public IActionResult CreateUser(UserModel model)
{
if (!ModelState.IsValid)
{
return(View(model));
}
var endpoint = $"{GlobalStrings.DebugHomeApiDomain}/{GlobalStrings.IdentityApiRoute}/{GlobalStrings.IdentityCreate}";
var identityModel = new IdentityModel
{
Password = model.Password,
Username = model.Email
};
//Noty found need to pass string and cast to object
var response = _apiDataService.PostApiData(endpoint, identityModel);
if (response.Result.StatusCode == (int)HttpStatusCode.InternalServerError)
{
ModelState.AddModelError(GlobalStrings.GenericError, GlobalStrings.InternalServerError);
return(View(model));
}
return(View());
}
public IAccessToken Authenticate(
AzureAccount account,
AzureEnvironment environment,
string tenant,
SecureString password,
ShowDialog promptBehavior,
IdentityModel.Clients.ActiveDirectory.TokenCache tokenCache,
AzureEnvironment.Endpoint resourceId = AzureEnvironment.Endpoint.ActiveDirectoryServiceEndpointResourceId)
{
if (account.Id == null)
{
account.Id = "test";
}
if (TokenProvider == null)
{
return new MockAccessToken()
{
AccessToken = account.Id,
LoginType = LoginType.OrgId,
UserId = account.Id
};
}
else
{
return TokenProvider(account, environment, tenant);
}
}
//[AllowAnonymous]
public async Task <ActionResult> UpdatePassword(VM.UserInfoUpdatePassword modelNew)
{
if (modelNew.UserId != Convert.ToInt32(UserHelper.GetCurrentUser().Id))
{
return(Redirect(Url.Action("Index", "NoPermissions", new { area = "" })));
}
BL.UserInfo empBL = new BL.UserInfo();
VM.UserInfoItem model = new VM.UserInfoItem();
// model.UserId = CommonMethod.getIntValue(UserHelper.GetCurrentUser().Id);
model = empBL.GetItemById(model.UserId);
IdentityModel user = await UserManager.FindByNameAsync(model.LogonName);
//modelNew.Password = HashEncrypt.MD5(modelNew.Password);
var results = await UserManager.CheckPasswordAsync(user, modelNew.Password);
if (results)
{
//modelNew.NewPassword = HashEncrypt.MD5(modelNew.NewPassword);
string password = UserManager.PasswordHasher.HashPassword(modelNew.NewPassword);
UserStore store = new UserStore(UserHelper.GetCurrentUser().LogonName);
var set = store.SetPasswordHashAsync(user, password);
var result = store.UpdateAsync(user);
if (user != null)
{
return(Content("Success"));
}
}
else
{
return(Content("Error"));
}
return(Content("False"));
}
public async Task <IActionResult> Login([FromBody] IdentityModel identityModel)
{
//LoginViewModel met (Required) UserName en Password aanbrengen.
if (!ModelState.IsValid)
{
return(BadRequest("Unvalid data"));
}
try
{
//geen persistence, geen lockout -> via false, false
var result = await _signInManager.PasswordSignInAsync(identityModel.UserName,
identityModel.Password, false, false);
if (result.Succeeded)
{
var jwtsvc = new JWTServices <User>(_configuration, _logger,
_usermanager, _passwordHasher);
var token = await jwtsvc.GenerateJwtToken(identityModel);
return(Ok(token));
//return Ok("Welcome " + identityModel.UserName);
}
ModelState.AddModelError("", "Username or password not found");
return(BadRequest("Failed to login")); //zo algemeen mogelijke reactive. Vertelt niet dat het pwd niet juist is.
