public IdentityTokenResponse PostJSONToken(IdentityTokenRequest token)
{
IdentityTokenResponse response = new IdentityTokenResponse();
try
{
IdentityToken identityToken = null;
using (DecodedJsonToken decodedToken = JsonTokenDecoder.Decode(token))
{
if (decodedToken.IsValid)
{
identityToken = new IdentityToken(token, decodedToken.Audience, decodedToken.AuthMetadataUri);
}
}
response.token = identityToken;
}
catch (Exception ex)
{
response.errorMessage = ex.Message;
}
return(response);
}
public async System.Threading.Tasks.Task <AppointmentProxyResponse> PostServiceRequest(AppointmentProxyRequest proxyRequest)
{
AppointmentProxyResponse proxyResponse = new AppointmentProxyResponse();
try
{
IdentityToken identityToken = null;
var organizerDomain = string.Empty;
var thirdPartyEventId = (string.IsNullOrEmpty(proxyRequest.thirdPartyEventId)) ? string.Empty : proxyRequest.thirdPartyEventId;
var thirdPartySecretKey = string.Empty;
using (DecodedJsonToken decodedToken = JsonTokenDecoder.Decode(proxyRequest))
{
if (decodedToken.IsValid)
{
identityToken = new IdentityToken(proxyRequest, decodedToken.Audience, decodedToken.AuthMetadataUri);
// todo - add whatever logic you need to do here
if (!string.IsNullOrEmpty(proxyRequest.organizerEmailAddress))
{
organizerDomain = proxyRequest.organizerEmailAddress.Split('@')[1];
}
if (string.IsNullOrEmpty(thirdPartyEventId))
{
thirdPartyEventId = $"KF{Guid.NewGuid().ToString()}";
}
var secretKey = organizerDomain.Replace('.', '-');
thirdPartySecretKey = await KeyVaultClientHelper.GetDomainSecret(secretKey);
}
}
proxyResponse.token = identityToken;
proxyResponse.organizerTenant = organizerDomain;
proxyResponse.thirdPartyEventId = thirdPartyEventId;
proxyResponse.thirdPartySecretKey = thirdPartySecretKey;
}
catch (Exception ex)
{
proxyResponse.errorMessage = ex.Message;
}
return(proxyResponse);
}
public async Task <HttpResponseMessage> Validate([FromBody] IdentityTokenRequest token)
{
//validate the identity token passed from the client
IdentityTokenResponse response = new IdentityTokenResponse();
try
{
//decode and validate the token passed in
IdentityToken identityToken = null;
using (DecodedJsonToken decodedToken = JsonTokenDecoder.Decode(token))
{
if (decodedToken.IsValid)
{
identityToken = new IdentityToken(token, decodedToken.Audience, decodedToken.AuthMetadataUri);
}
}
response.token = identityToken;
//now that the key is validated, we can perform a lookup against DocDB for it's hased value (combination of metadata document URL with the Exchange identifier)
if (identityToken != null)
{
//the token is valid...check if user is valid (has valid refresh token)
response.validToken = true;
string hash = ComputeSHA256Hash(response.token.uniqueID, response.token.amurl, Salt);
response.user = DocumentDBRepository <UserModel> .GetItem("Users", i => i.hash == hash);
if (response.user != null)
{
//check for and validate the refresh token
if (!String.IsNullOrEmpty(response.user.refresh_token))
{
var graphToken = await TokenHelper.GetAccessTokenWithRefreshToken(response.user.refresh_token, SettingsHelper.O365UnifiedAPIResourceId);
if (graphToken != null)
{
//TODO: get the user details against AAD Graph
response.validUser = true;
}
}
}
else
{
//the user doesn't exist, so we can add a placeholder record in the data store...TODO: get more data on user????
response.user = new UserModel()
{
id = Guid.NewGuid().ToString().ToLower(), hash = hash
};
await DocumentDBRepository <UserModel> .CreateItemAsync("Users", response.user);
}
}
else
{
//this was an invalid token!!!!
}
}
catch (Exception ex)
{
response.errorMessage = ex.Message;
}
return(Request.CreateResponse <IdentityTokenResponse>(HttpStatusCode.OK, response));
}
