/// <summary> /// Revoke token /// </summary> /// <param name="refreshToken"></param> /// <param name="config"></param> /// <returns></returns> private async Task RevokeRefreshTokenAsync(string refreshToken, IOAuthClientConfig config) { var client = Http.CreateClient("token_client"); var configuration = await GetOpenIdConfigurationAsync(config.Provider); if (configuration == null) { _logger.Information( "Failed to revoke token for scheme {schemeName}", config.Provider); return; } var response = await client.RevokeTokenAsync(new TokenRevocationRequest { Address = configuration .AdditionalData[OidcConstants.Discovery.RevocationEndpoint].ToString(), ClientId = config.ClientId, ClientSecret = config.ClientSecret, Token = refreshToken, TokenTypeHint = OidcConstants.TokenTypes.RefreshToken }); if (response.IsError) { _logger.Error("Error revoking refresh token. Error = {error}", response.Error); } }
/// <summary> /// Create public client /// </summary> /// <param name="config"></param> /// <returns></returns> private MsalClientApplicationDecorator <IPublicClientApplication> CreatePublicClientApplication( IOAuthClientConfig config) { var builder = PublicClientApplicationBuilder.Create(config.ClientId) .WithTenantId(config.TenantId); builder = ConfigurePublicClientApplication(config.ClientId, builder); return(new MsalClientApplicationDecorator <IPublicClientApplication>( builder.Build(), new MemoryCache(), config.ClientId)); }
/// <summary> /// Get scopes /// </summary> /// <param name="config"></param> /// <param name="scopes"></param> /// <returns></returns> public static IEnumerable <string> GetScopeNames(this IOAuthClientConfig config, IEnumerable <string> scopes = null) { var audience = config?.Audience; if (string.IsNullOrEmpty(audience)) { return(scopes); } return(scopes?.Select(s => SplitScope(s).Item2)); }
/// <summary> /// Helper to create provider /// </summary> /// <returns></returns> private static KeyValuePair <string, (IOAuthClientConfig, AzureServiceTokenProvider)> CreateProvider( IOAuthClientConfig config) { var cs = $"RunAs=App;AppId={config.ClientId}"; if (!string.IsNullOrEmpty(config.TenantId)) { cs += $";TenantId={config.TenantId}"; } return(KeyValuePair.Create(config.Resource ?? Http.Resource.Platform, (config, new AzureServiceTokenProvider(cs, config.GetAuthorityUrl(true))))); }
/// <summary> /// Get Resource or audience /// </summary> /// <param name="config"></param> /// <param name="scopes"></param> /// <returns></returns> public static string GetAudience(this IOAuthClientConfig config, IEnumerable <string> scopes = null) { var audience = config?.Audience; if (!string.IsNullOrEmpty(audience)) { return(audience); } // Get audience uri from scopes return(SplitScope(scopes?.FirstOrDefault()).Item1); }
CreateProvider(IOAuthClientConfig config) { var authority = config.GetAuthorityUrl(true); if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { yield return(KeyValuePair.Create(config.Resource ?? Http.Resource.Platform, (config, new AzureServiceTokenProvider( "RunAs=Developer; DeveloperTool=VisualStudio", authority)))); } yield return(KeyValuePair.Create(config.Resource ?? Http.Resource.Platform, (config, new AzureServiceTokenProvider( "RunAs=Developer; DeveloperTool=AzureCli", authority)))); }
/// <summary> /// Helper to create provider /// </summary> /// <returns></returns> private static KeyValuePair <string, (IOAuthClientConfig, AzureServiceTokenProvider)> CreateProvider( IOAuthClientConfig config, ILogger logger) { var cs = $"RunAs=App;AppId={config.ClientId}"; if (!string.IsNullOrEmpty(config.TenantId)) { cs += $";TenantId={config.TenantId}"; } var provider = new AzureServiceTokenProvider(cs, config.GetAuthorityUrl(true)); logger.Information("Managed service identity {clientId} in {tenant} registered.", config.ClientId, config.TenantId); return(KeyValuePair.Create(config.Resource ?? Http.Resource.Platform, (config, provider))); }
/// <summary> /// Create public client /// </summary> /// <param name="user"></param> /// <param name="config"></param> /// <param name="redirectUri"></param> /// <returns></returns> private MsalConfidentialClientDecorator CreateConfidentialClientApplication( ClaimsPrincipal user, IOAuthClientConfig config, string redirectUri = null) { var builder = ConfidentialClientApplicationBuilder.Create(config.ClientId); if (redirectUri != null) { builder = builder.WithRedirectUri(redirectUri); } builder = builder .WithClientSecret(config.ClientSecret) .WithTenantId(config.TenantId) // .WithHttpClientFactory(...) .WithAuthority($"{config.GetAuthorityUrl()}/") ; return(new MsalConfidentialClientDecorator(builder.Build(), _cache, config.ClientId, user.GetObjectId())); }
/// <summary> /// Get scopes /// </summary> /// <param name="config"></param> /// <param name="scopes"></param> /// <returns></returns> private IEnumerable <string> GetScopes(IOAuthClientConfig config, IEnumerable <string> scopes) { var requestedScopes = new HashSet <string>(); if (scopes != null) { foreach (var scope in scopes.Except(ScopesRequestedByMsal)) { requestedScopes.Add(scope); } } if (config.Audience != null) { requestedScopes.Add(config.Audience + "/.default"); } return(requestedScopes); }
/// <summary> /// Refresh access token /// </summary> /// <returns></returns> private async Task <TokenResponse> RefreshUserAccessTokenAsync(string refreshToken, IOAuthClientConfig config) { var client = Http.CreateClient("token_client"); var response = await client.RequestRefreshTokenAsync(new RefreshTokenRequest { Address = config.GetAuthorityUrl(), ClientId = config.ClientId, ClientSecret = config.ClientSecret, RefreshToken = refreshToken }); if (!response.IsError) { await StoreTokenAsync(response.AccessToken, response.ExpiresIn, response.RefreshToken); } else { _logger.Error("Error refreshing access token. Error = {error}", response.Error); } return(response); }
/// <summary> /// Get an identifier string for configuration /// </summary> /// <param name="config"></param> /// <returns></returns> public static string GetName(this IOAuthClientConfig config) { return($"{config.GetProviderName()}:{config.ClientId}->{GetAudience(config)}"); }
/// <summary> /// Get domain /// </summary> /// <param name="config"></param> /// <returns></returns> public static string GetDomain(this IOAuthClientConfig config) { return(new Uri(config.GetAuthorityUrl()).DnsSafeHost); }