/// <summary> /// Given an <see cref="ResourceOwnerTokenRequest" />, it will do the authentication on the provider and return an <see cref="AccessTokenResponse"./> /// </summary> /// <param name="request">The authentication request details containing information regarding the username, password etc.</param> /// <returns>An <see cref="AccessTokenResponse" /> with the response.</returns> /// <remarks> /// The grant_type parameter required by the /oauth/token endpoint will automatically be inferred from the <paramref name="request"/> parameter. If no Realm was specified, /// then the grant_type will be set to "password". If a Realm was specified, then the grant_type will be set to "http://auth0.com/oauth/grant-type/password-realm" /// </remarks> public Task <AccessTokenResponse> GetTokenAsync(ResourceOwnerTokenRequest request) { var parameters = new Dictionary <string, object> { { "client_id", request.ClientId }, { "username", request.Username }, { "password", request.Password }, { "scope", request.Scope } }; if (!string.IsNullOrEmpty(request.ClientSecret)) { parameters.Add("client_secret", request.ClientSecret); } if (!string.IsNullOrEmpty(request.Audience)) { parameters.Add("audience", request.Audience); } if (string.IsNullOrEmpty(request.Realm)) { parameters.Add("grant_type", "password"); } else { parameters.Add("grant_type", "http://auth0.com/oauth/grant-type/password-realm"); parameters.Add("realm", request.Realm); } return(Connection.PostAsync <AccessTokenResponse>("oauth/token", null, parameters, null, null, null, null)); }
/// <inheritdoc/> public async Task <AccessTokenResponse> GetTokenAsync(ResourceOwnerTokenRequest request) { if (request == null) { throw new ArgumentNullException(nameof(request)); } var body = new Dictionary <string, string> { { "client_id", request.ClientId }, { "username", request.Username }, { "password", request.Password }, { "scope", request.Scope } }; body.AddIfNotEmpty("client_secret", request.ClientSecret); body.AddIfNotEmpty("audience", request.Audience); body.AddIfNotEmpty("realm", request.Realm); body.Add("grant_type", String.IsNullOrEmpty(request.Realm) ? "password" : "http://auth0.com/oauth/grant-type/password-realm"); var headers = String.IsNullOrEmpty(request.ForwardedForIp) ? null : new Dictionary <string, string> { { "auth0-forwarded-for", request.ForwardedForIp } }; var response = await connection.SendAsync <AccessTokenResponse>( HttpMethod.Post, tokenUri, body, headers ).ConfigureAwait(false); await AssertIdTokenValid(response.IdToken, request.ClientId, request.SigningAlgorithm, request.ClientSecret).ConfigureAwait(false); return(response); }
public async Task <TokenMintingResponse> MintResourceOwnerTokenAsync(ResourceOwnerTokenRequest resourceOwnerTokenRequest) { var extensionGrantRequest = ToArbitraryResourceOwnerRequest(resourceOwnerTokenRequest); var result = await _tokenEndpointHandlerExtra.ProcessRawAsync(extensionGrantRequest); return(ToTokenMintingResponse(result)); }
Dictionary <string, string> MakeParamaters(ResourceOwnerTokenRequest resourceOwnerTokenRequest) { return(new Dictionary <string, string>() { { OidcConstants.TokenRequest.Scope, resourceOwnerTokenRequest.Scope }, { "arbitrary_claims", JsonConvert.SerializeObject(resourceOwnerTokenRequest.ArbitraryClaims) }, { "subject", resourceOwnerTokenRequest.Subject }, { "access_token_lifetime", $"{resourceOwnerTokenRequest.AccessTokenLifetime}" } }); }
public async Task <TokenMintingResponse> MintResourceOwnerTokenAsync(ResourceOwnerTokenRequest resourceOwnerTokenRequest) { Dictionary <string, string> paramaters = MakeParamaters(resourceOwnerTokenRequest); var client = new HttpClient(); var discoveryResponse = await _discoveryContainer.DiscoveryCache.GetAsync(); var response = await client.RequestTokenAsync(new TokenRequest { Address = discoveryResponse.TokenEndpoint, GrantType = "arbitrary_resource_owner", ClientId = _clientId, ClientSecret = _clientSecret, Parameters = paramaters }); return(ToTokenMintingResponse(response)); }