}
catch (Exception exc)
{
_logger.LogError($"Exception thrown when logging in: {exc}");
}
return(BadRequest("Failed to login")); //zo weinig mogelijk (hacker) info }
}
private async Task <IdentityModel> GetAuthorizedData(AuthorizationModel authorizationModel)
{
var identityModel = new IdentityModel
{
Auth = authorizationModel
};
using (var httpClient = new HttpClient())
{
var authorization = new
{
authorization_code = authorizationModel.Code,
code_verifier = authorizationModel.CodeVerifier,
client_id = _config.GetValue <string>("MeuIDCredentials:ClientId"),
client_secret = _config.GetValue <string>("MeuIDCredentials:ClientSecret"),
grant_type = "authorization_code"
};
var authorizationContent = new StringContent(
JsonSerializer.Serialize(authorization), Encoding.UTF8, "application/json");
var token = await GetAccessToken(httpClient, authorizationContent);
if (!string.IsNullOrEmpty(token.AccessToken))
{
identityModel = await GetUserData(identityModel, httpClient, token);
}
}
return(identityModel);
}
protected IConnectSipSvamletResponse ConnectSip(string authName, string destination, string defaultCli)
{
IdentityModel identity = null;
if (!string.IsNullOrEmpty(destination))
{
if (!destination.Contains("@"))
{
throw new BuilderException("Sip-URI should contain an '@'-sign");
}
identity = new IdentityModel
{
Endpoint = destination.Replace("sip:", string.Empty),
Type = "sip"
};
}
SetAction(new SvamletActionModel
{
Name = "connectsip",
Cli = defaultCli,
Account = authName,
Locale = Locale.Code,
Destination = identity
});
return(Build <ConnectSipSvamletResponse>());
}
public IdentityModelTests()
{
this.model = DataAccessModel.BuildDataAccessModel<IdentityModel>(SqliteConfiguration.Create(":memory:", null, BaseTests<IdentityModel>.useMonoData));
this.model.Create(DatabaseCreationOptions.IfDatabaseNotExist);
this.userStore = new ShaolinqIdentityUserStore<ShaolinqIdentityUser<Guid>, IdentityModel, Guid, DbUser, DbUserLogin, DbUserClaim, DbUserRole>(this.model);
}
public IdentityModelTests()
{
this.model = DataAccessModel.BuildDataAccessModel <IdentityModel>(SqliteConfiguration.Create(":memory:", null, BaseTests <IdentityModel> .useMonoData));
this.model.Create(DatabaseCreationOptions.IfDatabaseNotExist);
this.userStore = new ShaolinqIdentityUserStore <ShaolinqIdentityUser <Guid>, IdentityModel, Guid, DbUser, DbUserLogin, DbUserClaim, DbUserRole>(this.model);
}
public IHttpActionResult Get([FromBody] IdentityModel identity)
{
try
{
var user = _userAuthService.GetUser(identity.Token);
var result = new
{
Token = identity.Token,
FirstName = user.FirstName,
MiddleName = user.MiddleName,
LastName = user.LastName,
RoleId = user.RoleId,
Photo = user.Photo,
BirthDate = user.BirthDate,
CreatedOn = user.CreatedOn,
Login = user.Login,
Email = user.Email,
Skype = user.Skype,
PhoneNumbers = user.PhoneNumbers,
IsMale = user.isMale,
CityId = user.CityId,
Id = user.Id
};
return(Json(result, botSerializationSettings));
}
catch (System.Exception e)
{
return(Json(new { Error = e.Message }, botSerializationSettings));
}
}
public IActionResult Token([FromBody] IdentityModel model)
{
var identity = GetIdentity(model.UserName, model.Password);
if (identity == null)
{
return(BadRequest(new { errorText = "Invalid username or password." }));
}
var now = DateTime.UtcNow;
var jwt = new JwtSecurityToken(
issuer: "issuer",
audience: "audience",
notBefore: now,
claims: identity.Claims,
expires: now.Add(TimeSpan.FromMinutes(3)),
signingCredentials: new SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes("somethingyouwantwhichissecurewillworkk")), SecurityAlgorithms.HmacSha256));
var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt);
var response = new
{
access_token = encodedJwt,
userName = identity.Name
};
return(Ok(response));
}
public IActionResult Login([FromBody] IdentityModel model)
{
try
{
var identity = identityService.GetToken(model);
switch (identity.Result)
