public Task ValidateAsync(CustomTokenRequestValidationContext context) { context.Result.ValidatedRequest.Client.AlwaysSendClientClaims = true; context.Result.ValidatedRequest.ClientClaims.Add(new Claim("Employee", "Mosalla")); return(Task.FromResult(0)); }
public Task ValidateAsync(CustomTokenRequestValidationContext context) { var client = context.Result.ValidatedRequest.Client; if (!client.AllowedGrantTypes.Contains(GrantType.ClientCredentials)) { return(Task.CompletedTask); } if (!Convert.ToBoolean(configuration["APIEnableScopePerClaim"])) { return(Task.CompletedTask); } if (string.IsNullOrEmpty(configuration["APIClientScopes"])) { return(Task.CompletedTask); } var scopes = configuration["APIClientScopes"]?.Split(" ", StringSplitOptions.RemoveEmptyEntries); foreach (var scope in scopes) { client.Claims.Add(new Claim(scope, "true")); } return(Task.CompletedTask); }
public async Task ValidateAsync_ForDifferentIsErrorCombinations_ExpectedIsError( bool firstValidator, bool secondValidator, bool expected) { //Arrange var context = new CustomTokenRequestValidationContext() { Result = new TokenRequestValidationResult(new ValidatedTokenRequest()) }; var validator1Mock = new Mock <ICustomTokenRequestValidator>(); validator1Mock .Setup(c => c.ValidateAsync(It.IsAny <CustomTokenRequestValidationContext>())) .Returns(Task.CompletedTask) .Callback(() => context.Result.IsError = firstValidator); var validator2Mock = new Mock <ICustomTokenRequestValidator>(); validator2Mock .Setup(c => c.ValidateAsync(It.IsAny <CustomTokenRequestValidationContext>())) .Returns(Task.CompletedTask) .Callback(() => context.Result.IsError = secondValidator); var sut = new AllOrNothingTokenRequestValidator(new[] { validator1Mock.Object, validator2Mock.Object }, new LoggerFactory().CreateLogger <AllOrNothingTokenRequestValidator>()); //Act await sut.ValidateAsync(context); //Assert context.Result.IsError.ShouldBe(expected); }
/// <summary> /// Custom validation logic for a token request. /// </summary> /// <param name="context">The context.</param> public async Task ValidateAsync(CustomTokenRequestValidationContext context) { HttpRequest httpRequest = _httpContextAccessor.HttpContext?.Request; if (httpRequest != null && httpRequest.Form.TryGetValue(IdentityServerConstants.ORGANIZATION, out StringValues stringValues) && stringValues.Any()) { ICollection <Claim> clientClaims = context.Result.ValidatedRequest.ClientClaims; clientClaims.Add(new Claim(ORGANIZATION_ID, 1.ToString())); if (!clientClaims.Any(c => c.Type.Equals(ORGANIZATION_ID, StringComparison.OrdinalIgnoreCase))) { //long? organizationId = (await _organizationRepository.GetByShortNameAndOrganizationTypeWithCacheAsync(stringValues[0], null))?.OrganizationId; //if (organizationId.HasValue) //{ // clientClaims.Add(new Claim(ORGANIZATION_ID, organizationId.Value.ToString())); //} //else //{ // context.Result.IsError = true; // // context.Result.Error = ValidationMessages.DB_ORGANIZATION_NOT_EXIST; //} } } }
private async Task <TokenRequestValidationResult> RunValidationAsync(Func <NameValueCollection, Task <TokenRequestValidationResult> > validationFunc, NameValueCollection parameters) { // run standard validation var result = await validationFunc(parameters); if (result.IsError) { return(result); } // run custom validation _logger.LogTrace("Calling into custom request validator: {type}", _customRequestValidator.GetType().FullName); var customValidationContext = new CustomTokenRequestValidationContext { Result = result }; await _customRequestValidator.ValidateAsync(customValidationContext); if (customValidationContext.Result.IsError) { if (customValidationContext.Result.Error.IsPresent()) { LogError("Custom token request validator", new { error = customValidationContext.Result.Error }); } else { LogError("Custom token request validator error"); } return(customValidationContext.Result); } LogSuccess(); return(customValidationContext.Result); }
public Task ValidateAsync(CustomTokenRequestValidationContext context) { if (context.Result.CustomResponse is null) { context.Result.CustomResponse = new Dictionary <string, object>(); var(type, value) = ClaimToCustomResponse(Config.GetDefaultPatientClaim()); context.Result.CustomResponse.Add(type, value); (type, value) = ClaimToCustomResponse(Config.GetDefaultNeedPatientBanner()); context.Result.CustomResponse.Add(type, value); var httpContext = _httpContextAccessor.HttpContext; var identityServerBaseUrl = IdentityServerBaseUrl(httpContext); (type, value) = ClaimToCustomResponse(Config.GetDefaultStyleUrl(identityServerBaseUrl)); context.Result.CustomResponse.Add(type, value); } else { throw new InvalidOperationException("CustomTokenRequestValidationContext - Unexpected CustomResponse was included included in validation context"); } return(Task.CompletedTask); }
