protected Task <IFlurlRequest> CreateRequest(IEnumerable <KeyValuePair <string, object> > parameters = null, CancellationToken cancellation = default, params object[] urlSegments)
=> _authClient.AuthenticateAsync(cancellation)
.ThenAsync(accessToken => ClientFactory.Get(ClientConfig.BaseUrl)
.Request(urlSegments)
.SetQueryParams(parameters)
.WithTimeout(TimeSpan.FromSeconds(60))
.WithOAuthBearerToken(accessToken));
public async Task <ActionResult> LoginAsync(LoginViewModel model)
{
if (!ModelState.IsValid)
{
return(View("Login"));
}
var authnOptions = new AuthenticateOptions()
{
Username = model.UserName,
Password = model.Password,
};
try
{
var authnResponse = await _oktaAuthenticationClient.AuthenticateAsync(authnOptions).ConfigureAwait(false);
if (authnResponse.AuthenticationStatus == AuthenticationStatus.Success)
{
var identity = new ClaimsIdentity(
new[] { new Claim(ClaimTypes.Name, model.UserName) },
DefaultAuthenticationTypes.ApplicationCookie);
_authenticationManager.SignIn(new AuthenticationProperties {
IsPersistent = model.RememberMe
}, identity);
return(RedirectToAction("Index", "Home"));
}
else if (authnResponse.AuthenticationStatus == AuthenticationStatus.PasswordExpired)
{
Session["stateToken"] = authnResponse.StateToken;
return(RedirectToAction("ChangePassword", "Manage"));
}
else
{
ModelState.AddModelError(string.Empty, $"Invalid login attempt: {authnResponse.AuthenticationStatus}");
return(View("Login", model));
}
}
catch (OktaApiException exception)
{
ModelState.AddModelError(string.Empty, $"Invalid login attempt: {exception.ErrorSummary}");
return(View("Login", model));
}
}
public async Task <ActionResult> LoginAsync(LoginViewModel model)
{
if (!ModelState.IsValid)
{
return(View("Login"));
}
var authnOptions = new AuthenticateOptions()
{
Username = model.UserName,
Password = model.Password,
};
try
{
var authnResponse = await _oktaAuthenticationClient.AuthenticateAsync(authnOptions).ConfigureAwait(false);
Session["rememberMe"] = model.RememberMe;
if (authnResponse.AuthenticationStatus == AuthenticationStatus.Success)
{
var identity = new ClaimsIdentity(
new[] { new Claim(ClaimTypes.Name, model.UserName) },
DefaultAuthenticationTypes.ApplicationCookie);
_authenticationManager.SignIn(new AuthenticationProperties {
IsPersistent = model.RememberMe
}, identity);
return(RedirectToAction("Index", "Home"));
}
else if (authnResponse.AuthenticationStatus == AuthenticationStatus.MfaEnroll)
{
Session["stateToken"] = authnResponse.StateToken;
var factors = authnResponse.Embedded.GetArrayProperty <Factor>("factors");
Session["factors"] = factors?.Where(x => x.Enrollment.ToUpper() == "REQUIRED").ToList();
return(RedirectToAction("SelectFactor", "Manage"));
}
else if (authnResponse.AuthenticationStatus == AuthenticationStatus.MfaRequired)
{
Session["stateToken"] = authnResponse.StateToken;
var allFactors = authnResponse.Embedded.GetArrayProperty <Factor>("factors");
var defaultMfaFactor = allFactors.FirstOrDefault(x => x.Type == "sms" || x.Type == "email");
if (defaultMfaFactor != null)
{
Session["isMfaRequiredFlow"] = true;
Session["factorId"] = defaultMfaFactor.Id;
return(RedirectToAction("VerifyFactor", "Manage"));
}
throw new NotImplementedException($"Unhandled Factor during MFA Auth");
}
else if (authnResponse.AuthenticationStatus == AuthenticationStatus.PasswordExpired)
{
Session["stateToken"] = authnResponse.StateToken;
return(RedirectToAction("ChangePassword", "Manage"));
}
else
{
ModelState.AddModelError(string.Empty, $"Invalid login attempt: {authnResponse.AuthenticationStatus}");
return(View("Login", model));
}
}
catch (OktaApiException exception)
{
ModelState.AddModelError(string.Empty, $"Invalid login attempt: {exception.ErrorSummary}");
return(View("Login", model));
}
}