/// <summary>
 /// Called to create a new authorization code. An application may use this context
 /// to replace the authentication ticket before it is serialized or to use its own code store
 /// and skip the default logic using <see cref="BaseContext{OpenIdConnectServerOptions}.HandleResponse"/>.
 /// </summary>
 /// <param name="context">The context of the event carries information in and results out.</param>
 /// <returns>Task to enable asynchronous execution</returns>
 public virtual Task CreateAuthorizationCode(CreateAuthorizationCodeContext context) => OnCreateAuthorizationCode(context);
Exemple #2
0
        private async Task <string> CreateAuthorizationCodeAsync(
            ClaimsPrincipal principal, AuthenticationProperties properties,
            OpenIdConnectMessage request, OpenIdConnectMessage response)
        {
            try {
                // properties.IssuedUtc and properties.ExpiresUtc
                // should always be preferred when explicitly set.
                if (properties.IssuedUtc == null)
                {
                    properties.IssuedUtc = Options.SystemClock.UtcNow;
                }

                if (properties.ExpiresUtc == null)
                {
                    properties.ExpiresUtc = properties.IssuedUtc + Options.AuthorizationCodeLifetime;
                }

                properties.SetUsage(OpenIdConnectConstants.Usages.Code);

                // Claims in authorization codes are never filtered as they are supposed to be opaque:
                // CreateAccessTokenAsync and CreateIdentityTokenAsync are responsible of ensuring
                // that subsequent access and identity tokens are correctly filtered.
                var ticket = new AuthenticationTicket(principal, properties, Options.AuthenticationScheme);

                var notification = new CreateAuthorizationCodeContext(Context, Options, request, response, ticket)
                {
                    DataFormat = Options.AuthorizationCodeFormat
                };

                // Sets the default authorization code serializer.
                notification.Serializer = payload => {
                    return(Task.FromResult(notification.DataFormat?.Protect(payload)));
                };

                await Options.Provider.CreateAuthorizationCode(notification);

                // Treat a non-null authorization code like an implicit HandleResponse call.
                if (notification.HandledResponse || !string.IsNullOrEmpty(notification.AuthorizationCode))
                {
                    return(notification.AuthorizationCode);
                }

                else if (notification.Skipped)
                {
                    return(null);
                }

                // Allow the application to change the authentication
                // ticket from the CreateAuthorizationCode event.
                ticket = notification.AuthenticationTicket;
                ticket.Properties.CopyTo(properties);

                var key = GenerateKey(256 / 8);

                using (var stream = new MemoryStream())
                    using (var writter = new StreamWriter(stream)) {
                        writter.Write(await notification.SerializeTicketAsync());
                        writter.Flush();

                        await Options.Cache.SetAsync(key, options => {
                            options.AbsoluteExpiration = ticket.Properties.ExpiresUtc;

                            return(stream.ToArray());
                        });
                    }

                return(key);
            }

            catch (Exception exception) {
                Logger.LogWarning("An exception occured when serializing an authorization code.", exception);

                return(null);
            }
        }