protected override Task ApplyResponseChallengeAsync()
{
if (Response.StatusCode != 401)
{
return(Task.FromResult <object>(null));
}
var challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode);
if (challenge == null)
{
return(Task.FromResult <object>(null));
}
string baseUri = Request.Scheme + Uri.SchemeDelimiter + this.GetHostName() + Request.PathBase;
string currentUri = baseUri + Request.Path + Request.QueryString;
string redirectUri = baseUri + Options.CallbackPath;
var properties = challenge.Properties;
if (string.IsNullOrEmpty(properties.RedirectUri))
{
properties.RedirectUri = currentUri;
}
string codeVerifier = string.Empty;
string codeChallenge = string.Empty;
if (Options.RequirePkce)
{
codeVerifier = CryptoRandom.CreateUniqueId(32);
codeChallenge = codeVerifier.ToSha256().TrimEnd('=').Replace('+', '-').Replace('/', '_');
properties.Dictionary.Add(PkceCodeVerifierKey, codeVerifier);
}
// OAuth2 10.12 CSRF
GenerateCorrelationId(properties);
string state = Options.StateDataFormat.Protect(properties);
string authorizationEndpoint =
Options.Endpoints.AuthorizationEndpoint +
"?response_type=code" +
"&scope=*" +
"&client_id=" + Uri.EscapeDataString(Options.ClientId) +
"&redirect_uri=" + Uri.EscapeDataString(redirectUri) +
"&state=" + Uri.EscapeDataString(state);
if (Options.RequirePkce)
{
authorizationEndpoint += "&code_challenge=" + codeChallenge + "&code_challenge_method=S256";
}
var redirectContext = new GeocachingApplyRedirectContext(
Context, Options,
properties, authorizationEndpoint);
Options.Provider.ApplyRedirect(redirectContext);
return(Task.FromResult <object>(null));
}
/// <summary>
/// Called when a Challenge causes a redirect to authorize endpoint in the Geocaching middleware
/// </summary>
/// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge </param>
public virtual void ApplyRedirect(GeocachingApplyRedirectContext context)
{
OnApplyRedirect(context);
}