/// <summary> /// Given an <see cref="ResourceOwnerTokenRequest" />, it will do the authentication on the provider and return an <see cref="AccessTokenResponse"/>. /// </summary> /// <param name="request">The authentication request details containing information regarding the username, password etc.</param> /// <returns>An <see cref="AccessTokenResponse" /> with the response.</returns> /// <remarks> /// The grant_type parameter required by the /oauth/token endpoint will automatically be inferred from the <paramref name="request"/> parameter. If no Realm was specified, /// then the grant_type will be set to "password". If a Realm was specified, then the grant_type will be set to "http://auth0.com/oauth/grant-type/password-realm" /// </remarks> public async Task <AccessTokenResponse> GetTokenAsync(ResourceOwnerTokenRequest request) { var parameters = new Dictionary <string, object> { { "client_id", request.ClientId }, { "username", request.Username }, { "password", request.Password }, { "scope", request.Scope } }; if (!string.IsNullOrEmpty(request.ClientSecret)) { parameters.Add("client_secret", request.ClientSecret); } if (!string.IsNullOrEmpty(request.Audience)) { parameters.Add("audience", request.Audience); } if (string.IsNullOrEmpty(request.Realm)) { parameters.Add("grant_type", "password"); } else { parameters.Add("grant_type", "http://auth0.com/oauth/grant-type/password-realm"); parameters.Add("realm", request.Realm); } var headers = new Dictionary <string, object>(); if (!string.IsNullOrEmpty(request.ForwardedForIp)) { headers.Add("auth0-forwarded-for", request.ForwardedForIp); } var response = await Connection.PostAsync <AccessTokenResponse>("oauth/token", null, parameters, null, null, headers, null).ConfigureAwait(false); IdentityTokenValidator validator = new IdentityTokenValidator(); await validator.ValidateAsync(response.IdToken, _baseUri.AbsoluteUri, request.ClientId); return(response); }
internal ArbitraryResourceOwnerRequest ToArbitraryResourceOwnerRequest(ResourceOwnerTokenRequest resourceOwnerTokenRequest) { Guard.ArgumentNotNull(nameof(resourceOwnerTokenRequest), resourceOwnerTokenRequest); var valid = !string.IsNullOrWhiteSpace(_clientId) || !string.IsNullOrWhiteSpace(resourceOwnerTokenRequest.ClientId); Guard.OperationValid(valid, "all clientId(s) are null!"); var scopesList = resourceOwnerTokenRequest.Scope.Split(' ').ToList(); var extensionGrantRequest = new ArbitraryResourceOwnerRequest() { ClientId = string.IsNullOrEmpty(resourceOwnerTokenRequest.ClientId) ? _clientId : resourceOwnerTokenRequest.ClientId, Scopes = scopesList, Subject = resourceOwnerTokenRequest.Subject, ArbitraryClaims = resourceOwnerTokenRequest.ArbitraryClaims, AccessTokenLifetime = resourceOwnerTokenRequest.AccessTokenLifetime.ToString() }; return(extensionGrantRequest); }
private string _getKey(ResourceOwnerTokenRequest r) { return($"ResourceOwnerTokenRequest{r.ClientId}{r.Username}{r.Realm}{r.Audience}{r.Scope}"); }
public Task <AccessTokenResponse> GetTokenAsync(ResourceOwnerTokenRequest request) { return(_getToken(request)); }
private async void LoginUser(ANWI.Messaging.LoginRequest cred) { // Authenticate the user with Auth0 try { // Check version if (minimumVersion.CompareTo(cred.clientVer) > 0) { logger.Info( $"User {cred.username} has invalid version. " + $"Client: {cred.clientVer} Minimum: {minimumVersion}"); DenyLogin(ANWI.Messaging.LoginResponse.Code.FAILED_VERSION); return; } ResourceOwnerTokenRequest req = new ResourceOwnerTokenRequest() { ClientId = Configuration.auth0Settings.client, ClientSecret = Configuration.auth0Settings.secret, Realm = Configuration.auth0Settings.connection, Username = cred.username, Password = cred.password }; AccessTokenResponse token = null; try { token = await auth0Client.GetTokenAsync(req); } catch (Auth0.Core.Exceptions.ApiException e) { logger.Error( $"Failed to log in user {cred.username}: {e.Message}"); DenyLogin( ANWI.Messaging.LoginResponse.Code.FAILED_CREDENTIALS); return; } UserInfo