public Task ValidateAsync(CustomTokenRequestValidationContext context) { //context.Result.IsError = true; //context.Result.Error = "错误dsada"; //context.Result.CustomResponse = new Dictionary<string, object> { { "station", "站点" }, { "city", "城市" }, { "province", "省" } }; return(Task.CompletedTask); }
public Task ValidateAsync(CustomTokenRequestValidationContext context) { context.Result = new TokenRequestValidationResult(new ValidatedTokenRequest() { }); return(Task.FromResult(0)); }
public async Task ValidateAsync(ExtensionGrantValidationContext context) { _logger.LogDebug("Start token request validation"); if (context == null) { throw new ArgumentNullException(nameof(context)); } var raw = context.Request.Raw; var validatedRequest = new ValidatedTokenRequest { Raw = raw ?? throw new ArgumentNullException(nameof(raw)), Options = _options }; var customTokenRequestValidationContext = new CustomTokenRequestValidationContext() { Result = new TokenRequestValidationResult(validatedRequest) }; await _arbitraryNoSubjectRequestValidator.ValidateAsync(customTokenRequestValidationContext); if (customTokenRequestValidationContext.Result.IsError) { context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest, customTokenRequestValidationContext.Result.Error); return; } // validate HTTP for clients if (HttpMethods.IsPost(_httpContextAccessor.HttpContext.Request.Method) && _httpContextAccessor.HttpContext.Request.HasFormContentType) { // validate client var clientResult = await _clientValidator.ValidateAsync(_httpContextAccessor.HttpContext); if (!clientResult.IsError) { validatedRequest.SetClient(clientResult.Client); } } ///////////////////////////////////////////// // check grant type ///////////////////////////////////////////// var grantType = validatedRequest.Raw.Get(OidcConstants.TokenRequest.GrantType); if (grantType.IsMissing()) { LogError("Grant type is missing"); context.Result = new GrantValidationResult(TokenRequestErrors.UnsupportedGrantType); return; } if (grantType.Length > _options.InputLengthRestrictions.GrantType) { LogError("Grant type is too long"); context.Result = new GrantValidationResult(TokenRequestErrors.UnsupportedGrantType); return; } validatedRequest.GrantType = grantType; context.Result = new GrantValidationResult(); }
public async Task ValidateAsync(CustomTokenRequestValidationContext context) { //If Token grant_type id refresh_token we need to check weather request from mobile device with acr_values. if (context?.Result?.ValidatedRequest?.GrantType != null && context.Result.ValidatedRequest.GrantType == OidcConstants.GrantTypes.RefreshToken) { var raw = context.Result.ValidatedRequest.Raw; var acr_values = raw.ToNameValueCollection(OidcConstants.AuthorizeRequest.AcrValues); var subject = context.Result.ValidatedRequest.Subject ?? context.Result.ValidatedRequest.AuthorizationCode?.Subject; if (!string.IsNullOrEmpty(acr_values.Get("device_id"))) { if (subject != null) { var user = await _userManager.FindByIdAsync(subject.Claims.FirstOrDefault(x => x.Type == "sub").Value); if (user != null) { var claims = await _userManager.GetClaimsAsync(user); if (claims.Any(x => x.Type == "device_id")) { var devid = claims.FirstOrDefault(x => x.Type == "device_id"); if (devid.Value.Trim().ToLower() != acr_values.Get("device_id").Trim().ToLower()) { context.Result.Error = "Invalid device_id"; context.Result.ErrorDescription = "Invalid device_id. or may user login different device."; context.Result.IsError = true; } } } } } } }
public async Task ValidateAsync(CustomTokenRequestValidationContext context) { var client = context.Result.ValidatedRequest.Client; // we want to add custom claims to our "poop" client if (client.ClientName == "Aya Client") { // do some validation, etc. //var result = await DoSomeProcessingAsync(client); // // } // get list of custom claims we want to add var claims = new List <Claim> { new Claim(ClaimTypes.Role, "Admin") }; // add it claims.ToList().ForEach(u => context.Result.ValidatedRequest.ClientClaims.Add(u)); // don't want it to be prefixed with "client_" ? we change it here (or from global settings) context.Result.ValidatedRequest.Client.ClientClaimsPrefix = ""; } }
