDescription);
                return;
            }

            string rawJwt = await TryGetRawJwtTokenAsync(context);

            if (string.IsNullOrWhiteSpace(rawJwt))
            {
                context.OwinContext.Authentication.Challenge(new AuthenticationProperties {RedirectUri = uri});
                return;
            }

            var tokenValidator = new TokenValidator();
            ClaimsPrincipal principal = tokenValidator.Validate(rawJwt, _options.JwtOptions);

            if (!principal.Identity.IsAuthenticated)
            {
                Error(context, OAuthImplicitFlowError.AccessDenied, "unauthorized user, unauthenticated");
                return;
            }

            ClaimsIdentity claimsIdentity = await _options.TransformPrincipal(principal);

            if (!claimsIdentity.Claims.Any())
            {
                Error(context, OAuthImplicitFlowError.AccessDenied, "unauthorized user");
                return;
            }

            ConsentAnswer consentAnswer = await TryGetConsentAnswerAsync(context.Request);

            if (consentAnswer == ConsentAnswer.Rejected)
            {
                Error(context, OAuthImplicitFlowError.AccessDenied, "resource owner denied request");
                return;
            }

            if (consentAnswer == ConsentAnswer.Missing)
            {
                Error(context, OAuthImplicitFlowError.ServerError,
                    "missing consent answer");
                return;
            }


            if (!(consentAnswer == ConsentAnswer.Accepted || consentAnswer == ConsentAnswer.Implicit))
            {
                Error(context, OAuthImplicitFlowError.ServerError,
                    string.Format("invalid consent answer '{0}'", consentAnswer.Display));
                return;
            }

            string appJwtTokenAsBase64 =
                JwtTokenHelper.CreateSecurityTokenDescriptor(claimsIdentity.Claims, _options.JwtOptions)
                    .CreateTokenAsBase64();

            var builder = new UriBuilder(context.AuthorizeRequest.RedirectUri);

            const string tokenType = "bearer";

            var fragmentStringBuilder = new StringBuilder();

            fragmentStringBuilder.AppendFormat("access_token={0}&token_type={1}&state={2}&scope={3}",
                Uri.EscapeDataString(appJwtTokenAsBase64), Uri.EscapeDataString(tokenType),
                Uri.EscapeDataString(context.AuthorizeRequest.State ?? ""),
                Uri.EscapeDataString(_options.JwtOptions.SupportedScope));

            if (consentAnswer == ConsentAnswer.Implicit)
            {
                fragmentStringBuilder.AppendFormat("&consent_type={0}", Uri.EscapeDataString(consentAnswer.Invariant));
            }

            builder.Fragment = fragmentStringBuilder.ToString();

            string redirectUri = builder.Uri.ToString();

            context.Response.Redirect(redirectUri);
            context.RequestCompleted();
        }

Example #12

0

Show file

File: CustomOAuthProvider.cs Project: jayway/JayLabs.Owin.OAuthAuthorization

        void Error(OAuthAuthorizeEndpointContext context, OAuthImplicitFlowError error, string errorDescription)
        {
            var builder = new UriBuilder(context.AuthorizeRequest.RedirectUri);

            var fragmentBuilder = new StringBuilder();

            fragmentBuilder.AppendFormat("error={0}", Uri.EscapeDataString(error.InvariantName));

            if (!string.IsNullOrWhiteSpace(errorDescription))
            {
                fragmentBuilder.AppendFormat("&error_description={0}", Uri.EscapeDataString(errorDescription));
            }
            if (!string.IsNullOrWhiteSpace(context.AuthorizeRequest.State))
            {
                fragmentBuilder.AppendFormat("&state={0}", Uri.EscapeDataString(context.AuthorizeRequest.State));
            }

            builder.Fragment = fragmentBuilder.ToString();

            string redirectUriWithFragments = builder.Uri.ToString();

            context.Response.Redirect(redirectUriWithFragments);
            context.RequestCompleted();
        }

Example #13

0

Show file

File: CustomOAuthProvider.cs Project: jayway/JayLabs.Owin.OAuthAuthorization

 bool HasSupportedScope(OAuthAuthorizeEndpointContext context, string supportedScope)
 {
     return !context.AuthorizeRequest.Scope.Any() ||
            context.AuthorizeRequest.Scope.Any(scope => scope.Equals(supportedScope));
 }

Example #14

0

Show file

File: CustomOAuthProvider.cs Project: jayway/JayLabs.Owin.OAuthAuthorization

        async Task<string> TryGetRawJwtTokenAsync(OAuthAuthorizeEndpointContext context)
        {
            string jwt;

            if (context.Request.IsPost())
            {
                IFormCollection formCollection = await context.Request.ReadFormAsync();

                jwt = formCollection.Get(_options.JwtOptions.JwtTokenParameterName);
            }
            else if (context.Request.IsGet())
            {
                jwt = context.Request.Query.Get(_options.JwtOptions.JwtTokenParameterName);
            }
            else
            {
                jwt = "";
            }

            return jwt;
        }

C# (CSharp) Microsoft.Owin.Security.OAuth OAuthAuthorizeEndpointContext Examples