user = await auth0Client.GetUserInfoAsync(token.AccessToken); logger.Info("Successfully authenticated user. Token: " + token.AccessToken); ANWI.AuthenticatedAccount account = new AuthenticatedAccount(); account.authToken = token.AccessToken; account.auth0_id = user.UserId; account.nickname = user.NickName; // Get the main user profile Datamodel.User dbUser = null; if (!Datamodel.User.FetchByAuth0(ref dbUser, account.auth0_id)) { logger.Info("Profile not found for user " + account.auth0_id + ". It will be created."); // Create a basic profile if (!CreateDatabaseUser(user.NickName, user.UserId)) { DenyLogin(ANWI.Messaging.LoginResponse. Code.FAILED_SERVER_ERROR); return; } } account.profile = Profile.FetchByAuth0(account.auth0_id); ANWI.Messaging.Message resp = new ANWI.Messaging.Message( 0, new ANWI.Messaging.LoginResponse( ANWI.Messaging.LoginResponse.Code.OK, account) ); SendMessage(resp); } catch (System.Net.Http.HttpRequestException e) { logger.Info("HTTP error when connecting to Auth0:\n" + e); DenyLogin( ANWI.Messaging.LoginResponse.Code.FAILED_SERVER_ERROR); return; } }
public async Task <List <TokenExchangeResponse> > ProcessExchangeAsync(TokenExchangeRequest tokenExchangeRequest) { if (tokenExchangeRequest.Extras == null || tokenExchangeRequest.Extras.Count == 0) { throw new Exception($"{Name}: We require that extras be populated!"); } List <ValidatedToken> validatedIdentityTokens = new List <ValidatedToken>(); foreach (var item in tokenExchangeRequest.Tokens) { var prince = await _tokenValidator.ValidateTokenAsync(new TokenDescriptor { TokenScheme = item.TokenScheme, Token = item.Token }); var sub = prince.GetSubjectFromPincipal(); if (string.IsNullOrEmpty(sub)) { _summaryLogger.Add("subject", "A subject was not found in the ClaimsPrincipal object!"); throw new Exception("A subject was not found in the ClaimsPrincipal object!"); } validatedIdentityTokens.Add(new ValidatedToken { Token = item.Token, TokenScheme = item.TokenScheme, Principal = prince }); } // for this demo, lets assume all the extras are roles. var roles = tokenExchangeRequest.Extras; roles.Add("user"); ResourceOwnerTokenRequest resourceOwnerTokenRequest = new ResourceOwnerTokenRequest() { AccessTokenLifetime = 3600, ArbitraryClaims = new Dictionary <string, List <string> >() { { "role", roles } }, Scope = "offline_access graphQLPlay", Subject = validatedIdentityTokens[0].Principal.GetSubjectFromPincipal(), ClientId = "arbitrary-resource-owner-client" }; var response = await _tokenMintingService.MintResourceOwnerTokenAsync(resourceOwnerTokenRequest); if (response.IsError) { throw new Exception(response.Error); } var tokenExchangeResponse = new TokenExchangeResponse() { accessToken = new AccessTokenResponse() { access_token = response.AccessToken, refresh_token = response.RefreshToken, expires_in = response.ExpiresIn, token_type = response.TokenType, authority = $"{_httpContextAssessor.HttpContext.Request.Scheme}://{_httpContextAssessor.HttpContext.Request.Host}", HttpHeaders = new List <HttpHeader> { new HttpHeader() { Name = "x-authScheme", Value = response.Scheme } } } }; return(new List <TokenExchangeResponse> { tokenExchangeResponse }); }
public async Task <List <TokenExchangeResponse> > ProcessExchangeAsync( TokenExchangeRequest tokenExchangeRequest, Dictionary <string, List <KeyValuePair <string, string> > > mapOpaqueKeyValuePairs) { var access_token = await GetTokenAsync(); if (string.IsNullOrEmpty(access_token)) { throw new Exception("Unable to fetch client_credentials access_token"); } var headers = new List <HttpHeader>(_externalExchangeRecord.oAuth2_client_credentials.AdditionalHeaders) { new HttpHeader() { Name = "Authorization", Value = $"Bearer {access_token}" }, new HttpHeader() { Name = "Accept", Value = $"application/json" } }; var passThrough = _externalExchangeRecord.MintType == "passThroughHandler"; var externalUrl = passThrough ? _externalExchangeRecord.PassThroughHandler.Url : _externalExchangeRecord.ExternalFinalExchangeHandler.Url; (string content, HttpStatusCode statusCode)responseBag; using (var httpClient = _defaultHttpClientFactory.HttpClient) { responseBag = await Utils.EfficientApiCalls.HttpClientHelpers.PostStreamAsync( _defaultHttpClientFactory.HttpClient, externalUrl, headers, new TokenExchangeRequestPackage(tokenExchangeRequest) { MapOpaqueKeyValuePairs = mapOpaqueKeyValuePairs }, CancellationToken.None); } if (responseBag.statusCode == HttpStatusCode.OK) { if (passThrough) { var passThroughResult = JsonConvert.DeserializeObject <List <TokenExchangeResponse> >(responseBag.content); return(passThroughResult); } else { var tokenExchangeResponses = new List <TokenExchangeResponse>(); var externalExchangeTokenRequests = JsonConvert.DeserializeObject <List <ExternalExchangeTokenResponse> >(responseBag.content); foreach (var externalExchangeResourceOwnerTokenRequest in externalExchangeTokenRequests) { if (externalExchangeResourceOwnerTokenRequest.CustomTokenResponse != null) { var tokenExchangeResponse = new TokenExchangeResponse() { customToken = externalExchangeResourceOwnerTokenRequest.CustomTokenResponse }; tokenExchangeResponses.Add(tokenExchangeResponse); } if (externalExchangeResourceOwnerTokenRequest.ArbitraryIdentityTokenRequest != null) { var arbitraryIdentityTokenRequest = externalExchangeResourceOwnerTokenRequest .ArbitraryIdentityTokenRequest; IdentityTokenRequest tokenRequest = new IdentityTokenRequest() { IdentityTokenLifetime = arbitraryIdentityTokenRequest.IdentityTokenLifetime, ArbitraryClaims = arbitraryIdentityTokenRequest.ArbitraryClaims, Scope = arbitraryIdentityTokenRequest.Scope, Subject = arbitraryIdentityTokenRequest.Subject, ClientId = _externalExchangeRecord.ExternalFinalExchangeHandler.ClientId // configured value }; var response = await _tokenMintingService.MintIdentityTokenAsync(tokenRequest); if (response.IsError) { throw new Exception(response.Error); } var tokenExchangeResponse = new TokenExchangeResponse() { IdentityToken = new IdentityTokenResponse() { hint = arbitraryIdentityTokenRequest.Hint, id_token = response.IdentityToken, expires_in = response.ExpiresIn, authority = $"{_httpContextAssessor.HttpContext.Request.Scheme}://{_httpContextAssessor.HttpContext.Request.Host}", HttpHeaders = arbitraryIdentityTokenRequest.HttpHeaders } }; tokenExchangeResponses.Add(tokenExchangeResponse); } if (externalExchangeResourceOwnerTokenRequest.ArbitraryResourceOwnerTokenRequest != null) { var arbitraryResourceOwnerTokenRequest = externalExchangeResourceOwnerTokenRequest .ArbitraryResourceOwnerTokenRequest; ResourceOwnerTokenRequest resourceOwnerTokenRequest = new ResourceOwnerTokenRequest() { AccessTokenLifetime = arbitraryResourceOwnerTokenRequest.AccessTokenLifetime, ArbitraryClaims = arbitraryResourceOwnerTokenRequest.ArbitraryClaims, Scope = arbitraryResourceOwnerTokenRequest.Scope, Subject = arbitraryResourceOwnerTokenRequest.Subject, ClientId = _externalExchangeRecord.ExternalFinalExchangeHandler.ClientId // configured value }; var response = await _tokenMintingService.MintResourceOwnerTokenAsync(resourceOwnerTokenRequest); if (response.IsError) { throw new Exception(response.Error); } var tokenExchangeResponse = new TokenExchangeResponse() { accessToken = new AccessTokenResponse() { hint = arbitraryResourceOwnerTokenRequest.Hint, access_token = response.AccessToken, refresh_token = response.RefreshToken, expires_in = response.ExpiresIn, token_type = response.TokenType, authority = $"{_httpContextAssessor.HttpContext.Request.Scheme}://{_httpContextAssessor.HttpContext.Request.Host}", HttpHeaders = arbitraryResourceOwnerTokenRequest.HttpHeaders } }; tokenExchangeResponses.Add(tokenExchangeResponse); } } return(tokenExchangeResponses); } } return(null); }
public Task <AccessTokenResponse> GetTokenAsync(ResourceOwnerTokenRequest request, CancellationToken cancellationToken = default) { return(_getToken(request, cancellationToken)); }