IReverseCallClient <EventHorizonConsumerToProducerMessage, EventHorizonProducerToConsumerMessage, ConsumerSubscriptionRequest, Contracts.SubscriptionResponse, ConsumerRequest, ConsumerResponse> CreateClient(
MicroserviceAddress microserviceAddress,
CancellationToken cancellationToken)
{
var client = _clientManager.Get <Contracts.Consumer.ConsumerClient>(
microserviceAddress.Host,
microserviceAddress.Port);
return(_reverseCallClients.GetFor <EventHorizonConsumerToProducerMessage, EventHorizonProducerToConsumerMessage, ConsumerSubscriptionRequest, Contracts.SubscriptionResponse, ConsumerRequest, ConsumerResponse>(
() => client.Subscribe(cancellationToken: cancellationToken),
(message, arguments) => message.SubscriptionRequest = arguments,
message => message.SubscriptionResponse,
message => message.Request,
(message, response) => message.Response = response,
(arguments, context) => arguments.CallContext = context,
request => request.CallContext,
(response, context) => response.CallContext = context,
message => message.Ping,
(message, pong) => message.Pong = pong,
TimeSpan.FromSeconds(7)));
}
private Client ValidateClient(ClaimsPrincipal clientPrincipal, Application application)
{
if (clientPrincipal == null || !clientPrincipal.Identity.IsAuthenticated)
{
Tracing.Error("Anonymous client.");
return(null);
}
var clientIdClaim = clientPrincipal.FindFirst("client_id");
if (clientIdClaim == null)
{
Tracing.Error("No client_id provided.");
return(null);
}
var passwordClaim = clientPrincipal.FindFirst("secret");
if (passwordClaim == null)
{
Tracing.Error("No client secret provided.");
return(null);
}
var client = _clientManager.Get(clientIdClaim.Value);
if (client == null)
{
Tracing.Error("Unable to find client in repository.");
return(null);
}
if (!client.ValidateSharedSecret(passwordClaim.Value))
{
Tracing.Error("Invalid client secret.");
return(null);
}
return(client);
}
/// <inheritdoc />
public IReverseCallClient <TConnectArguments, TConnectResponse, TRequest, TResponse> GetFor <TClient, TClientMessage, TServerMessage, TConnectArguments, TConnectResponse, TRequest, TResponse>(
IReverseCallClientProtocol <TClient, TClientMessage, TServerMessage, TConnectArguments, TConnectResponse, TRequest, TResponse> protocol,
string host,
int port,
TimeSpan pingInterval = default)
where TClient : ClientBase <TClient>
where TClientMessage : IMessage, new()
where TServerMessage : IMessage, new()
where TConnectArguments : class
where TConnectResponse : class
where TRequest : class
where TResponse : class
{
var client = _clientManager.Get <TClient>(host, port);
return(new ReverseCallClient <TClient, TClientMessage, TServerMessage, TConnectArguments, TConnectResponse, TRequest, TResponse>(
protocol,
client,
pingInterval == default ? _defaultPingInterval : pingInterval,
_metrics,
_loggerFactory.CreateLogger <ReverseCallClient <TClient, TClientMessage, TServerMessage, TConnectArguments, TConnectResponse, TRequest, TResponse> >()));
}
// GET: Clients
public ActionResult Index()
{
return(View(manager.Get()));
}
public async Task <IEnumerable <Client> > Index()
{
return(await _manager.Get());
}
public ValidatedRequest Validate(Application application, AuthorizeRequest request)
{
// If the request fails due to a missing, invalid, or mismatching
// redirection URI, or if the client identifier is missing or invalid,
// the authorization server SHOULD inform the resource owner of the
// error and MUST NOT automatically redirect the user-agent to the
// invalid redirection URI.
