/// <summary>
/// Revoke token
/// </summary>
/// <param name="refreshToken"></param>
/// <param name="config"></param>
/// <returns></returns>
private async Task RevokeRefreshTokenAsync(string refreshToken,
IOAuthClientConfig config)
{
var client = Http.CreateClient("token_client");
var configuration = await GetOpenIdConfigurationAsync(config.Provider);
if (configuration == null)
{
_logger.Information(
"Failed to revoke token for scheme {schemeName}", config.Provider);
return;
}
var response = await client.RevokeTokenAsync(new TokenRevocationRequest {
Address = configuration
.AdditionalData[OidcConstants.Discovery.RevocationEndpoint].ToString(),
ClientId = config.ClientId,
ClientSecret = config.ClientSecret,
Token = refreshToken,
TokenTypeHint = OidcConstants.TokenTypes.RefreshToken
});
if (response.IsError)
{
_logger.Error("Error revoking refresh token. Error = {error}",
response.Error);
}
}
/// <summary>
/// Create public client
/// </summary>
/// <param name="config"></param>
/// <returns></returns>
private MsalClientApplicationDecorator <IPublicClientApplication> CreatePublicClientApplication(
IOAuthClientConfig config)
{
var builder = PublicClientApplicationBuilder.Create(config.ClientId)
.WithTenantId(config.TenantId);
builder = ConfigurePublicClientApplication(config.ClientId, builder);
return(new MsalClientApplicationDecorator <IPublicClientApplication>(
builder.Build(), new MemoryCache(), config.ClientId));
}
/// <summary>
/// Get scopes
/// </summary>
/// <param name="config"></param>
/// <param name="scopes"></param>
/// <returns></returns>
public static IEnumerable <string> GetScopeNames(this IOAuthClientConfig config,
IEnumerable <string> scopes = null)
{
var audience = config?.Audience;
if (string.IsNullOrEmpty(audience))
{
return(scopes);
}
return(scopes?.Select(s => SplitScope(s).Item2));
}
/// <summary>
/// Helper to create provider
/// </summary>
/// <returns></returns>
private static KeyValuePair <string, (IOAuthClientConfig, AzureServiceTokenProvider)> CreateProvider(
IOAuthClientConfig config)
{
var cs = $"RunAs=App;AppId={config.ClientId}";
if (!string.IsNullOrEmpty(config.TenantId))
{
cs += $";TenantId={config.TenantId}";
}
return(KeyValuePair.Create(config.Resource ?? Http.Resource.Platform,
(config, new AzureServiceTokenProvider(cs, config.GetAuthorityUrl(true)))));
}
/// <summary>
/// Get Resource or audience
/// </summary>
/// <param name="config"></param>
/// <param name="scopes"></param>
/// <returns></returns>
public static string GetAudience(this IOAuthClientConfig config,
IEnumerable <string> scopes = null)
{
var audience = config?.Audience;
if (!string.IsNullOrEmpty(audience))
{
return(audience);
}
// Get audience uri from scopes
return(SplitScope(scopes?.FirstOrDefault()).Item1);
}
CreateProvider(IOAuthClientConfig config)
{
var authority = config.GetAuthorityUrl(true);
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
yield return(KeyValuePair.Create(config.Resource ?? Http.Resource.Platform,
(config, new AzureServiceTokenProvider(
"RunAs=Developer; DeveloperTool=VisualStudio", authority))));
}
yield return(KeyValuePair.Create(config.Resource ?? Http.Resource.Platform,
(config, new AzureServiceTokenProvider(
"RunAs=Developer; DeveloperTool=AzureCli", authority))));
}
/// <summary>
/// Helper to create provider
/// </summary>
/// <returns></returns>
private static KeyValuePair <string, (IOAuthClientConfig, AzureServiceTokenProvider)> CreateProvider(
IOAuthClientConfig config, ILogger logger)
{
var cs = $"RunAs=App;AppId={config.ClientId}";
if (!string.IsNullOrEmpty(config.TenantId))
{
cs += $";TenantId={config.TenantId}";
}
var provider = new AzureServiceTokenProvider(cs, config.GetAuthorityUrl(true));
logger.Information("Managed service identity {clientId} in {tenant} registered.",
config.ClientId, config.TenantId);
return(KeyValuePair.Create(config.Resource ?? Http.Resource.Platform, (config, provider)));
}
/// <summary>
/// Create public client
/// </summary>
/// <param name="user"></param>
/// <param name="config"></param>
/// <param name="redirectUri"></param>
/// <returns></returns>
private MsalConfidentialClientDecorator CreateConfidentialClientApplication(
ClaimsPrincipal user, IOAuthClientConfig config, string redirectUri = null)
{
var builder = ConfidentialClientApplicationBuilder.Create(config.ClientId);
if (redirectUri != null)
{
builder = builder.WithRedirectUri(redirectUri);
}
builder = builder
.WithClientSecret(config.ClientSecret)
.WithTenantId(config.TenantId)
// .WithHttpClientFactory(...)
.WithAuthority($"{config.GetAuthorityUrl()}/")
;
return(new MsalConfidentialClientDecorator(builder.Build(), _cache, config.ClientId,
user.GetObjectId()));
}
/// <summary>
/// Get scopes
/// </summary>
/// <param name="config"></param>
/// <param name="scopes"></param>
/// <returns></returns>
private IEnumerable <string> GetScopes(IOAuthClientConfig config,
IEnumerable <string> scopes)
{
var requestedScopes = new HashSet <string>();
if (scopes != null)
{
foreach (var scope in scopes.Except(ScopesRequestedByMsal))
{
requestedScopes.Add(scope);
}
}
if (config.Audience != null)
{
requestedScopes.Add(config.Audience + "/.default");
}
return(requestedScopes);
}
/// <summary>
/// Refresh access token
/// </summary>
/// <returns></returns>
private async Task <TokenResponse> RefreshUserAccessTokenAsync(string refreshToken,
IOAuthClientConfig config)
{
var client = Http.CreateClient("token_client");
var response = await client.RequestRefreshTokenAsync(new RefreshTokenRequest {
Address = config.GetAuthorityUrl(),
ClientId = config.ClientId,
ClientSecret = config.ClientSecret,
RefreshToken = refreshToken
});
if (!response.IsError)
{
await StoreTokenAsync(response.AccessToken, response.ExpiresIn,
response.RefreshToken);
}
else
{
_logger.Error("Error refreshing access token. Error = {error}",
response.Error);
}
return(response);
}
/// <summary>
/// Get an identifier string for configuration
/// </summary>
/// <param name="config"></param>
/// <returns></returns>
public static string GetName(this IOAuthClientConfig config)
{
return($"{config.GetProviderName()}:{config.ClientId}->{GetAudience(config)}");
}
/// <summary>
/// Get domain
/// </summary>
/// <param name="config"></param>
/// <returns></returns>
public static string GetDomain(this IOAuthClientConfig config)
{
return(new Uri(config.GetAuthorityUrl()).DnsSafeHost);
}
