public ServicePrincipalController( TokenService tokenService, GraphService graphService, IOptions <AzureAdOptions> adOptions, IOptions <OpenIdConnectOptions> oidcOptions, AzureManagementService azureManagementService, ServicePrincipalRepository repository) { _tokenService = tokenService; _graphService = graphService; _adOptions = adOptions.Value; _oidcOptions = oidcOptions.Value; _azureManagementService = azureManagementService; _repository = repository; }
private async Task AddMicrosoftIdentityWebAppCallsWebApi_TestRedirectToIdentityProviderForSignOutEvent( IServiceProvider provider, OpenIdConnectOptions oidcOptions, Func <RedirectContext, Task> redirectFuncMock, ITokenAcquisitionInternal tokenAcquisitionMock) { var(httpContext, authScheme, authProperties) = CreateContextParameters(provider); await oidcOptions.Events.RedirectToIdentityProviderForSignOut(new RedirectContext(httpContext, authScheme, oidcOptions, authProperties)).ConfigureAwait(false); // Assert original RedirectToIdentityProviderForSignOut event and TokenAcquisition method were called await redirectFuncMock.ReceivedWithAnyArgs().Invoke(Arg.Any <RedirectContext>()).ConfigureAwait(false); await tokenAcquisitionMock.ReceivedWithAnyArgs().RemoveAccountAsync(Arg.Any <RedirectContext>()).ConfigureAwait(false); }
private async Task AddMicrosoftIdentityWebAppCallsWebApi_TestAuthorizationCodeReceivedEvent( IServiceProvider provider, OpenIdConnectOptions oidcOptions, Func <AuthorizationCodeReceivedContext, Task> authCodeReceivedFuncMock, ITokenAcquisitionInternal tokenAcquisitionMock) { var(httpContext, authScheme, authProperties) = CreateContextParameters(provider); await oidcOptions.Events.AuthorizationCodeReceived(new AuthorizationCodeReceivedContext(httpContext, authScheme, oidcOptions, authProperties)).ConfigureAwait(false); // Assert original AuthorizationCodeReceived event and TokenAcquisition method were called await authCodeReceivedFuncMock.ReceivedWithAnyArgs().Invoke(Arg.Any <AuthorizationCodeReceivedContext>()).ConfigureAwait(false); await tokenAcquisitionMock.ReceivedWithAnyArgs().AddAccountToCacheFromAuthorizationCodeAsync(Arg.Any <AuthorizationCodeReceivedContext>(), Arg.Any <IEnumerable <string> >()).ConfigureAwait(false); }
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { loggerFactory.AddConsole(Configuration.GetSection("Logging")); loggerFactory.AddDebug(); if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); app.UseBrowserLink(); } else { app.UseExceptionHandler("/Home/Error"); } app.UseStaticFiles(); app.UseSession(); app.UseCookieAuthentication(); var options = new OpenIdConnectOptions { Authority = string.Format("https://login.microsoftonline.com/tfp/{0}/{1}", Configuration["Authentication:AzureAdB2C:TenantName"], Configuration["Authentication:AzureAdB2C:SignInPolicyName"]), MetadataAddress = string.Format(Configuration["Authentication:AzureAdB2C:MetadataEndpointUrlTemplate"], Configuration["Authentication:AzureAdB2C:TenantName"], Configuration["Authentication:AzureAdB2C:SignInPolicyName"]), ClientId = Configuration["Authentication:AzureAdB2C:ClientId"], ClientSecret = Configuration["Authentication:AzureAdB2C:ClientSecret"], Events = new OpenIdConnectEvents { OnAuthorizationCodeReceived = OnAuthorizationCodeReceived, OnAuthenticationFailed = OnAuthenticationFailed }, ResponseType = OpenIdConnectResponseType.CodeIdToken, SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme }; options.Scope.Add($"{Constants.Scopes.NotesServiceAppIdUri}{Constants.Scopes.NotesServiceReadNotesScope}"); options.Scope.Add($"{Constants.Scopes.NotesServiceAppIdUri}{Constants.Scopes.NotesServiceWriteNotesScope}"); options.Scope.Add("offline_access"); app.UseOpenIdConnectAuthentication(options); app.UseMvc(routes => { routes.MapRoute( name: "default", template: "{controller=Home}/{action=Index}/{id?}"); }); }
