private ViewModel CreateConsentViewModel(InputModel model, DeviceFlowAuthorizationRequest request) { var vm = new ViewModel { ClientName = request.Client.ClientName ?? request.Client.ClientId, ClientUrl = request.Client.ClientUri, ClientLogoUrl = request.Client.LogoUri, AllowRememberConsent = request.Client.AllowRememberConsent }; vm.IdentityScopes = request.ValidatedResources.Resources.IdentityResources.Select(x => CreateScopeViewModel(x, model == null || model.ScopesConsented?.Contains(x.Name) == true)).ToArray(); var apiScopes = new List <ScopeViewModel>(); foreach (var parsedScope in request.ValidatedResources.ParsedScopes) { var apiScope = request.ValidatedResources.Resources.FindApiScope(parsedScope.ParsedName); if (apiScope != null) { var scopeVm = CreateScopeViewModel(parsedScope, apiScope, model == null || model.ScopesConsented?.Contains(parsedScope.RawValue) == true); apiScopes.Add(scopeVm); } } if (DeviceOptions.EnableOfflineAccess && request.ValidatedResources.Resources.OfflineAccess) { apiScopes.Add(GetOfflineAccessScope(model == null || model.ScopesConsented?.Contains(Duende.IdentityServer.IdentityServerConstants.StandardScopes.OfflineAccess) == true)); } vm.ApiScopes = apiScopes; return(vm); }
private async Task <DeviceAuthorizationViewModel> BuildViewModelAsync( string userCode, DeviceAuthorizationInputModel model = null) { DeviceFlowAuthorizationRequest request = await interaction.GetAuthorizationContextAsync(userCode); if (request != null) { Client client = await clientStore.FindEnabledClientByIdAsync(request.ClientId); if (client != null) { Resources resources = await resourceStore.FindEnabledResourcesByScopeAsync(request.ScopesRequested); if (resources != null && (resources.IdentityResources.Any() || resources.ApiResources.Any())) { return(CreateConsentViewModel(userCode, model, client, resources)); } logger.LogError("No scopes matching: {0}", request.ScopesRequested.Aggregate((x, y) => x + ", " + y)); } else { logger.LogError("Invalid client id: {0}", request.ClientId); } } return(null); }
private async Task <DeviceAuthorizationViewModel> BuildViewModelAsync(string userCode, DeviceAuthorizationInputModel model = null) { DeviceFlowAuthorizationRequest request = await _interaction.GetAuthorizationContextAsync(userCode); if (request != null) { return(CreateConsentViewModel(userCode, model, request)); } return(null); }
private DeviceAuthorizationViewModel CreateConsentViewModel( string userCode, DeviceAuthorizationInputModel model, DeviceFlowAuthorizationRequest request) { var vm = new DeviceAuthorizationViewModel { UserCode = userCode, Description = model?.Description, RememberConsent = model?.RememberConsent ?? true, ScopesConsented = model?.ScopesConsented ?? Enumerable.Empty <string>(), ClientName = request.Client.ClientName ?? request.Client.ClientId, ClientUrl = request.Client.ClientUri, ClientLogoUrl = request.Client.LogoUri, AllowRememberConsent = request.Client.AllowRememberConsent }; vm.IdentityScopes = request.ValidatedResources.Resources.IdentityResources .Select(x => CreateScopeViewModel(x, vm.ScopesConsented.Contains(x.Name) || model == null)) .ToArray(); var apiScopes = new List <ScopeViewModel>(); foreach (var parsedScope in request.ValidatedResources.ParsedScopes) { var apiScope = request.ValidatedResources.Resources.FindApiScope(parsedScope.ParsedName); if (apiScope != null) { var scopeVm = CreateScopeViewModel( parsedScope, apiScope, vm.ScopesConsented.Contains(parsedScope.RawValue) || model == null); apiScopes.Add(scopeVm); } } if (ConsentOptions.EnableOfflineAccess && request.ValidatedResources.Resources.OfflineAccess) { apiScopes.Add( GetOfflineAccessScope( vm.ScopesConsented.Contains( IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess) || model == null)); } vm.ApiScopes = apiScopes; return(vm); }
