/// <inheritdoc/>
public async Task SendLoginRequestAsync(BackchannelUserLoginRequest request)
{
var url = await _issuerNameService.GetCurrentAsync();
url += "/ciba?id=" + request.InternalId;
_logger.LogWarning("IBackchannelAuthenticationUserNotificationService not implemented. But for testing, visit {url} to simulate what a user might need to do to complete the request.", url);
}
public async Task <IActionResult> OnGet(string id)
{
LoginRequest = await _backchannelAuthenticationInteraction.GetLoginRequestByInternalIdAsync(id);
if (LoginRequest == null)
{
_logger.LogWarning("Invalid backchannel login id {id}", id);
return(RedirectToPage("/home/error/index"));
}
return(Page());
}
private ViewModel BuildViewModelAsync(BackchannelUserLoginRequest request, string id, InputModel model = null)
{
if (request is null)
{
throw new InvalidOperationException(_localizer["Invalid login request id."]);
}
if (request.Subject.GetSubjectId() == User.GetSubjectId())
{
return(CreateConsentViewModel(model, id, request));
}
throw new InvalidOperationException(_localizer["SubjectIds don't match."]);
}
private ViewModel CreateConsentViewModel(InputModel model,
string id,
BackchannelUserLoginRequest request)
{
var vm = new ViewModel
{
Input = new InputModel
{
Id = id
},
ClientName = request.Client.ClientName ?? request.Client.ClientId,
ClientUrl = request.Client.ClientUri,
ClientLogoUrl = request.Client.LogoUri,
BindingMessage = request.BindingMessage
};
vm.IdentityScopes = request.ValidatedResources.Resources.IdentityResources
.Select(x => CreateScopeViewModel(x, model?.ScopesConsented == null || model.ScopesConsented?.Contains(x.Name) == true))
.ToArray();
var resourceIndicators = request.RequestedResourceIndicators ?? Enumerable.Empty <string>();
var apiResources = request.ValidatedResources.Resources.ApiResources.Where(x => resourceIndicators.Contains(x.Name));
var apiScopes = new List <ScopeViewModel>();
foreach (var parsedScope in request.ValidatedResources.ParsedScopes)
{
var apiScope = request.ValidatedResources.Resources.FindApiScope(parsedScope.ParsedName);
if (apiScope != null)
{
var scopeVm = CreateScopeViewModel(parsedScope, apiScope, model == null || model.ScopesConsented?.Contains(parsedScope.RawValue) == true);
scopeVm.Resources = apiResources.Where(x => x.Scopes.Contains(parsedScope.ParsedName))
.Select(x => new ResourceViewModel
{
Name = x.Name,
DisplayName = x.DisplayName ?? x.Name,
}).ToArray();
apiScopes.Add(scopeVm);
}
}
if (ConsentOptions.EnableOfflineAccess && request.ValidatedResources.Resources.OfflineAccess)
{
apiScopes.Add(GetOfflineAccessScope(model == null || model.ScopesConsented?.Contains(StandardScopes.OfflineAccess) == true));
}
vm.ApiScopes = apiScopes;
return(vm);
}
public async Task SendLoginRequestAsync(BackchannelUserLoginRequest request)
{
var htmlMessage = await CreateMessage(request).ConfigureAwait(false);
var subject = _localizer["Authorization request"];
using var content = new StringContent(JsonSerializer.Serialize(new Email
{
Addresses = new string[] { request.Subject.FindFirst(c => c.Type == JwtClaimTypes.Email)?.Value },
Message = htmlMessage,
Subject = subject
}), Encoding.UTF8, "application/json");
using var response = await _httpClient.PostAsync(_options.Value.ApiUrl, content)
.ConfigureAwait(false);
response.EnsureSuccessStatusCode();
}
private async Task <string> CreateMessage(BackchannelUserLoginRequest request)
{
var client = request.Client;
var builder = new StringBuilder();
if (client.LogoUri is not null)
{
builder.Append("<div><img src=\"");
builder.Append(client.LogoUri);
builder.Append("\"></div>");
}
builder.Append(_localizer["{0} is requesting your permission", client.ClientName]);
if (!string.IsNullOrEmpty(request.BindingMessage))
{
builder.Append("<div>");
builder.Append(_localizer["Verify that this identifier matches what the client is displaying: {0}", request.BindingMessage]);
builder.Append("</div>");
}
builder.Append("<div>");
builder.Append(_localizer[" Do you wish to continue?", client.ClientName]);
builder.Append("</div>");
var issuer = await _nameService.GetCurrentAsync().ConfigureAwait(false);
if (!issuer.EndsWith('/'))
{
issuer += "/";
}
builder.Append("<div>");
builder.Append("<a href =\"");
builder.Append(issuer);
builder.Append("ciba/consent?id=");
builder.Append(request.InternalId);
builder.Append("\">");
builder.Append(_localizer["Yes, Continue"]);
builder.Append("</a>");
builder.Append("</div>");
return(builder.ToString());
}
public Task SendLoginRequestAsync(BackchannelUserLoginRequest request)
{
LoginRequest = request;
return(Task.CompletedTask);
}