public void Configure(string name, OpenIdConnectOptions options) { // Ignore OpenID Connect client handler instances that don't correspond to the instance managed by the OpenID module. if (!string.Equals(name, OpenIdConnectDefaults.AuthenticationScheme)) { return; } var settings = GetClientSettingsAsync().GetAwaiter().GetResult(); if (settings == null) { return; } options.Authority = settings.Authority.AbsoluteUri; options.ClientId = settings.ClientId; options.SignedOutRedirectUri = settings.SignedOutRedirectUri ?? options.SignedOutRedirectUri; options.SignedOutCallbackPath = settings.SignedOutCallbackPath ?? options.SignedOutCallbackPath; options.RequireHttpsMetadata = string.Equals(settings.Authority.Scheme, Uri.UriSchemeHttps, StringComparison.OrdinalIgnoreCase); options.GetClaimsFromUserInfoEndpoint = true; options.ResponseMode = settings.ResponseMode; options.ResponseType = settings.ResponseType; options.CallbackPath = settings.CallbackPath ?? options.CallbackPath; if (settings.Scopes != null) { foreach (var scope in settings.Scopes) { options.Scope.Add(scope); } } if (settings.ResponseType.Contains(OpenIdConnectResponseType.Code) && !string.IsNullOrEmpty(settings.ClientSecret)) { var protector = _dataProtectionProvider.CreateProtector(nameof(OpenIdClientConfiguration)); try { options.ClientSecret = protector.Unprotect(settings.ClientSecret); } catch { _logger.LogError("The client secret could not be decrypted. It may have been encrypted using a different key."); } } }
public void AddSecretConfiguration(IHelseIdWebKonfigurasjon configAuth, OpenIdConnectOptions options) { var xml = File.ReadAllText(configAuth.ClientSecret); var rsa = RSA.Create(); rsa.FromXmlString(xml); var rsaSecurityKey = new RsaSecurityKey(rsa); options.Events.OnAuthorizationCodeReceived = ctx => { ctx.TokenEndpointRequest.ClientAssertionType = IdentityModel.OidcConstants.ClientAssertionTypes.JwtBearer; ctx.TokenEndpointRequest.ClientAssertion = ClientAssertion.Generate(configAuth, rsaSecurityKey); return(Task.CompletedTask); }; }
/// <summary> /// Adds the <see cref="OpenIdConnectMiddleware"/> middleware to the specified <see cref="IApplicationBuilder"/>, which enables OpenID Connect authentication capabilities. /// </summary> /// <param name="app">The <see cref="IApplicationBuilder"/> to add the middleware to.</param> /// <param name="options">An action delegate to configure the provided <see cref="OpenIdConnectOptions"/>.</param> /// <returns>A reference to this instance after the operation has completed.</returns> public static IApplicationBuilder UseOpenIdConnectAuthentication(this IApplicationBuilder app, Action <OpenIdConnectOptions> configureOptions) { if (app == null) { throw new ArgumentNullException(nameof(app)); } var options = new OpenIdConnectOptions(); if (configureOptions != null) { configureOptions(options); } return(app.UseOpenIdConnectAuthentication(options)); }
private static void ConfigureOpenIdConnectAuthentication(IApplicationBuilder applicationBuilder, IConfigurationSection openIdConnectAuthenticationConfigurationSection) { var tenantId = openIdConnectAuthenticationConfigurationSection["TenantId"]; var openIdConnectAuthenticationOptions = new OpenIdConnectOptions { ClientId = openIdConnectAuthenticationConfigurationSection["ClientId"], ClientSecret = openIdConnectAuthenticationConfigurationSection["ClientSecret"], MetadataAddress = $"https://login.microsoftonline.com/{tenantId}/.well-known/openid-configuration", ResponseType = "code id_token", SignInScheme = Constants.AuthenticationSchemes.ApplicationCookie, SignOutScheme = Constants.AuthenticationSchemes.ApplicationCookie }; applicationBuilder.UseOpenIdConnectAuthentication(openIdConnectAuthenticationOptions); }