{
case VerificationResult.Ok:
return(Ok(identity.Data));
case VerificationResult.Forbidden:
return(BadRequest("UserNotFound"));
case VerificationResult.WrongCredentials:
return(BadRequest("UserIncorrectData"));
default:
return(StatusCode(500));
}
}
catch (Exception ex)
{
Log.Error(ex, "Failed to Login");
return(StatusCode(500, ex.Message));
}
}
private IdentityModel ConvertUser(MD.tbl_Common_User user)
{
if (user == null)
{
return(null);
}
var result = new IdentityModel();
var roleUser = user.tbl_Common_RoleUser.FirstOrDefault();
int roleId = roleUser == null ? 0 : roleUser.RoleId.Value;
var role = ctx.Role.Where(r => r.RoleId == roleId).FirstOrDefault();
result.Id = user.UserId.ToString();
result.LogonName = user.LogonName;
result.RoleId = roleId;
result.RoleName = role == null ? "" : role.Name;
result.RoleSelectList =
(from m in ctx.ModulePermissionDefine
join pi in ctx.RolePermissionConfig.DefaultIfEmpty() on m.ModuleId equals pi.ModuleId into inner
from p in inner.DefaultIfEmpty()
where (p.RoleId == roleId || p.RoleId == null)
select new RolePermission
{
Action = string.IsNullOrEmpty(m.Action) ? "index" : m.Action,
Area = m.Area ?? string.Empty,
Controller = m.Controller ?? string.Empty,
ModuleId = m.ModuleId,
IsAvailable = (m.Value & p.Value) == m.Value ? true : false
}).ToList();
MD.tbl_Common_UserOfGasStation userGas = ctx.UserOfGasStation.Where(m => m.UserId == user.UserId).FirstOrDefault();
return(result);
}
public async Task <HttpClient> Handle(GenerateHttpClientCommand request, CancellationToken cancellationToken)
{
HttpClient client = new HttpClient();
client.BaseAddress = httpAddress.Uri;
// get access
GetAccessCommand getAccessCommand = new GetAccessCommand()
{
httpClient = client
};
IdentityModel identity = await mediator.Send(getAccessCommand);
client.DefaultRequestHeaders.Add("Authorization", string.Format($@"Bearer {identity.access_token}"));
// get session
LoginArgs loginArgs = new LoginArgs()
{
password = httpAddress.password,
key = httpAddress.key,
userId = httpAddress.userId
};
SessionTokenQueryCommand sessionTokenQueryCommand = new SessionTokenQueryCommand()
{
HttpClient = client,
loginArgs = loginArgs
};
var sessionToken = await mediator.Send(sessionTokenQueryCommand);
client.DefaultRequestHeaders.Add("SessionToken", sessionToken.results);
//client.DefaultRequestHeaders.Accept.Add(new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json"));
return(await Task.FromResult(client));
}
/// <summary>
/// Allows the user view to go to the target when a button or shortcut is clecked
/// </summary>
/// <param name="model"></param>
internal void GoToTarget(IdentityModel model)
{
if (model.identityType == IdentityType.Government)
{
galaxyView = true;
galaxy.GalaxyView();
transform.position = new Vector3(data.stars[model.solarIndex].galacticPosition.x, data.stars[model.solarIndex].galacticPosition.y, -10);
}
}
// Retrive Logged User profile
public async Task <IActionResult> LoggedUserProfile()
{
var userId = userManager.GetUserId(HttpContext.User);
IdentityModel user = await userManager.FindByIdAsync(userId);
//HttpContext.Session.SetString("appUser", user.Photo);
return(View(user));
}
public string GenerateRandomIdentity()
{
// Generate a random seed and new identity.
var mnemonic = new Mnemonic(Wordlist.English, WordCount.Twelve);
ExtKey masterNode = mnemonic.DeriveExtKey();
ExtPubKey walletRoot = masterNode.Derive(new KeyPath("m/44'")).Neuter();
ExtKey identityRoot = masterNode.Derive(new KeyPath("m/302'"));
ExtKey identity0 = identityRoot.Derive(0, true);
ExtKey identity1 = identityRoot.Derive(1, true);
BitcoinPubKeyAddress identity0Address = identity0.PrivateKey.PubKey.GetAddress(profileNetwork);
BitcoinPubKeyAddress identity1Address = identity1.PrivateKey.PubKey.GetAddress(profileNetwork);
string identity0Id = identity0Address.ToString();
// Create an identity profile that should be signed and pushed.
