/// <inheritdoc/>
public StartAuthenticationResponse StartAuthentication(string clientId, string authorizeUrl, string redirectUrl, string state, string nonce, string scope, int?maxAge, string acrValues, string encryptedMSISDN, AuthenticationOptions options)
{
Validation.RejectNullOrEmpty(clientId, "clientId");
Validation.RejectNullOrEmpty(authorizeUrl, "authorizeUrl");
Validation.RejectNullOrEmpty(redirectUrl, "redirectUrl");
Validation.RejectNullOrEmpty(state, "state");
Validation.RejectNullOrEmpty(nonce, "nonce");
options = options ?? new AuthenticationOptions();
options.Scope = scope ?? options.Scope;
options.AcrValues = acrValues ?? options.AcrValues;
options.MaxAge = maxAge ?? options.MaxAge;
options.State = state;
options.Nonce = nonce;
options.LoginHint = options.LoginHint ?? (string.IsNullOrEmpty(encryptedMSISDN) ? null : string.Format("ENCR_MSISDN:{0}", encryptedMSISDN));
options.RedirectUrl = redirectUrl;
options.ClientId = clientId;
UriBuilder build = new UriBuilder(authorizeUrl);
build.AddQueryParams(GetAuthenticationQueryParams(options));
return(new StartAuthenticationResponse()
{
Url = build.Uri.AbsoluteUri
});
}
/// <inheritdoc/>
public async Task <RequestTokenResponse> RequestHeadlessAuthentication(string clientId, string clientSecret, string authorizeUrl, string tokenUrl, string redirectUrl,
string state, string nonce, string encryptedMsisdn, SupportedVersions versions, AuthenticationOptions options, CancellationToken cancellationToken = default(CancellationToken))
{
options = options ?? new AuthenticationOptions();
bool shouldUseAuthorize = ShouldUseAuthorize(options);
if (shouldUseAuthorize)
{
options.Prompt = "mobile";
}
string authUrl = StartAuthentication(clientId, authorizeUrl, redirectUrl, state, nonce, encryptedMsisdn, versions, options).Url;
Uri finalRedirect = null;
try
{
finalRedirect = await _client.GetFinalRedirect(authUrl, redirectUrl, options.PollFrequencyInMs, options.MaxRedirects, cancellationToken);
}
catch (Exception e) when(e is System.Net.WebException || e is TaskCanceledException)
{
Log.Error("Headless authentication was cancelled", e);
return(new RequestTokenResponse(new ErrorResponse {
Error = Constants.ErrorCodes.AuthCancelled, ErrorDescription = "Headless authentication was cancelled or a timeout occurred"
}));
}
catch (HttpRequestException e)
{
Log.Error("Headless authentication failed", e);
throw new MobileConnectEndpointHttpException(e.Message, e);
}
var error = ErrorResponse.CreateFromUrl(finalRedirect.AbsoluteUri);
if (error != null)
{
return(new RequestTokenResponse(error));
}
var code = HttpUtils.ExtractQueryValue(finalRedirect.AbsoluteUri, "code");
return(await RequestTokenAsync(clientId, clientSecret, tokenUrl, redirectUrl, code));
}
/// <inheritdoc/>
public StartAuthenticationResponse StartAuthentication(string clientId, string authorizeUrl, string redirectUrl, string state, string nonce,
string encryptedMsisdn, SupportedVersions versions, AuthenticationOptions options)
{
Validate.RejectNullOrEmpty(clientId, "clientId");
Validate.RejectNullOrEmpty(authorizeUrl, "authorizeUrl");
Validate.RejectNullOrEmpty(redirectUrl, "redirectUrl");
Validate.RejectNullOrEmpty(state, "state");
Validate.RejectNullOrEmpty(nonce, "nonce");
options = options ?? new AuthenticationOptions();
options.Scope = options.Scope ?? "";
bool shouldUseAuthorize = ShouldUseAuthorize(options);
if (shouldUseAuthorize)
{
Validate.RejectNullOrEmpty(options.Context, "options.Context");
Validate.RejectNullOrEmpty(options.ClientName, "options.ClientName");
}
options.State = state;
options.Nonce = nonce;