public OpenIdConnectMiddlewareDiagnosticsTests() { _customEventWasRaised = false; _httpContext = HttpContextUtilities.CreateHttpContext(); _logger = Substitute.For <ILogger <OpenIdConnectMiddlewareDiagnostics> >(); _openIdDiagnostics = new OpenIdConnectMiddlewareDiagnostics(new LoggerMock <OpenIdConnectMiddlewareDiagnostics>(_logger)); _openIdOptions = new OpenIdConnectOptions(); _openIdEvents = new OpenIdConnectEvents(); _authProperties = new AuthenticationProperties(); _authScheme = new AuthenticationScheme(OpenIdConnectDefaults.AuthenticationScheme, OpenIdConnectDefaults.AuthenticationScheme, typeof(OpenIdConnectHandler)); _eventHandler = (context) => { _customEventWasRaised = true; return(Task.CompletedTask); }; }
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { loggerFactory.AddConsole(Configuration.GetSection("Logging")); loggerFactory.AddDebug(); if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); app.UseBrowserLink(); } else { app.UseExceptionHandler("/Home/Error"); } JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationScheme = "Cookies" }); var options = new OpenIdConnectOptions { AuthenticationScheme = "oidc", SignInScheme = "Cookies", Authority = Configuration["Authentication:Authority"], RequireHttpsMetadata = false, ClientId = Configuration["Authentication:ClientId"], SaveTokens = true }; options.Scope.Add("email"); // client requesting additioal claims options.Scope.Add("role"); app.UseOpenIdConnectAuthentication(options); app.UseStaticFiles(); app.UseMvc(routes => { routes.MapRoute( name: "default", template: "{controller=Home}/{action=Index}/{id?}"); }); }
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { loggerFactory.AddConsole(Configuration.GetSection("Logging")); loggerFactory.AddDebug(); if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); app.UseDatabaseErrorPage(); app.UseBrowserLink(); } else { app.UseExceptionHandler("/Home/Error"); } app.UseStaticFiles(); app.UseIdentity(); List <string> issuers = new List <string> { Configuration["BaseUri"] + Configuration["Endpoint"], Configuration["BaseUri"] + ":" + Configuration["Port"] + Configuration["Endpoint"] }; // Add external authentication middleware below. To configure them please see https://go.microsoft.com/fwlink/?LinkID=532715 OpenIdConnectOptions config = new OpenIdConnectOptions { ClientId = Configuration["ClientId"], ClientSecret = Configuration["ClientSecret"], Authority = Configuration["BaseUri"] + Configuration["Endpoint"], ResponseType = OpenIdConnectResponseType.Code, GetClaimsFromUserInfoEndpoint = true, TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters { ValidIssuers = issuers }, }; app.UseOpenIdConnectAuthentication(config); app.UseMvc(routes => { routes.MapRoute( name: "default", template: "{controller=Home}/{action=Index}/{id?}"); }); }
private void SetupOpenIdSettings(OpenIdConnectOptions options) { var authorizationSection = Configuration.GetSection("Authorization"); options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.Authority = authorizationSection.GetValue <string>("AuthorityUri"); options.RequireHttpsMetadata = false; options.ClientId = authorizationSection.GetValue <string>("ClientId"); options.ClientSecret = authorizationSection.GetValue <string>("ClientSecret"); options.ResponseType = "code id_token"; options.SaveTokens = true; options.GetClaimsFromUserInfoEndpoint = true; options.ClaimActions.MapJsonKey("role", "role", "role"); options.Scope.Add(IdentityServerConstants.StandardScopes.OfflineAccess); options.Scope.Add(IdentityServerConstants.StandardScopes.OpenId); options.Scope.Add(IdentityServerConstants.StandardScopes.Profile); options.Scope.Add(IdentityServerConstants.StandardScopes.Email); options.Scope.Add(AuthenticationConstants.ApplicationMainApi_FullAccessScope); options.Scope.Add(AuthenticationConstants.ApplicationMainApi_ReadOnlyScope); options.Scope.Add(AuthenticationConstants.RolesScope); options.Events = new OpenIdConnectEvents { OnRemoteFailure = (ctx) => { ctx.Response.Redirect("/AccessDenied?schema=oidc"); ctx.HandleResponse(); return(Task.CompletedTask); }, OnRedirectToIdentityProvider = ctx => { var returnUrlValues = ctx.HttpContext.Request.Query["returnUrl"]; if (returnUrlValues.Any()) { var returnUri = new Uri(returnUrlValues.First(), UriKind.RelativeOrAbsolute); if (!returnUri.IsAbsoluteUri) { var request = ctx.HttpContext.Request; returnUri = new UriBuilder(request.Scheme, request.Host.Host, request.Host.Port ?? -1, returnUri.OriginalString).Uri; } ctx.Properties.RedirectUri = returnUri.ToString(); } return(Task.CompletedTask); } }; }
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); loggerFactory.AddConsole(Configuration.GetSection("Logging")); loggerFactory.AddDebug(); app.UseDeveloperExceptionPage(); app.UseStaticFiles(); app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationScheme = "Cookies", AutomaticAuthenticate = true }); var oidcOptions = new OpenIdConnectOptions { AuthenticationScheme = "oidc", SignInScheme = "Cookies", Authority = "http://localhost:50000", RequireHttpsMetadata = false, PostLogoutRedirectUri = "http://localhost:30000/", ClientId = "mvc", ClientSecret = "secret", ResponseType = "code id_token", GetClaimsFromUserInfoEndpoint = true, SaveTokens = true }; oidcOptions.Scope.Clear(); oidcOptions.Scope.Add("openid"); oidcOptions.Scope.Add("profile"); oidcOptions.Scope.Add("api1"); app.UseOpenIdConnectAuthentication(oidcOptions); app.UseMvc(routes => { routes.MapRoute( name: "default", template: "{controller=Home}/{action=Index}/{id?}"); }); }
public void Configure_NoServiceInfo_ReturnsDefaults() { // arrange var opts = new OpenIdConnectOptions(); string authURL = "http://" + CloudFoundryDefaults.OAuthServiceUrl; // act OpenIdConnectConfigurer.Configure(null, opts); // assert Assert.Equal(CloudFoundryDefaults.DisplayName, opts.AuthenticationType); Assert.Equal(CloudFoundryDefaults.ClientId, opts.ClientId); Assert.Equal(CloudFoundryDefaults.ClientSecret, opts.ClientSecret); Assert.Equal(new PathString(CloudFoundryDefaults.CallbackPath), opts.CallbackPath); Assert.Equal(authURL + CloudFoundryDefaults.CheckTokenUri, opts.TokenInfoUrl); Assert.True(opts.ValidateCertificates); }
private void ConfigureOpenIdConnect(OpenIdConnectOptions obj) { obj.SignInScheme = "Cookies"; obj.Authority = "https://testus.loginuat.pageuppeople.com"; obj.RequireHttpsMetadata = false; obj.ClientId = "<<your_client_id_here>>"; obj.ClientSecret = "<<your_client_secret_here>>"; obj.ResponseType = "code"; obj.GetClaimsFromUserInfoEndpoint = false; obj.SaveTokens = true; obj.AuthenticationMethod = OpenIdConnectRedirectBehavior.RedirectGet; obj.BackchannelHttpHandler = new TokenMessageHandler(); }
public void Configure(string name, OpenIdConnectOptions options) { options.ClientId = AzureAdB2COptions.ClientId; options.Authority = AzureAdB2COptions.Authority; options.UseTokenLifetime = true; options.TokenValidationParameters = new TokenValidationParameters() { NameClaimType = "name" }; options.Events = new OpenIdConnectEvents() { OnRedirectToIdentityProvider = OnRedirectToIdentityProvider, OnRemoteFailure = OnRemoteFailure, OnAuthorizationCodeReceived = OnAuthorizationCodeReceived }; }
private static void ConfigureOptions(OpenIdConnectOptions options, Action <OpenIdConnectOptions> configure) { configure(options); options.ResponseType = Constants.ResponseType; options.ResponseMode = Constants.ResponseMode; options.CallbackPath = Constants.CallbackPath; options.ConfigureScpOpenIdProfileScopes(); options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme; ((JwtSecurityTokenHandler)options.SecurityTokenValidator).MapInboundClaims = false; options.Events.OnAuthorizationCodeReceived = OnAuthorizationCodeReceived; options.Events.OnTokenResponseReceived = OnTokenResponseReceived; options.Events.OnRedirectToIdentityProvider = OnRedirectToIdentityProvider; options.Events.OnTokenValidated = OnTokenValidated; }