public Task ValidateAsync(CustomTokenRequestValidationContext context) { //context.Result.ValidatedRequest.Scopes = new[] {"trieudk_scope"}; //context.Result.ValidatedRequest.ClientClaims = new List<Claim> {new Claim("trieudk_client_claims", "1")}; //context.Result.ValidatedRequest.AccessTokenLifetime = 3; return(Task.FromResult(0)); }
public Task ValidateAsync(CustomTokenRequestValidationContext context) { context.Result.ValidatedRequest.ClientClaims.Add(new Claim("my:client", "is:special")); return(Task.CompletedTask); }
public Task ValidateAsync(CustomTokenRequestValidationContext context) { // overriding access_token_lifetime var form = context.Result.ValidatedRequest.Raw; var accessTokenLifetimeOverride = form.Get(Constants.AccessTokenLifetime); if (!string.IsNullOrWhiteSpace(accessTokenLifetimeOverride)) { // already been validated in a previous phase int accessTokenLifetime = 0; if (int.TryParse(accessTokenLifetimeOverride, out accessTokenLifetime)) { context.Result.ValidatedRequest.AccessTokenLifetime = accessTokenLifetime; } } var accessTokenTypeOverride = form.Get(Constants.AccessTokenType); if (!string.IsNullOrWhiteSpace(accessTokenTypeOverride)) { if (string.Compare(accessTokenTypeOverride, "Reference", true) == 0) { context.Result.ValidatedRequest.AccessTokenType = AccessTokenType.Reference; } else if (string.Compare(accessTokenTypeOverride, "Jwt", true) == 0) { context.Result.ValidatedRequest.AccessTokenType = AccessTokenType.Jwt; } } return(Task.CompletedTask); }
public async Task ValidateAsync(CustomTokenRequestValidationContext context) { var raw = context.Result.ValidatedRequest.Raw; var rr = raw.AllKeys.ToDictionary(k => k, k => raw[(string)k]); var error = false; var los = new List <string>(); var oneMustExistResult = (from item in OneMustExitsArguments where rr.Keys.Contains(item) select item).ToList(); if (!oneMustExistResult.Any()) { error = true; los.AddRange(OneMustExitsArguments.Select(item => $"[one or the other] {item} is missing!")); } var result = RequiredArbitraryArguments.Except(rr.Keys); if (result.Any()) { error = true; los.AddRange(result.Select(item => $"{item} is missing!")); } // make sure nothing is malformed error = los.ValidateFormat <Dictionary <string, List <string> > >(Constants.ArbitraryAmrs, raw[Constants.ArbitraryClaims]) || error; error = los.ValidateFormat <List <string> >(Constants.ArbitraryAmrs, raw[Constants.ArbitraryAmrs]) || error; error = los.ValidateFormat <List <string> >(Constants.ArbitraryAmrs, raw[Constants.ArbitraryAudiences]) || error; if (!error) { var arbitraryClaims = raw[Constants.ArbitraryClaims]; if (!string.IsNullOrWhiteSpace(arbitraryClaims)) { var values = JsonConvert.DeserializeObject <Dictionary <string, List <string> > >(arbitraryClaims); var invalidClaims = (from o in values join p in NotAllowedArbitraryClaims on o.Key equals p into t from od in t.DefaultIfEmpty() where od != null select od).ToList(); if (invalidClaims.Any()) { // not allowed. error = true; foreach (var invalidClaim in invalidClaims) { los.Add($"The arbitrary claim: '{invalidClaim}' is not allowed."); } } } } if (error) { context.Result.IsError = true; context.Result.Error = String.Join <string>(" | ", los);; } }
public Task ValidateAsync(CustomTokenRequestValidationContext context) { context.Result.ValidatedRequest.Client.AlwaysSendClientClaims = true; var reqParamsDict = context.Result.ValidatedRequest.Raw["user_id"].ToString(); context.Result.ValidatedRequest.ClientClaims.Add(new Claim("user_id", reqParamsDict)); return(Task.CompletedTask); }
public Task ValidateAsync(CustomTokenRequestValidationContext context) { context.Result.CustomResponse = new Dictionary <string, object> { { "custom", "custom" } }; return(Task.CompletedTask); }
public Task ValidateAsync(CustomTokenRequestValidationContext context) { var request = context.Result.ValidatedRequest; //sets token to 30 days expiry request.AccessTokenLifetime = 86400 * 30; return(Task.CompletedTask); }
/// <summary> /// /// </summary> /// <param name="context"></param> /// <returns></returns> public Task ValidateAsync(CustomTokenRequestValidationContext context) { var numero_documento = context.Result.ValidatedRequest.Raw.Get("client_numero_documento"); var codigo_usuario = context.Result.ValidatedRequest.Raw.Get("client_codigo_usuario"); context.Result.ValidatedRequest.Client.AlwaysSendClientClaims = true; context.Result.ValidatedRequest.ClientClaims.Add(new Claim("numero_documento", numero_documento)); context.Result.ValidatedRequest.ClientClaims.Add(new Claim("codigo_usuario", codigo_usuario)); return(Task.FromResult(0)); }