private async Task <DeviceAuthorizationViewModel> CreateViewModel(string userCode) { DeviceFlowAuthorizationRequest f = await _deviceFlowInteractionService.GetAuthorizationContextAsync(userCode); var device = _repository.Find(d => d.ClientId == f.ClientId).Single(); if (device.UserId.ToString() != User.GetSubjectId()) { throw new ArgumentException("This user can't authorize this device"); } return(new DeviceAuthorizationViewModel() { UserCode = userCode, ClientId = device.ClientId, ClientName = device.ClientName }); }
private void CreateConsentViewModel(string userCode, DeviceFlowAuthorizationRequest request) { var model = this.Input; var check = model == null; var scopesConsented = model?.ScopesConsented.ToArray() ?? Array.Empty <string>(); this.Input = new InputModel { UserCode = userCode, Description = model?.Description, RememberConsent = model?.RememberConsent ?? true, ScopesConsented = model?.ScopesConsented ?? Enumerable.Empty <string>(), }; this.ClientName = request.Client.ClientName ?? request.Client.ClientId; this.ClientUrl = request.Client.ClientUri; this.ClientLogoUrl = request.Client.LogoUri; this.AllowRememberConsent = request.Client.AllowRememberConsent; this.IdentityScopes = ScopeModel.GetIdentityResourcesFromRequest(request.ValidatedResources, scopesConsented, check); this.ApiScopes = ScopeModel.GetApiScopeModelsFromRequest(request.ValidatedResources, scopesConsented, check); }
public IActionResult DeviceSignInSuccess(HttpContext context, DeviceFlowAuthorizationRequest deviceContext) { _logger.Information($"Serving the DeviceSignInSuccess page"); return(new OkResult()); }
public IActionResult DeviceSignInAccessDenied(HttpContext context, DeviceFlowAuthorizationRequest deviceContext) { _logger.Information($"Serving the DeviceSignInAccessDenied page"); return(new RedirectResult("/signin/error?id=device-access-denied", false)); }
private async Task <ProcessConsentResult> ProcessConsent(DeviceAuthorizationInputModel model) { ProcessConsentResult result = new ProcessConsentResult(); DeviceFlowAuthorizationRequest request = await interaction.GetAuthorizationContextAsync(model.UserCode); if (request == null) { return(result); } ConsentResponse grantedConsent = null; // user clicked 'no' - send back the standard 'access_denied' response if (model.Button == "no") { grantedConsent = ConsentResponse.Denied; // emit event await events.RaiseAsync( new ConsentDeniedEvent(User.GetSubjectId(), request.ClientId, request.ScopesRequested)); } // user clicked 'yes' - validate the data else if (model.Button == "yes") { // if the user consented to some scope, build the response model if (model.ScopesConsented != null && model.ScopesConsented.Any()) { IEnumerable <string> scopes = model.ScopesConsented; if (ConsentOptions.EnableOfflineAccess == false) { scopes = scopes.Where(x => x != IdentityServerConstants.StandardScopes.OfflineAccess); } grantedConsent = new ConsentResponse { RememberConsent = model.RememberConsent, ScopesConsented = scopes.ToArray() }; // emit event await events.RaiseAsync(new ConsentGrantedEvent(User.GetSubjectId(), request.ClientId, request.ScopesRequested, grantedConsent.ScopesConsented, grantedConsent.RememberConsent)); } else { result.ValidationError = ConsentOptions.MustChooseOneErrorMessage; } } else { result.ValidationError = ConsentOptions.InvalidSelectionErrorMessage; } if (grantedConsent != null) { // communicate outcome of consent back to identityserver await interaction.HandleRequestAsync(model.UserCode, grantedConsent); // indicate that's it ok to redirect back to authorization endpoint result.RedirectUri = model.ReturnUrl; result.ClientId = request.ClientId; } else { // we need to redisplay the consent UI result.ViewModel = await BuildViewModelAsync(model.UserCode, model); } return(result); }