public async Task OnGet() { if (User.Identity.IsAuthenticated) { IdTokenResponse = await _oidcPipelineStore.GetDownstreamIdTokenResponse(HttpContext.Session.GetSessionId()); Claims = Request.HttpContext.User.Claims.ToList(); } }
public RPAuthenticationConclusion SVX_SignInRP(IdTokenResponse resp) { // Comment out these 2 lines to see the verification fail. if (resp.idToken.theParams.rpPrincipal != SVX_Principal) { throw new Exception("IdTokenResponse was not issued to this RP."); } // Pull new { ... } out to work around BCT mistranslation. var stateParams = new StateParams { client = resp.SVX_sender, idpPrincipal = googlePrincipal }; stateGenerator.Verify(stateParams, resp.state); return(new RPAuthenticationConclusion { authenticatedClient = resp.SVX_sender, googleUsername = resp.idToken.theParams.username }); }
public async Task <IActionResult> OnGetCallbackAsync(string returnUrl = null, string remoteError = null) { string currentNameIdClaimValue = null; if (User.Identity.IsAuthenticated) { // we will only create a new user if the user here is actually new. var qName = from claim in User.Claims where claim.Type == ".nameIdentifier" select claim; var nc = qName.FirstOrDefault(); currentNameIdClaimValue = nc?.Value; } returnUrl = returnUrl ?? Url.Content("~/"); if (remoteError != null) { ErrorMessage = $"Error from external provider: {remoteError}"; return(RedirectToPage("./Login", new { ReturnUrl = returnUrl })); } var info = await _signInManager.GetExternalLoginInfoAsync(); if (info == null) { ErrorMessage = "Error loading external login information."; return(RedirectToPage("./Login", new { ReturnUrl = returnUrl })); } var oidc = await HarvestOidcDataAsync(); IdTokenResponse idTokenResponse = new IdTokenResponse { access_token = oidc["access_token"], expires_at = oidc["expires_at"], id_token = oidc["id_token"], refresh_token = oidc["refresh_token"], token_type = oidc["token_type"], LoginProvider = info.LoginProvider }; await _oidcPipelineStore.StoreDownstreamIdTokenResponse(HttpContext.Session.GetSessionId(), idTokenResponse); var queryNameId = from claim in info.Principal.Claims where claim.Type == ClaimTypes.NameIdentifier select claim; var nameIdClaim = queryNameId.FirstOrDefault(); var query = from claim in info.Principal.Claims where _possibleNameTypes.Contains(claim.Type) select claim; var nameClaim = query.FirstOrDefault(); var displayName = nameIdClaim.Value; if (nameClaim != null) { displayName = nameClaim.Value; } if (currentNameIdClaimValue == nameIdClaim.Value) { // this is a re login from the same user, so don't do anything; return(LocalRedirect(returnUrl)); } /* * // Sign in the user with this external login provider if the user already has a login. * var result = await _signInManager.ExternalLoginSignInAsync(info.LoginProvider, info.ProviderKey, isPersistent: false, bypassTwoFactor : true); * * if (result.Succeeded) * { * // Update the token * await _signInManager.UpdateExternalAuthenticationTokensAsync(info); * * _logger.LogInformation("{Name} logged in with {LoginProvider} provider.", info.Principal.Identity.Name, info.LoginProvider); * return LocalRedirect(returnUrl); * } * if (result.IsLockedOut) * { * return RedirectToPage("./Lockout"); * } * else * { * // If the user does not have an account, then ask the user to create an account. * ReturnUrl = returnUrl; * LoginProvider = info.LoginProvider; * if (info.Principal.HasClaim(c => c.Type == ClaimTypes.Email)) * { * Input = new InputModel * { * Email = info.Principal.FindFirstValue(ClaimTypes.Email) * }; * } * return Page(); * } */ var leftoverUser = await _userManager.FindByEmailAsync(displayName); if (leftoverUser != null) { await _userManager.DeleteAsync(leftoverUser); // just using this inMemory userstore as a scratch holding pad } var user = new ApplicationUser { UserName = nameIdClaim.Value, Email = displayName }; var result = await _userManager.CreateAsync(user); if (result.Succeeded) { var newUser = await _userManager.FindByIdAsync(user.Id); var eClaims = new List <Claim> { new Claim("display-name", displayName), new Claim("login_provider", info.LoginProvider) }; // normalized id. await _userManager.AddClaimsAsync(newUser, eClaims); await _signInManager.SignInAsync(user, isPersistent : false); await _userManager.DeleteAsync(user); // just using this inMemory userstore as a scratch holding pad _logger.LogInformation("User created an account using {Name} provider.", info.LoginProvider); return(LocalRedirect(returnUrl)); } return(RedirectToPage("./Login", new { ReturnUrl = returnUrl })); }