var validatedRequest = new ValidatedRequest();
// validate request model binding
if (request == null)
{
throw new AuthorizeRequestResourceOwnerException("Invalid request parameters.");
}
validatedRequest.Application = application;
Tracing.InformationFormat("OAuth2 application: {0} ({1})",
validatedRequest.Application.Name,
validatedRequest.Application.Namespace);
validatedRequest.ShowRememberConsent = application.AllowRememberConsentDecision;
// make sure redirect uri is present
if (string.IsNullOrWhiteSpace(request.redirect_uri))
{
throw new AuthorizeRequestResourceOwnerException("Missing redirect URI");
}
// validate client
if (string.IsNullOrWhiteSpace(request.client_id))
{
throw new AuthorizeRequestResourceOwnerException("Missing client identifier");
}
var client = _clientManager.Get(request.client_id);
if (client == null)
{
throw new AuthorizeRequestResourceOwnerException("Invalid client: " + request.client_id);
}
validatedRequest.Client = client;
Tracing.InformationFormat("Client: {0} ({1})",
validatedRequest.Client.Name,
validatedRequest.Client.ClientId);
// make sure redirect_uri is a valid uri, and in case of http is over ssl
Uri redirectUri;
if (Uri.TryCreate(request.redirect_uri, UriKind.Absolute, out redirectUri))
{
if (redirectUri.Scheme == Uri.UriSchemeHttp)
{
throw new AuthorizeRequestClientException(
"Redirect URI not over SSL : " + request.redirect_uri,
new Uri(request.redirect_uri),
OAuthConstants.Errors.InvalidRequest,
string.Empty,
validatedRequest.State);
}
// make sure redirect uri is registered with client
var validUri = validatedRequest.Client.RedirectUris.Get(request.redirect_uri);
if (validUri == null)
{
throw new AuthorizeRequestResourceOwnerException("Invalid redirect URI: " + request.redirect_uri);
}
validatedRequest.RedirectUri = validUri;
Tracing.InformationFormat("Redirect URI: {0} ({1})",
validatedRequest.RedirectUri.Uri,
validatedRequest.RedirectUri.Description);
}
else
{
var message = "Invalid redirect URI: " + request.redirect_uri;
Tracing.Error(message);
throw new AuthorizeRequestResourceOwnerException("Invalid redirect URI: " + request.redirect_uri);
}
// check state
if (!string.IsNullOrWhiteSpace(request.state))
{
validatedRequest.State = request.state;
Tracing.Information("State: " + validatedRequest.State);
}
else
{
Tracing.Information("No state supplied.");
}
// validate response type
if (String.IsNullOrWhiteSpace(request.response_type))
{
throw new AuthorizeRequestClientException(
"response_type is null or empty",
new Uri(validatedRequest.RedirectUri.Uri),
OAuthConstants.Errors.InvalidRequest,
string.Empty,
validatedRequest.State);
}
// check response type (only code and token are supported)
if (!request.response_type.Equals(OAuthConstants.ResponseTypes.Token, StringComparison.Ordinal) &&
!request.response_type.Equals(OAuthConstants.ResponseTypes.Code, StringComparison.Ordinal))
{
throw new AuthorizeRequestClientException(
"response_type is not token or code: " + request.response_type,
new Uri(validatedRequest.RedirectUri.Uri),
OAuthConstants.Errors.UnsupportedResponseType,
string.Empty,
validatedRequest.State);
}
validatedRequest.ResponseType = request.response_type;
Tracing.Information("Response type: " + validatedRequest.ResponseType);
if (request.response_type == OAuthConstants.ResponseTypes.Code)
{
ValidateCodeResponseType(validatedRequest, request);
}
else if (request.response_type == OAuthConstants.ResponseTypes.Token)
{
ValidateTokenResponseType(validatedRequest, request);
}
else
{
throw new AuthorizeRequestClientException(
"Invalid response_type: " + request.response_type,
new Uri(validatedRequest.RedirectUri.Uri),
OAuthConstants.Errors.UnsupportedResponseType,
request.response_type,
validatedRequest.State);
}
ValidateScopes(request, validatedRequest);
// TODO: fix based upon past "remember me" settings
validatedRequest.ShowConsent = client.RequireConsent || application.RequireConsent;
Tracing.Information("Authorize request validation successful.");
return(validatedRequest);
}
