public virtual async Task <ClaimsPrincipal> ValidateTokenAsync(TokenDescriptor tokenDescriptor)
{
if (tokenDescriptor.TokenScheme != TokenScheme)
{
throw new ArgumentException($"{nameof(tokenDescriptor.TokenScheme)} must be {TokenScheme} to use this validator");
}
var discoveryContainer = _discoverCacheContainerFactory.Get(tokenDescriptor.TokenScheme);
if (discoveryContainer == null)
{
throw new ArgumentException($"The OIDC AuthorityKey:{nameof(tokenDescriptor.TokenScheme)} is not supported");
}
var providerValidator = new ProviderValidator(discoveryContainer, _memoryCache);
try
{
var principal = await providerValidator.ValidateToken(tokenDescriptor.Token,
new TokenValidationParameters()
{
ValidateAudience = false
});
return(principal);
}
catch (Exception e)
{
throw new Exception("Invalid Binding Token", e);
}
}
public async Task <object> PostBindAsync([FromForm] IFormCollection formCollection)
{
try
{
var idToken = formCollection["id_token"];
var principal = await _providerValidator.ValidateToken(idToken, new TokenValidationParameters()
{
ValidateAudience = false
});
var query = from item in principal.Claims
where item.Type == ClaimTypes.NameIdentifier
select item;
var namedIdentifierClaim = query.FirstOrDefault();
var discoveryResponse = await _discoveryContainer.DiscoveryCache.GetAsync();
var clientId = "arbitrary-resource-owner-client";
var client = new TokenClient(
discoveryResponse.Issuer + "/connect/token",
clientId);
Dictionary <string, string> paramaters = new Dictionary <string, string>()
{
{ OidcConstants.TokenRequest.ClientId, clientId },
{ OidcConstants.TokenRequest.ClientSecret, "secret" },
{ OidcConstants.TokenRequest.GrantType, "arbitrary_resource_owner" },
{
OidcConstants.TokenRequest.Scope, "offline_access wizard"
},
{
"arbitrary_claims",
"{'role': ['application', 'limited']}"
},
{
"subject", namedIdentifierClaim.Value
},
{ "access_token_lifetime", "3600" }
};
var result = await client.RequestAsync(paramaters);
return(result.Json);
}
catch (Exception e)
{
}
return(NotFound());
}