public static WebApplicationAccess Find(string clientId)
{
WebApplicationAccess webApplication = null;
if (WebApplicationAccessList.TryGetValue(clientId, out webApplication))
{
return(webApplication);
}
return(null);
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
string clientId = string.Empty;
string clientSecret = string.Empty;
string symmetricKeyAsBase64 = string.Empty;
if (!context.TryGetBasicCredentials(out clientId, out clientSecret))
{
context.TryGetFormCredentials(out clientId, out clientSecret);
}
if (context.ClientId == null)
{
context.SetError("invalid_clientId", "client_Id não pode ser nulo");
return(Task.FromResult <object>(null));
}
//Procurando pelo Client Id
var token = context.ClientId.Split(':');
var client_id = token.First();
var accessKey = token.Last();
var applicationAccess = WebApplicationAccess.Find(client_id);
if (applicationAccess == null)
{
context.SetError("invalid_clientId", "client_Id não encontrado");
return(Task.FromResult <object>(null));
}
if (applicationAccess.AccessKey != accessKey)
{
context.SetError("invalid_clientId", "access key não encontrado ou inválido");
return(Task.FromResult <object>(null));
}
context.Validated();
return(Task.FromResult <object>(null));
}
public static WebApplicationAccess GrantApplication(string name)
{
var clientId = Guid.NewGuid().ToString("N");
var key = new byte[32];
RNGCryptoServiceProvider.Create().GetBytes(key);
var base64Secret = TextEncodings.Base64Url.Encode(key);
var accessKey = new byte[32];
RNGCryptoServiceProvider.Create().GetBytes(key);
var accessKeyText = TextEncodings.Base64Url.Encode(key);
WebApplicationAccess newWebApplication = new WebApplicationAccess {
ClientId = clientId, SecretKey = base64Secret, AccessKey = accessKeyText, ApplicationName = name
};
WebApplicationAccessList.TryAdd(clientId, newWebApplication);
return(newWebApplication);
}
public string Protect(AuthenticationTicket data)
{
if (data == null)
{
throw new ArgumentNullException("data");
}
string audience = data.Properties.Dictionary["audience"];
if (string.IsNullOrWhiteSpace(audience))
{
throw new InvalidOperationException("ClientId e AccessKey não foi encontrado");
}
var keys = audience.Split(':');
var client_id = keys.First();
var accessKey = keys.Last();
var applicationAccess = WebApplicationAccess.Find(client_id);
var keyByteArray = TextEncodings.Base64Url.Decode(applicationAccess.SecretKey);
var signingKey = new HmacSigningCredentials(keyByteArray);
var issued = data.Properties.IssuedUtc;
var expires = data.Properties.ExpiresUtc;
var token = new JwtSecurityToken(_issuer, client_id, data.Identity.Claims, issued.Value.UtcDateTime, expires.Value.UtcDateTime, signingKey);
var handler = new JwtSecurityTokenHandler();
var jwt = handler.WriteToken(token);
return(jwt);
}