public static void ConfigureApp(IApplicationBuilder app, IConfigurationRoot configuration, ILogger logger) { var options = new OpenIdConnectOptions { ClientId = configuration["AzureAD:ClientId"], Authority = String.Format(configuration["AzureAd:AadInstance"], configuration["AzureAd:Tenant"]), ResponseType = OpenIdConnectResponseType.IdToken, PostLogoutRedirectUri = configuration["AzureAd:PostLogoutRedirectUri"], Events = new OpenIdConnectEvents { OnRemoteFailure = OnAuthenticationFailed, OnTokenValidated = x => { var token = x.SecurityToken.RawPayload; logger.LogInformation(token); logger.LogInformation($"Issuer : {x.SecurityToken.Issuer}"); logger.LogInformation($"Audiences : {x.SecurityToken.Audiences.Aggregate(new StringBuilder(), (b,i) => b.Append(i).Append(""))}"); var tokenClaim = new Claim("token", token); var identity = x.Ticket.Principal.Identity; var claimIdentity = new ClaimsIdentity( identity.AuthenticationType, "name", "role"); claimIdentity.AddClaim(tokenClaim); claimIdentity.AddClaims(x.Ticket.Principal.Claims); var princiapl = new ClaimsPrincipal(claimIdentity); x.Ticket = new AuthenticationTicket( princiapl, x.Ticket.Properties, x.Ticket.AuthenticationScheme); return(Task.CompletedTask); } }, }; options.TokenValidationParameters.ValidateIssuer = false; app.UseOpenIdConnectAuthentication(options); }
public static ClientOptions CreateClientOptionsConfigData(OpenIdConnectOptions authOption, NavigationManager navigationManager) { return(new ClientOptions { authority = authOption.Authority, client_id = authOption.ClientId, client_secret = authOption.ClientSecret, redirect_uri = navigationManager.GetAbsoluteUri(authOption.SignedInCallbackUri), silent_redirect_uri = navigationManager.GetAbsoluteUri(authOption.SilentRedirectUri), response_type = authOption.ResponseType, scope = string.Join(" ", authOption.Scopes.Distinct()), post_logout_redirect_uri = navigationManager.GetAbsoluteUri(authOption.SignedOutRedirectUri), popup_redirect_uri = navigationManager.GetAbsoluteUri(authOption.PopupSignInRedirectUri), popup_post_logout_redirect_uri = navigationManager.GetAbsoluteUri(authOption.PopupSignOutRedirectUri), loadUserInfo = authOption.LoadUserInfo, automaticSilentRenew = authOption.AutomaticSilentRenew, revokeAccessTokenOnSignout = authOption.RevokeAccessTokenOnSignout, filterProtocolClaims = authOption.FilterProtocolClaims, popupWindowFeatures = authOption.PopupWindowFeatures, clockSkew = authOption.ClockSkew, popupWindowTarget = authOption.PopupWindowTarget, silentRequestTimeout = authOption.SilentRequestTimeout, accessTokenExpiringNotificationTime = authOption.AccessTokenExpiringNotificationTime, monitorSession = authOption.MonitorSession, checkSessionInterval = authOption.CheckSessionInterval, includeIdTokenInSilentRenew = authOption.IncludeIdTokenInSilentRenew, staleStateAge = authOption.StaleStateAge, extraQueryParams = authOption.ExtraQueryParams, extraTokenParams = authOption.ExtraTokenParams, endSessionEndpoint = navigationManager.GetAbsoluteUri(authOption.EndSessionEndpoint), doNothingUri = navigationManager.GetAbsoluteUri(authOption.DoNothingUri), metadata = authOption.Metadata == null ? null : new ClientOidcMetadata { issuer = authOption.Metadata.Issuer, authorization_endpoint = authOption.Metadata.AuthorizationEndpoint, userinfo_endpoint = authOption.Metadata.UserinfoEndpoint, token_endpoint = authOption.Metadata.TokenEndpoint, check_session_iframe = authOption.Metadata.CheckSessionIframe, end_session_endpoint = authOption.Metadata.EndSessionEndpoint, revocation_endpoint = authOption.Metadata.RevocationEndpoint, jwks_uri = authOption.Metadata.JwksUri, }, signingKeys = authOption.SigningKeys, }); }