IdentityModel identityModel = new IdentityModel
{
Id = identity0Id,
Name = "Random Person",
ShortName = "Random",
Alias = "Who Knows",
Email = "*****@*****.**",
Title = "President"
};
byte[] entityBytes = MessagePackSerializer.Serialize(identityModel);
// Testing to only sign the name.
string signature = identity0.PrivateKey.SignMessage(entityBytes);
IdentityDocument identityDocument = new IdentityDocument
{
Owner = identityModel.Id,
Body = identityModel,
Signature = signature
};
string json = JsonConvert.SerializeObject(identityDocument);
RestClient client = CreateClient();
// Persist the identity.
var request2 = new RestRequest($"/identity/{identityModel.Id}");
request2.AddJsonBody(identityDocument);
IRestResponse <string> response2 = client.Put <string>(request2);
if (response2.StatusCode != System.Net.HttpStatusCode.OK)
{
throw new ApplicationException(response2.ErrorMessage);
}
return(identity0Id);
}
public string CreateTokenTest()
{
IdentityModel jwt = new IdentityModel {
UId = Guid.NewGuid(), Role = new List <Guid> {
GuidAll.NewGuid(), GuidAll.NewGuid(), GuidAll.NewGuid()
}
};
return(JwtHelper.GetJwtToken(jwt));
}
public async Task <IActionResult> SignIn(IdentityModel input)
{
if (ModelState.IsValid)
{
var signInResult = await _signInManager.PasswordSignInAsync(input.UserName, input.Password, false, false);
return(Ok(signInResult.Succeeded.ToString()));
}
return(BadRequest());
}
public bool TryConvert(IIdentity o, out IdentityModel result)
{
result = new IdentityModel
{
Endpoint = o.Endpoint,
Type = AsString(o.Type)
};
return(true);
}
public IdentityModel ParseTokenTest()
{
IdentityModel jwt = new IdentityModel {
UId = Guid.NewGuid(), Role = new List <Guid> {
Guid.NewGuid(), Guid.NewGuid()
}
};
var token = JwtHelper.GetJwtToken(jwt);
return(JwtHelper.SerializeJwt(token));
}
public IActionResult Authenticate([FromBody] IdentityModel model)
{
var user = _userService.Authenticate(model.Username, model.Password);
if (user == null)
{
return(BadRequest(new { message = "Username or password is incorrect" }));
}
return(Ok(user));
}
public IActionResult Register([FromBody] IdentityModel model)
{
try
{
_userService.Register(model.Username, model.Password);
return(Ok());
}
catch (Exception ex)
{
return(BadRequest(new { message = ex.Message }));
}
}
public bool UpdatePassword(IdentityModel model)
{
MD.tbl_Common_User date = Ctx.tbl_Common_User.Where(c => c.UserId.ToString() == model.Id).FirstOrDefault();
date.Password = model.PasswordHash;
date.UpdatedBy = model.UpdateBy;
date.UpdatedDate = DateTime.Now;
Ctx.SaveChanges();
return(true);
}
// For more information on configuring authentication, please visit https://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context, user manager and signin manager to use a single instance per request
app.CreatePerOwinContext(EPDbContext.Create);
app.CreatePerOwinContext <ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext <ApplicationSignInManager>(ApplicationSignInManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity <ApplicationUserManager, User>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => IdentityModel.GenerateUserIdentityAsync(user, manager))
}
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
// Enables the application to remember the second login verification factor such as phone or email.
// Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
// This is similar to the RememberMe option when you log in.
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);
// Uncomment the following lines to enable logging in with third party login providers
//app.UseMicrosoftAccountAuthentication(
// clientId: "",
// clientSecret: "");
//app.UseTwitterAuthentication(
// consumerKey: "",
// consumerSecret: "");
//app.UseFacebookAuthentication(
// appId: "",
// appSecret: "");
//app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
//{
// ClientId = "",
// ClientSecret = ""
//});
}
public MSActorReturnMessageModel DisableMailbox([FromBody] IdentityModel input)
{
try {
string logmessage = "DisableMailbox | identity: " + input.identity;
util.LogMessage(logmessage);
ExchangeController control = new ExchangeController();
return(control.DisableMailbox(input.identity));
}
catch (Exception e)
{
return(util.ReportError(e));
}
}
public IdentityModel ToBaseModel()
{
var baseModel = new IdentityModel()
{
Guid = this.Guid,
Username = this.Username,
FirstName = this.FirstName,
LastName = this.LastName,
Email = this.Email,
};
return(baseModel);
}
/// <summary>
/// Returns the <c ref="IdentityModel" /> representing the user calling this action.
