/// <summary>Create</summary>
/// <param name="iss">string</param>
/// <param name="aud">string</param>
/// <param name="response_type">string</param>
/// <param name="response_mode">string</param>
/// <param name="redirect_uri">string</param>
/// <param name="scopes">string</param>
/// <param name="state">string</param>
/// <param name="nonce">string</param>
/// <param name="max_age">string</param>
/// <param name="prompt">string</param>
/// <param name="login_hint">string</param>
/// <param name="claims">ClaimsInRO</param>
/// <param name="rsaPrivateKey">RS256用のRSAParameters秘密鍵</param>
/// <returns>RequestObject</returns>
public static string Create(
string iss, string aud, string response_type, string response_mode,
string redirect_uri, string scopes, string state, string nonce,
string max_age, string prompt, string login_hint, ClaimsInRO claims, RSAParameters rsaPrivateKey)
{
string json = "";
#region ClaimSetの生成
Dictionary <string, object> requestObjectClaimSet = new Dictionary <string, object>();
requestObjectClaimSet.Add(OAuth2AndOIDCConst.iss, iss); // client_id
requestObjectClaimSet.Add(OAuth2AndOIDCConst.aud, aud); // ROS EndPointのuri。
requestObjectClaimSet.Add(OAuth2AndOIDCConst.response_type, response_type);
requestObjectClaimSet.Add(OAuth2AndOIDCConst.client_id, iss);
if (!string.IsNullOrEmpty(response_mode))
{
requestObjectClaimSet.Add(OAuth2AndOIDCConst.response_mode, response_mode);
}
if (!string.IsNullOrEmpty(redirect_uri))
{
requestObjectClaimSet.Add(OAuth2AndOIDCConst.redirect_uri, redirect_uri);
}
requestObjectClaimSet.Add(OAuth2AndOIDCConst.scope, scopes);
requestObjectClaimSet.Add(OAuth2AndOIDCConst.state, state);
if (!string.IsNullOrEmpty(nonce))
{
requestObjectClaimSet.Add(OAuth2AndOIDCConst.nonce, nonce);
}
if (!string.IsNullOrEmpty(max_age))
{
requestObjectClaimSet.Add(OAuth2AndOIDCConst.max_age, max_age);
}
if (!string.IsNullOrEmpty(prompt))
{
requestObjectClaimSet.Add(OAuth2AndOIDCConst.prompt, prompt);
}
if (!string.IsNullOrEmpty(login_hint))
{
requestObjectClaimSet.Add(OAuth2AndOIDCConst.login_hint, login_hint);
}
requestObjectClaimSet.Add(OAuth2AndOIDCConst.claims, claims.Claims);
json = JsonConvert.SerializeObject(requestObjectClaimSet);
#endregion
#region JWT化
JWS_RS256_Param jwtRS256 = new JWS_RS256_Param(rsaPrivateKey);
return(jwtRS256.Create(json));
#endregion
}
// https://openid.net/specs/openid-connect-core-1_0.html#RequestObject
// {
// "iss": "s6BhdRkqt3",
// "aud": "https://server.example.com",
// "response_type": "code id_token",
// "client_id": "s6BhdRkqt3",
// "redirect_uri": "https://client.example.org/cb",
// "scope": "openid",
// "state": "af0ifjsldkj",
// "nonce": "n-0S6_WzA2Mj",
// "max_age": 86400,
// "claims": ... see : ClaimsInRO.cs
// }
// 以下はI/F上に含めない。
// - display ... promptの形式
// - ui_locales ... UICulture的な
// - id_token_hint ... 以前のid_token(再認証)
#region Create
/// <summary>Create</summary>
/// <param name="iss">string</param>
/// <param name="aud">string</param>
/// <param name="response_type">string</param>
/// <param name="response_mode">string</param>
/// <param name="redirect_uri">string</param>
/// <param name="scopes">string</param>
/// <param name="state">string</param>
/// <param name="nonce">string</param>
/// <param name="max_age">string</param>
/// <param name="prompt">string</param>
/// <param name="login_hint">string</param>
/// <param name="claims">ClaimsInRO</param>
/// <param name="jwkPrivateKey">string</param>
/// <returns>RequestObject</returns>
public static string Create(
string iss, string aud, string response_type, string response_mode,
string redirect_uri, string scopes, string state, string nonce,
string max_age, string prompt, string login_hint, ClaimsInRO claims, string jwkPrivateKey)
{
RsaPrivateKeyConverter rpkc = new RsaPrivateKeyConverter();
return(RequestObject.Create(
iss, aud, response_type, response_mode,
redirect_uri, scopes, state, nonce,
max_age, prompt, login_hint, claims,
rpkc.JwkToParam(jwkPrivateKey)));
}