public static IApplicationBuilder UseAuthentication(this IApplicationBuilder app) { var settings = app.ApplicationServices.GetService <IOptions <Settings> >(); app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationScheme = "cookies", AutomaticAuthenticate = true, ExpireTimeSpan = TimeSpan.FromMinutes(60) }); JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); var oidcOptions = new OpenIdConnectOptions { AuthenticationScheme = "oidc", SignInScheme = "cookies", Authority = settings.Value.Authentication.Authority, RequireHttpsMetadata = settings.Value.Authentication.RequireHttpsMetadata, PostLogoutRedirectUri = settings.Value.Authentication.PostLogoutRedirectUri, ClientId = "mvc", ResponseType = "id_token", SaveTokens = true, TokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters { NameClaimType = JwtClaimTypes.Name, RoleClaimType = JwtClaimTypes.Role, } }; oidcOptions.Scope.Clear(); oidcOptions.Scope.Add("openid"); oidcOptions.Scope.Add("profile"); oidcOptions.Scope.Add(Scopes.WebApplication); app.UseOpenIdConnectAuthentication(oidcOptions); app.UseForwardedHeaders(new ForwardedHeadersOptions { ForwardedHeaders = ForwardedHeaders.XForwardedHost | ForwardedHeaders.XForwardedProto }); return(app); }
public void Configure_WithServiceInfo_ReturnsExpected() { // arrange string authURL = "http://domain"; var opts = new OpenIdConnectOptions(); SsoServiceInfo info = new SsoServiceInfo("foobar", "clientId", "secret", "http://domain"); // act OpenIdConnectConfigurer.Configure(info, opts); // assert Assert.Equal(CloudFoundryDefaults.DisplayName, opts.AuthenticationType); Assert.Equal("clientId", opts.ClientId); Assert.Equal("secret", opts.ClientSecret); Assert.Equal(new PathString(CloudFoundryDefaults.CallbackPath), opts.CallbackPath); Assert.Equal(authURL + CloudFoundryDefaults.CheckTokenUri, opts.TokenInfoUrl); Assert.True(opts.ValidateCertificates); }
public BlazorAuthenticationStateProvider( IJSRuntime jsRuntime, NavigationManager navigationManager, ClientOptions clientOptions, IClaimsParser <TUser> claimsParser, AuthenticationEventHandler authenticationEventHandler, HttpClient httpClient, OpenIdConnectOptions openIdConnectOptions, IServiceProvider serviceProvider) { _jsRuntime = jsRuntime; _navigationManager = navigationManager; _clientOptions = clientOptions; _claimsParser = claimsParser; _authenticationEventHandler = authenticationEventHandler; _openIdConnectOptions = openIdConnectOptions; _serviceProvider = serviceProvider; }
public static OpenIdConnectOptions GetOpenIdOptionConfigurations(OpenIdConnectOptions options) { options.Authority = "http://localhost:5001"; options.ClientId = "mvc"; options.RequireHttpsMetadata = false; options.ResponseType = "id_token"; options.Scope.Add(IdentityServerConstants.StandardScopes.OpenId); options.Scope.Add(IdentityServerConstants.StandardScopes.Profile); options.Scope.Add(IdentityServerConstants.StandardScopes.Email); options.SaveTokens = true; options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; return(options); }
public void Configure_NoServiceInfo_ReturnsExpected() { var oidcOptions = new OpenIdConnectOptions(); CloudFoundryOpenIdConnectConfigurer.Configure(null, oidcOptions, new CloudFoundryOpenIdConnectOptions() { ValidateCertificates = false }); Assert.Equal(CloudFoundryDefaults.AuthenticationScheme, oidcOptions.ClaimsIssuer); Assert.Equal(CloudFoundryDefaults.ClientId, oidcOptions.ClientId); Assert.Equal(CloudFoundryDefaults.ClientSecret, oidcOptions.ClientSecret); Assert.Equal(new PathString(CloudFoundryDefaults.CallbackPath), oidcOptions.CallbackPath); Assert.Equal(19, oidcOptions.ClaimActions.Count()); Assert.Equal(CookieAuthenticationDefaults.AuthenticationScheme, oidcOptions.SignInScheme); Assert.False(oidcOptions.SaveTokens); Assert.NotNull(oidcOptions.BackchannelHttpHandler); }
