private async Task <LoginRequest> GetLoginRequestAsync(TParty party, AuthenticationRequest authenticationRequest)
{
var loginRequest = new LoginRequest {
DownParty = party
};
loginRequest.LoginAction = !authenticationRequest.Prompt.IsNullOrWhiteSpace() && authenticationRequest.Prompt.Contains(IdentityConstants.AuthorizationServerPrompt.None) ? LoginAction.ReadSession : LoginAction.ReadSessionOrLogin;
if (authenticationRequest.MaxAge.HasValue)
{
loginRequest.MaxAge = authenticationRequest.MaxAge.Value;
}
if (!authenticationRequest.IdTokenHint.IsNullOrEmpty())
{
var claimsPrincipal = await jwtLogic.ValidatePartyClientTokenAsync(party.Client as TClient, authenticationRequest.IdTokenHint, validateLifetime : false);
if (claimsPrincipal == null)
{
throw new OAuthRequestException("Invalid id token hint.")
{
RouteBinding = RouteBinding, Error = IdentityConstants.ResponseErrors.InvalidRequest
};
}
loginRequest.UserId = claimsPrincipal.FindFirst(JwtClaimTypes.Subject).Value;
}
if (!authenticationRequest.LoginHint.IsNullOrEmpty())
{
loginRequest.UserId = authenticationRequest.LoginHint;
}
return(loginRequest);
}
private async Task <(bool, string, IEnumerable <Claim>)> ValidateIdTokenHintAsync(TClient client, string idToken)
{
if (!idToken.IsNullOrEmpty())
{
var claimsPrincipal = await jwtLogic.ValidatePartyClientTokenAsync(client, idToken, validateLifetime : false);
if (claimsPrincipal != null)
{
return(true, claimsPrincipal.FindFirstValue(JwtClaimTypes.SessionId), claimsPrincipal.Claims);
}
}
return(false, null, null);
}
