public async Task <ClientSecretValidationResult> ValidateAsync(HttpContext context)
{
var fail = new ClientSecretValidationResult {
IsError = true
};
var parsedSecret = await ParseAsync(context);
if (parsedSecret == null)
{
await RaiseFailureEventAsync("unknown", "No client id found");
return(fail);
}
var client = await _clients.FindEnabledClientByIdAsync(parsedSecret.Id);
if (client == null)
{
await RaiseFailureEventAsync(parsedSecret.Id, "Unknown client");
return(fail);
}
SecretValidationResult secretValidationResult = null;
if (client.RequireClientSecret || !client.IsImplicitOnly())
{
secretValidationResult = await _validator.ValidateAsync(client.ClientSecrets, parsedSecret);
if (secretValidationResult.Success == false)
{
await RaiseFailureEventAsync(client.ClientId, "Invalid client secret");
return(fail);
}
}
var success = new ClientSecretValidationResult
{
IsError = false,
Client = client,
Secret = parsedSecret,
Confirmation = secretValidationResult?.Confirmation
};
await RaiseSuccessEventAsync(client.ClientId, parsedSecret.Type);
return(success);
}
/// <summary>
/// Validates the secret on the current request.
/// </summary>
/// <param name="context">The context.</param>
/// <returns></returns>
public async Task <ApiSecretValidationResult> ValidateAsync(HttpContext context)
{
using var activity = Tracing.ValidationActivitySource.StartActivity("ApiSecretValidator.Validate");
_logger.LogTrace("Start API validation");
var fail = new ApiSecretValidationResult
{
IsError = true
};
var parsedSecret = await _parser.ParseAsync(context);
if (parsedSecret == null)
{
await RaiseFailureEventAsync("unknown", "No API id or secret found");
_logger.LogError("No API secret found");
return(fail);
}
// load API resource
var apis = await _resources.FindApiResourcesByNameAsync(new[] { parsedSecret.Id });
if (apis == null || !apis.Any())
{
await RaiseFailureEventAsync(parsedSecret.Id, "Unknown API resource");
_logger.LogError("No API resource with that name found. aborting");
return(fail);
}
if (apis.Count() > 1)
{
await RaiseFailureEventAsync(parsedSecret.Id, "Invalid API resource");
_logger.LogError("More than one API resource with that name found. aborting");
return(fail);
}
var api = apis.Single();
if (api.Enabled == false)
{
await RaiseFailureEventAsync(parsedSecret.Id, "API resource not enabled");
_logger.LogError("API resource not enabled. aborting.");
return(fail);
}
var result = await _validator.ValidateAsync(api.ApiSecrets, parsedSecret);
if (result.Success)
{
_logger.LogDebug("API resource validation success");
var success = new ApiSecretValidationResult
{
IsError = false,
Resource = api
};
await RaiseSuccessEventAsync(api.Name, parsedSecret.Type);
return(success);
}
await RaiseFailureEventAsync(api.Name, "Invalid API secret");
_logger.LogError("API validation failed.");
return(fail);
}
/// <summary>
/// Validates the current request.
/// </summary>
/// <param name="context">The context.</param>
/// <returns></returns>
public async Task <ClientSecretValidationResult> ValidateAsync(HttpContext context)
{
_logger.LogDebug("Start client validation");
var fail = new ClientSecretValidationResult
{
IsError = true
};
var parsedSecret = await _parser.ParseAsync(context);
if (parsedSecret == null)
{
await RaiseFailureEventAsync("unknown", "No client id found");
_logger.LogError("No client identifier found");
return(fail);
}
// load client
var client = await _clients.FindEnabledClientByIdAsync(parsedSecret.Id);
if (client == null)
{
await RaiseFailureEventAsync(parsedSecret.Id, "Unknown client");
_logger.LogError("No client with id '{clientId}' found. aborting", parsedSecret.Id);
return(fail);
}
SecretValidationResult secretValidationResult = null;
if (!client.RequireClientSecret || client.IsImplicitOnly())
{
_logger.LogDebug("Public Client - skipping secret validation success");
}
else
{
secretValidationResult = await _validator.ValidateAsync(client.ClientSecrets, parsedSecret);
if (secretValidationResult.Success == false)
{
await RaiseFailureEventAsync(client.ClientId, "Invalid client secret");
_logger.LogError("Client secret validation failed for client: {clientId}.", client.ClientId);
return(fail);
}
}
_logger.LogDebug("Client validation success");
var success = new ClientSecretValidationResult
{
IsError = false,
Client = client,
Secret = parsedSecret,
Confirmation = secretValidationResult?.Confirmation
};
await RaiseSuccessEventAsync(client.ClientId, parsedSecret.Type);
return(success);
}
/// <summary>
/// Validates the current request.
/// </summary>
/// <param name="context">The context.</param>
/// <returns></returns>
public async Task <ClientSecretValidationResult> ValidateAsync(HttpContext context)
{
_logger.LogDebug("Start client validation");
var fail = new ClientSecretValidationResult
{
IsError = true
};
var parsedSecret = await _parser.ParseAsync(context);
if (parsedSecret == null)
{
await RaiseFailureEventAsync("unknown", "No client id found");
_logger.LogError("No client identifier found");
return(fail);
}
// load client
var client = await _clients.FindEnabledClientByIdAsync(parsedSecret.Id) as ClientExtra;
if (client == null)
{
await RaiseFailureEventAsync(parsedSecret.Id, $"Unknown client for tenant: '{_scopedTenantRequestContext.Context.TenantName}'");
_logger.LogError($"No client with id '{parsedSecret.Id}' for tenant: '{_scopedTenantRequestContext.Context.TenantName}' found. aborting");
return(fail);
}
SecretValidationResult secretValidationResult = null;
if (!client.RequireClientSecret || client.IsImplicitOnly())
{
_logger.LogDebug("Public Client - skipping secret validation success");
}
else
{
////////////////////////////////////////
// Check if this is a refresh_token
////////////////////////////////////////
bool continueValidation = true;
if (!client.RequireRefreshClientSecret)
{
try
{
var parameters = (await context.Request.ReadFormAsync()).AsNameValueCollection();
var grantType = parameters.Get(OidcConstants.TokenRequest.GrantType);
if (!string.IsNullOrWhiteSpace(grantType) && grantType == OidcConstants.GrantTypes.RefreshToken)
{
// let it through
_logger.LogDebug("RequireRefreshClientSecret == false - skipping secret validation success");
continueValidation = false;
}
}
catch (Exception ex)
{
// let it through
_logger.LogDebug("RequireRefreshClientSecret == false - skipping secret validation success");
continueValidation = false;
}
}
if (continueValidation)
{
secretValidationResult = await _validator.ValidateAsync(client.ClientSecrets, parsedSecret);
if (secretValidationResult.Success == false)
{
await RaiseFailureEventAsync(client.ClientId, "Invalid client secret");
_logger.LogError("Client secret validation failed for client: {clientId}.", client.ClientId);
return(fail);
}
}
}
_logger.LogDebug("Client validation success");
var success = new ClientSecretValidationResult
{
IsError = false,
Client = client,
Secret = parsedSecret,
Confirmation = secretValidationResult?.Confirmation
};
await RaiseSuccessEventAsync(client.ClientId, parsedSecret.Type);
return(success);
}