/// </summary>
/// <returns>The <c ref="IdentityModel" /> of the current user.</returns>
public ActionResult Current()
{
var identityModel = new IdentityModel()
{
ClientCertificate = new CertificateModel()
{
EDIPI = DodPkiCertificateParser.GetEdipiFromContext(System.Web.HttpContext.Current),
Subject = DodPkiCertificateParser.GetSubjectFromContext(System.Web.HttpContext.Current)
}
};
return(this.Json(identityModel, JsonRequestBehavior.AllowGet));
}
public MSActorReturnMessageModel GetMoveRequest([FromBody] IdentityModel input)
{
try {
string logmessage = "GetMoveRequest | identity: " + input.identity;
util.LogMessage(logmessage);
ExchangeController control = new ExchangeController();
return(control.GetMoveRequest(input.identity));
}
catch (Exception e)
{
return(util.ReportError(e));
}
}
private static async Task <IdentityModel> GetUserData(IdentityModel identityModel, HttpClient httpClient, TokenModel token)
{
httpClient.DefaultRequestHeaders.Authorization
= new AuthenticationHeaderValue(token.AccessToken);
using (var response = await httpClient.GetAsync("https://api-v3.idwall.co/meuid/data"))
{
var responseBody = await response.Content.ReadAsStringAsync();
identityModel = JsonSerializer.Deserialize <IdentityModel>(responseBody);
}
return(identityModel);
}
/// <summary>
/// 根据标识获取页面信息
/// </summary>
/// <param name="IdentityStatus">标识ID(页面ID)</param>
/// <returns></returns>
public List <IdentityModel> GetBannerProducIdentityNameList(int[] IdentityStatus)
{
List <IdentityModel> models = new List <IdentityModel>();
foreach (var item in IdentityStatus)
{
IdentityModel model = new IdentityModel();
model.IdentityStatus = item;
model.IdentityStatusName = GetBannerProducIdentityStatusName(item);
models.Add(model);
}
return(models);
}
public async Task <AuthResponse> LoginAsync(IdentityModel model)
{
var user = await _userRepository.GetUserByLoginAsync(model.Login);
if (user == null)
{
throw new UnauthorizedAccessException("Username \"" + model.Login + "\" not found");
}
if (_passwordHasher.VerifyHashedPassword(user, user.Password, model.Password) == PasswordVerificationResult.Failed)
{
throw new UnauthorizedAccessException();
}
return(GetAuthResponse(user, await CreateRefreshTokenAsync(user)));
}
public async Task <IActionResult> Get([FromBody] IdentityModel info)
{
if (ModelState.IsValid)
{
var identityUser = _userManager.Users.FirstOrDefault(x => x.UserName == info.UserName);
var isVailed = await _userManager.CheckPasswordAsync(identityUser, info.Password);
if (isVailed)
{
return(Ok(CreateToken(identityUser.UserName)));
}
}
return(BadRequest());
}
static TokenResponse RequestToken()
{
var client = new TokenClient(
Constants.TokenEndpoint,
"roclient",
"secret");
// idsrv supports additional non-standard parameters
// that get passed through to the user service
var optional = new
{
acr_values = "tenant:custom_account_store1 foo bar quux"
};
return client.RequestResourceOwnerPasswordAsync("dabs", "dabs", "read write", optional).Result;
}
public IAccessToken Authenticate(
AzureAccount account,
AzureEnvironment environment,
string tenant,
SecureString password,
ShowDialog promptBehavior,
IdentityModel.Clients.ActiveDirectory.TokenCache tokenCache,
AzureEnvironment.Endpoint resourceId = AzureEnvironment.Endpoint.ActiveDirectoryServiceEndpointResourceId)
{
if (account.Id == null)
{
account.Id = "test";
}
var token = new MockAccessToken
{
UserId = account.Id,
LoginType = LoginType.OrgId,
AccessToken = "123"
};
return token;
}
public async Task<IActionResult> Index(LoginInputModel model)
{
if (ModelState.IsValid)
{
if (_loginService.ValidateCredentials(model.Username, model.Password))
{
var user = _loginService.FindByUsername(model.Username);
var name = user.Claims.Where(x => x.Type == JwtClaimTypes.Name)