public Task ValidateAsync(CustomTokenRequestValidationContext context) { var claims = context.Result.ValidatedRequest.ClientClaims; context.Result.ValidatedRequest.Client.ClientClaimsPrefix = ""; claims.Add(new Claim(CustomClaimTypes.TenantName, _tenantName)); claims.Add(new Claim(CustomClaimTypes.TenantId, _tenantId.ToString())); return(Task.FromResult(0)); }
public async Task ValidateAsync(CustomTokenRequestValidationContext context) { var client = context.Result.ValidatedRequest.Client; foreach (var key in client.Properties.Keys) { context.Result.ValidatedRequest.ClientClaims.Add(new Claim(key, client.Properties[key])); } context.Result.ValidatedRequest.Client.ClientClaimsPrefix = string.Empty; }
public Task ValidateAsync(CustomTokenRequestValidationContext context) { var transaction = context.Result.ValidatedRequest.ValidatedResources.ParsedScopes.FirstOrDefault(x => x.ParsedName == "transaction"); if (transaction?.ParsedParameter != null) { context.Result.ValidatedRequest.ClientClaims.Add(new Claim(transaction.ParsedName, transaction.ParsedParameter)); } return(Task.CompletedTask); }
public Task ValidateAsync(CustomTokenRequestValidationContext context) { string userId = context.Result.ValidatedRequest.Raw[Const.USER_ID]; if (userId.IsNotNull()) { context.Result.ValidatedRequest.ClientClaims.Add(new Claim(Const.USER_ID, userId)); } return(Task.CompletedTask); }
public Task ValidateAsync(CustomTokenRequestValidationContext context) { var hasClientCredentials = context.Result.ValidatedRequest.Client.AllowedGrantTypes.Contains("client_credentials"); if (hasClientCredentials && !_ipAddressValidator.IsIpAddressInternal()) { context.Result.IsError = true; context.Result.Error = OidcConstants.AuthorizeErrors.UnauthorizedClient; } return(Task.CompletedTask); }
public async Task ValidateAsync(CustomTokenRequestValidationContext context) { ///context.Result = new TokenRequestValidationResult(new ValidatedTokenRequest() { }); /// //context.Result = new TokenRequestValidationResult(new ValidatedTokenRequest() { // AccessTokenLifetime = 31, // RefreshToken = new RefreshToken() { AccessToken=new Token() { AccessTokenType= AccessTokenType .Jwt} }, //}); await Task.FromResult(true); }
public Task ValidateAsync(CustomTokenRequestValidationContext context) { var tenant = context.Result.ValidatedRequest.Raw.Get(ExtJwtClaimTypes.TenantName); // get tenant claim and remove it var сlaimForRemoval = context.Result.ValidatedRequest.Client.Claims.FirstOrDefault(x => x.Type == ExtJwtClaimTypes.TenantName); context.Result.ValidatedRequest.Client.Claims.Remove(сlaimForRemoval); // add tenant claim to client context.Result.ValidatedRequest.Client.Claims.Add(new Claim(ExtJwtClaimTypes.TenantName, tenant)); return(Task.FromResult(0)); }
public Task ValidateAsync(CustomTokenRequestValidationContext context) { if (!context.Result.IsError) { var TenantClaim = _context.GetTenantTokenClaim(); if (TenantClaim != null) { context.Result.ValidatedRequest.ClientClaims.Add(TenantClaim); } } return(Task.CompletedTask); }
public async Task ValidateAsync(CustomTokenRequestValidationContext context) { foreach (var validator in _validators) { await validator.ValidateAsync(context); if (context.Result.IsError) { break; } } _logger.LogDebug("All custom token request validators evaluated to valid."); }
public Task ValidateAsync(CustomTokenRequestValidationContext context) { if (context.Result.ValidatedRequest.Subject.Identity is ClaimsIdentity identity) { var id = identity.Claims.FirstOrDefault(x => x.Type == "sub")?.Value; var user = _userRepository.GetById(id); context.Result.ValidatedRequest.ClientClaims.Add(new Claim(ClaimTypes.Name, user?.UserName)); } else { context.Result.IsError = true; } return(Task.FromResult(0)); }
public async Task ValidateAsync(CustomTokenRequestValidationContext context) { if (context.Result.ValidatedRequest.Subject != null) { var user = await manager.FindByIdAsync(context.Result.ValidatedRequest.Subject.GetSubjectId()); if (!user.EmailConfirmed) { context.Result.Error = "not_confirmed"; context.Result.ErrorDescription = "Account is not confirmed"; context.Result.IsError = true; } } }