/// <inheritdoc/>
public virtual async Task <BackchannelAuthenticationResponse> ProcessAsync(BackchannelAuthenticationRequestValidationResult validationResult)
{
using var activity = Tracing.BasicActivitySource.StartActivity("BackchannelAuthenticationResponseGenerator.Process");
if (validationResult == null)
{
throw new ArgumentNullException(nameof(validationResult));
}
if (validationResult.ValidatedRequest == null)
{
throw new ArgumentNullException(nameof(validationResult.ValidatedRequest));
}
if (validationResult.ValidatedRequest.Client == null)
{
throw new ArgumentNullException(nameof(validationResult.ValidatedRequest.Client));
}
Logger.LogTrace("Creating response for backchannel authentication request");
var request = new BackChannelAuthenticationRequest
{
CreationTime = Clock.UtcNow.UtcDateTime,
ClientId = validationResult.ValidatedRequest.ClientId,
RequestedScopes = validationResult.ValidatedRequest.ValidatedResources.RawScopeValues,
RequestedResourceIndicators = validationResult.ValidatedRequest.RequestedResourceIndiators,
Subject = validationResult.ValidatedRequest.Subject,
Lifetime = validationResult.ValidatedRequest.Expiry,
AuthenticationContextReferenceClasses = validationResult.ValidatedRequest.AuthenticationContextReferenceClasses,
Tenant = validationResult.ValidatedRequest.Tenant,
IdP = validationResult.ValidatedRequest.IdP,
BindingMessage = validationResult.ValidatedRequest.BindingMessage,
};
var requestId = await BackChannelAuthenticationRequestStore.CreateRequestAsync(request);
var interval = validationResult.ValidatedRequest.Client.PollingInterval ?? Options.Ciba.DefaultPollingInterval;
var response = new BackchannelAuthenticationResponse()
{
AuthenticationRequestId = requestId,
ExpiresIn = request.Lifetime,
Interval = interval,
};
await UserLoginService.SendLoginRequestAsync(new BackchannelUserLoginRequest
{
InternalId = request.InternalId,
Subject = validationResult.ValidatedRequest.Subject,
Client = validationResult.ValidatedRequest.Client,
ValidatedResources = validationResult.ValidatedRequest.ValidatedResources,
RequestedResourceIndicators = validationResult.ValidatedRequest.RequestedResourceIndiators,
BindingMessage = validationResult.ValidatedRequest.BindingMessage,
AuthenticationContextReferenceClasses = validationResult.ValidatedRequest.AuthenticationContextReferenceClasses,
Tenant = validationResult.ValidatedRequest.Tenant,
IdP = validationResult.ValidatedRequest.IdP,
});
return(response);
}
/// <summary>
/// Initializes a new instance of the <see cref="BackchannelAuthenticationSuccessEvent"/> class.
/// </summary>
/// <param name="request">The request.</param>
public BackchannelAuthenticationSuccessEvent(BackchannelAuthenticationRequestValidationResult request)
: this()
{
ClientId = request.ValidatedRequest.Client.ClientId;
ClientName = request.ValidatedRequest.Client.ClientName;
Endpoint = Constants.EndpointNames.BackchannelAuthentication;
SubjectId = request.ValidatedRequest.Subject?.GetSubjectId();
Scopes = request.ValidatedRequest.ValidatedResources.RawScopeValues.ToSpaceSeparatedString();
}
/// <summary>
/// Initializes a new instance of the <see cref="BackchannelAuthenticationFailureEvent"/> class.
/// </summary>
/// <param name="result">The result.</param>
public BackchannelAuthenticationFailureEvent(BackchannelAuthenticationRequestValidationResult result)
: this()
{
if (result.ValidatedRequest != null)
{
ClientId = result.ValidatedRequest.Client.ClientId;
ClientName = result.ValidatedRequest.Client.ClientName;
Scopes = result.ValidatedRequest.RequestedScopes?.ToSpaceSeparatedString();
if (result.ValidatedRequest.Subject != null && result.ValidatedRequest.Subject.Identity.IsAuthenticated)
{
SubjectId = result.ValidatedRequest.Subject.GetSubjectId();
}
}
Endpoint = Constants.EndpointNames.BackchannelAuthentication;
Error = result.Error;
ErrorDescription = result.ErrorDescription;
}
private void LogResponse(BackchannelAuthenticationResponse response, BackchannelAuthenticationRequestValidationResult requestResult)
{
_logger.LogTrace("BackchannelAuthenticationResponse: {@response} for subject {subjectId}", response, requestResult.ValidatedRequest.Subject.GetSubjectId());
}