private static OpenIdConnectOptions CreateOpenIdConnectAuthOptions(IConfiguration configuration) { var options = new OpenIdConnectOptions { ClientId = configuration["Authentication:OpenId:ClientId"], Authority = configuration["Authentication:OpenId:Authority"], PostLogoutRedirectUri = configuration["App:WebSiteRootAddress"] + "Account/Logout", ResponseType = OpenIdConnectResponseType.IdToken }; var clientSecret = configuration["Authentication:OpenId:ClientSecret"]; if (!clientSecret.IsNullOrEmpty()) { options.ClientSecret = clientSecret; } return options; }
private void ConfigureOpenIdConnectOptions(OpenIdConnectOptions options, OpenIDSettings openIdSettings) { options.Authority = $"https://{openIdSettings.Domain}"; options.ClientId = openIdSettings.ClientId; options.ClientSecret = openIdSettings.ClientSecret; options.ResponseType = "code"; options.CallbackPath = new PathString("/signin-auth0"); options.ClaimsIssuer = "Auth0"; options.SaveTokens = true; options.Events = CreateOpenIdConnectEvents(); options.Scope.Clear(); options.Scope.Add("openid"); options.Scope.Add("name"); options.Scope.Add("email"); options.Scope.Add("picture"); }
private static void SetProtocolMessageOptions(OpenIdConnectOptions options) { var fakeOpenIdRequestMessage = new FakeOpenIdConnectMessage(ExpectedAuthorizeRequest, ExpectedLogoutRequest); options.AutomaticChallenge = true; options.Events = new OpenIdConnectEvents() { OnRedirectToAuthenticationEndpoint = (context) => { context.ProtocolMessage = fakeOpenIdRequestMessage; return(Task.FromResult(0)); }, OnRedirectToEndSessionEndpoint = (context) => { context.ProtocolMessage = fakeOpenIdRequestMessage; return(Task.FromResult(0)); } }; }
private void setOpenIdConnectOptions(OpenIdConnectOptions options) { options.SignInScheme = Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationDefaults.AuthenticationScheme; options.Authority = "http://localhost:5000"; options.RequireHttpsMetadata = false; options.ClientId = "clientWebPortal"; options.ClientSecret = "49C1A7E1-0C79-4A89-A3D6-A37998FB86B1"; options.ResponseType = "code id_token"; options.SaveTokens = true; options.GetClaimsFromUserInfoEndpoint = true; options.Scope.Clear(); options.Scope.Add("openid"); options.Scope.Add("profile"); options.Scope.Add("offline_access"); options.Scope.Add("testApi"); }
public void Configure_WithServiceInfo_ReturnsExpected() { var authURL = "https://domain"; var oidcOptions = new OpenIdConnectOptions(); var info = new SsoServiceInfo("foobar", "clientId", "secret", authURL); CloudFoundryOpenIdConnectConfigurer.Configure(info, oidcOptions, new CloudFoundryOpenIdConnectOptions()); Assert.Equal(CloudFoundryDefaults.AuthenticationScheme, oidcOptions.ClaimsIssuer); Assert.Equal(authURL, oidcOptions.Authority); Assert.Equal("clientId", oidcOptions.ClientId); Assert.Equal("secret", oidcOptions.ClientSecret); Assert.Equal(new PathString(CloudFoundryDefaults.CallbackPath), oidcOptions.CallbackPath); Assert.Null(oidcOptions.BackchannelHttpHandler); Assert.Equal(19, oidcOptions.ClaimActions.Count()); Assert.Equal(CookieAuthenticationDefaults.AuthenticationScheme, oidcOptions.SignInScheme); Assert.False(oidcOptions.SaveTokens); Assert.Null(oidcOptions.BackchannelHttpHandler); }
public void Can_CalculateFullRedirectUri_WithNonDefaults() { // arrange var options = new OpenIdConnectOptions { AuthDomain = "my_oauth_server", CallbackPath = new PathString("/something_else") }; var requestContext = OwinTestHelpers.CreateRequest("GET", string.Empty, "https", "some_server", 1234); // act var redirectUri = UriUtility.CalculateFullRedirectUri(options, requestContext.Request); // assert Assert.StartsWith(options.AuthDomain, redirectUri); Assert.Contains("response_type=code", redirectUri); Assert.Contains("scope=openid", redirectUri); Assert.EndsWith("redirect_uri=" + WebUtility.UrlEncode("https://some_server:1234/something_else"), redirectUri); }