.Select(x => x.Value).FirstOrDefault() ?? user.Username;
var claims = new[] {
new Claim(JwtClaimTypes.Subject, user.Subject),
new Claim(JwtClaimTypes.Name, name),
new Claim(JwtClaimTypes.IdentityProvider, "idsvr"),
new Claim(JwtClaimTypes.AuthenticationTime, DateTime.UtcNow.ToEpochTime().ToString())
};
var ci = new ClaimsIdentity(claims, "password", JwtClaimTypes.Name, JwtClaimTypes.Role);
var cp = new ClaimsPrincipal(ci);
await HttpContext.Authentication.SignInAsync(Constants.PrimaryAuthenticationType, cp);
if (model.SignInId != null)
{
return new SignInResult(model.SignInId);
}
return Redirect("~/");
}
ModelState.AddModelError("", "Invalid username or password.");
}
var vm = new LoginViewModel(model);
return View(vm);
}
public async Task<IActionResult> Callback(string signInId)
{
var external = await HttpContext.Authentication.AuthenticateAsync("External");
//todo create or get local account match by email
//for now alice is hardcoded
var subject = "818727";//todo you get this after you create or get local user
var name = "alice";
var claims = new[] {
new Claim(JwtClaimTypes.Subject, subject),
new Claim(JwtClaimTypes.Name, name),
new Claim(JwtClaimTypes.IdentityProvider, "idsvr"),
new Claim(JwtClaimTypes.AuthenticationTime, DateTime.UtcNow.ToEpochTime().ToString())
};
var ci = new ClaimsIdentity(claims, "password", JwtClaimTypes.Name, JwtClaimTypes.Role);
var cp = new ClaimsPrincipal(ci);
await HttpContext.Authentication.SignInAsync(Constants.PrimaryAuthenticationType, cp);
await HttpContext.Authentication.SignOutAsync("External");
if (signInId != null)
{
return new SignInResult(signInId);
}
return Redirect("~/");
}
public async Task<AuthenticationResult> AuthenticateAsync(string clientId, string audience, IdentityModel.Clients.ActiveDirectory.AuthenticationContext context)
{
var certificate = await this._assertionProvider(clientId).ConfigureAwait(false);
return await context.AcquireTokenAsync(audience, certificate);
}
public void Configuration(IAppBuilder app)
{
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = "katanaclient",
Authority = Constants.BaseAddress,
RedirectUri = "http://localhost:2672/",
PostLogoutRedirectUri = "http://localhost:2672/",
ResponseType = "code id_token",
Scope = "openid profile read write offline_access",
SignInAsAuthenticationType = "Cookies",
Notifications = new OpenIdConnectAuthenticationNotifications
{
AuthorizationCodeReceived = async n =>
{
// use the code to get the access and refresh token
var tokenClient = new TokenClient(
Constants.TokenEndpoint,
"katanaclient",
"secret");
var response = await tokenClient.RequestAuthorizationCodeAsync(n.Code, n.RedirectUri);
var id = new ClaimsIdentity(n.AuthenticationTicket.Identity.AuthenticationType);
var preferredClaims = new[] { "given_name", "family_name" };
foreach (var preferredClaim in preferredClaims)
{
var claim = n.AuthenticationTicket.Identity.FindFirst(preferredClaim);
if (claim != null)
{
id.AddClaim(claim);
}
}
id.AddClaim(new Claim("access_token", response.AccessToken));
id.AddClaim(new Claim("expires_at", DateTime.Now.AddSeconds(response.ExpiresIn).ToLocalTime().ToString()));
id.AddClaim(new Claim("refresh_token", response.RefreshToken));
id.AddClaim(new Claim("id_token", n.ProtocolMessage.IdToken));
n.AuthenticationTicket = new AuthenticationTicket(
new ClaimsIdentity(id.Claims, n.AuthenticationTicket.Identity.AuthenticationType),
n.AuthenticationTicket.Properties);
},
RedirectToIdentityProvider = n =>
{
// if signing out, add the id_token_hint
if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.LogoutRequest)
{
var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");
if (idTokenHint != null)
{
n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
}
}
return Task.FromResult(0);
}
}
});
}