options.LoginHintToken = options.LoginHintToken;
if (options.LoginHintToken == null)
{
options.LoginHint = options.LoginHint ?? LoginHint.GenerateForEncryptedMsisdn(encryptedMsisdn);
}
options.RedirectUrl = redirectUrl;
options.ClientId = clientId;
string version;
string coercedScope = CoerceAuthenticationScope(options.Scope, versions, shouldUseAuthorize, out version);
Log.Info(() => $"scope={options.Scope} => coercedScope={coercedScope}");
options.Scope = coercedScope;
UriBuilder build = new UriBuilder(authorizeUrl);
build.AddQueryParams(GetAuthenticationQueryParams(options, shouldUseAuthorize, version));
Log.Info(() => $"Authentication URI={build.Uri.AbsoluteUri}");
return(new StartAuthenticationResponse()
{
Url = build.Uri.AbsoluteUri
});
}
/// <inheritdoc/>
public StartAuthenticationResponse StartAuthentication(string clientId, string authorizeUrl, string redirectUrl, string state, string nonce,
string encryptedMsisdn, SupportedVersions versions, AuthenticationOptions options, string currentVersion)
{
Validate.RejectNullOrEmpty(clientId, "clientId");
Validate.RejectNullOrEmpty(authorizeUrl, "authorizeUrl");
Validate.RejectNullOrEmpty(redirectUrl, "redirectUrl");
Validate.RejectNullOrEmpty(state, "state");
Validate.RejectNullOrEmpty(nonce, "nonce");
options = options ?? new AuthenticationOptions();
options.Scope = options.Scope ?? "";
bool shouldUseAuthorize = options.Scope.ToLower().Equals(Constants.Scope.AUTHZ.ToLower());
if (shouldUseAuthorize)
{
Validate.RejectNullOrEmpty(options.Context, "options.Context");
Validate.RejectNullOrEmpty(options.ClientName, "options.ClientName");
Validate.RejectNullOrEmpty(options.BindingMessage, "options.BindingMessage");
}
if (options != null)
{
KYCClaimsParameter kycClaims = options.KycClaims;
if (kycClaims != null)
{
bool isNamePresent = false;
bool isAddressPresent = false;
if (currentVersion.Equals(DefaultOptions.V2_3) && options.Scope.Contains(Constants.Scope.KYCPLAIN))
{
isNamePresent = StringUtils.requireNonEmpty("name || given_name and family_name",
kycClaims.Name, kycClaims.GivenName, kycClaims.FamilyName);
isAddressPresent = StringUtils.requireNonEmpty(
"address || houseno_or_housename, postal_code, country, town", kycClaims.Address,
kycClaims.HousenoOrHouseName, kycClaims.PostalCode, kycClaims.Country, kycClaims.Town);
}
if (currentVersion.Equals(DefaultOptions.V2_3) && options.Scope.Contains(Constants.Scope.KYCHASHED))
{
isNamePresent = StringUtils.requireNonEmpty("name_hashed || given_name_hashed and family_name_hashed",
kycClaims.NameHashed, kycClaims.GivenNameHashed, kycClaims.FamilyNameHashed);
isAddressPresent = StringUtils.requireNonEmpty(
"address_hashed || houseno_or_housename_hashed, postal_code_hashed, country_hashed, town_hashed", kycClaims.AddressHashed,
kycClaims.HousenoOrHouseNameHashed, kycClaims.PostalCodeHashed, kycClaims.CountryHashed, kycClaims.TownHashed);
}
if ((isNamePresent & !isAddressPresent) | (!isNamePresent & isAddressPresent))
{
throw new MobileConnectInvalidArgumentException("(split|concatenated, plain|hashed) name or address is empty");
}
}
}
options.State = state;
options.Nonce = nonce;
if (options.LoginHintToken == null)
{
options.LoginHint = options.LoginHint ?? LoginHint.GenerateForEncryptedMsisdn(encryptedMsisdn);
}
options.RedirectUrl = redirectUrl;
options.ClientId = clientId;
UriBuilder build = new UriBuilder(authorizeUrl);
build.AddQueryParams(GetAuthenticationQueryParams(options, shouldUseAuthorize, options.Version));
Log.Info(() => $"Authentication URI={build.Uri.AbsoluteUri}");
return(new StartAuthenticationResponse()
{
Url = build.Uri.AbsoluteUri
});
}