async Task <ConsentViewModel> BuildViewModelAsync(string returnUrl, ConsentInputModel model = null)
{
var request = await _interaction.GetAuthorizationContextAsync(returnUrl);
if (request != null)
{
var client = await _clientStore.FindEnabledClientByIdAsync(request.ClientId);
if (client != null)
{
var scopes = await _scopeStore.FindEnabledScopesAsync(request.ScopesRequested);
if (scopes != null && scopes.Any())
{
return(new ConsentViewModel(model, returnUrl, request, client, scopes));
}
else
{
_logger.LogError("No scopes matching: {0}", request.ScopesRequested.Aggregate((x, y) => x + ", " + y));
}
}
else
{
_logger.LogError("Invalid client id: {0}", request.ClientId);
}
}
else
{
_logger.LogError("No consent request matching request: {0}", returnUrl);
}
return(null);
}
public async Task <ScopeSecretValidationResult> ValidateAsync(HttpContext context)
{
_logger.LogTrace("Start scope validation");
var fail = new ScopeSecretValidationResult
{
IsError = true
};
var parsedSecret = await _parser.ParseAsync(context);
if (parsedSecret == null)
{
await RaiseFailureEvent("unknown", "No scope id or secret found");
_logger.LogError("No scope secret found");
return(fail);
}
// load scope
var scope = (await _scopes.FindEnabledScopesAsync(new[] { parsedSecret.Id })).FirstOrDefault();
if (scope == null)
{
await RaiseFailureEvent(parsedSecret.Id, "Unknown scope");
_logger.LogError("No scope with that name found. aborting");
return(fail);
}
var result = await _validator.ValidateAsync(parsedSecret, scope.ScopeSecrets);
if (result.Success)
{
_logger.LogDebug("Scope validation success");
var success = new ScopeSecretValidationResult
{
IsError = false,
Scope = scope
};
await RaiseSuccessEvent(scope.Name);
return(success);
}
await RaiseFailureEvent(scope.Name, "Invalid client secret");
_logger.LogError("Scope validation failed.");
return(fail);
}
public async Task <bool> AreScopesValidAsync(IEnumerable <string> requestedScopes)
{
var requestedScopesArray = requestedScopes as string[] ?? requestedScopes.ToArray();
var availableScopesArray = (await _store.FindEnabledScopesAsync(requestedScopesArray)).ToArray();
foreach (var requestedScope in requestedScopesArray)
{
var scopeDetail = availableScopesArray.FirstOrDefault(s => s.Name == requestedScope);
if (scopeDetail == null)
{
_logger.LogError("Invalid scope: {requestedScope}", requestedScope);
return(false);
}
if (scopeDetail.Enabled == false)
{
_logger.LogError("Scope disabled: {requestedScope}", requestedScope);
return(false);
}
if (scopeDetail.Type == ScopeType.Identity)
{
ContainsOpenIdScopes = true;
}
else
{
ContainsResourceScopes = true;
}
GrantedScopes.Add(scopeDetail);
}
if (requestedScopesArray.Contains(Constants.StandardScopes.OfflineAccess))
{
ContainsOfflineAccessScope = true;
}
RequestedScopes.AddRange(GrantedScopes);
return(true);
}
public async Task <RequestedClaimTypes> GetRequestedClaimTypesAsync(IEnumerable <string> scopes)
{
if (scopes == null || !scopes.Any())
{
return(new RequestedClaimTypes());
}
var scopeString = string.Join(" ", scopes);
_logger.LogDebug("Scopes in access token: {scopes}", scopeString);
var scopeDetails = await _scopes.FindEnabledScopesAsync(scopes);
var scopeClaims = new List <string>();
foreach (var scope in scopes)
{
var scopeDetail = scopeDetails.FirstOrDefault(s => s.Name == scope);
if (scopeDetail != null)
{
if (scopeDetail.Type == ScopeType.Identity)
{
if (scopeDetail.IncludeAllClaimsForUser)
{
return(new RequestedClaimTypes
{
IncludeAllClaims = true
});
}
scopeClaims.AddRange(scopeDetail.Claims.Select(c => c.Name));
}
}
}
return(new RequestedClaimTypes(scopeClaims));
}
private async Task <TokenResponse> ProcessAuthorizationCodeRequestAsync(ValidatedTokenRequest request)
{
_logger.LogTrace("Processing authorization code request");
//////////////////////////
// access token
/////////////////////////
var accessToken = await CreateAccessTokenAsync(request);
var response = new TokenResponse
{
AccessToken = accessToken.Item1,
AccessTokenLifetime = request.Client.AccessTokenLifetime
};
//////////////////////////
// refresh token
/////////////////////////
if (accessToken.Item2.IsPresent())
{
response.RefreshToken = accessToken.Item2;
}
//////////////////////////
// id token
/////////////////////////
if (request.AuthorizationCode.IsOpenId)
{
// load the client that belongs to the authorization code
Client client = null;
if (request.AuthorizationCode.ClientId != null)
{
client = await _clients.FindEnabledClientByIdAsync(request.AuthorizationCode.ClientId);
}
if (client == null)
{
throw new InvalidOperationException("Client does not exist anymore.");
}
var scopes = await _scopes.FindEnabledScopesAsync(request.AuthorizationCode.RequestedScopes);
var tokenRequest = new TokenCreationRequest
{
Subject = request.AuthorizationCode.Subject,
Client = client,
Scopes = scopes,
Nonce = request.AuthorizationCode.Nonce,
ValidatedRequest = request
};
var idToken = await _tokenService.CreateIdentityTokenAsync(tokenRequest);
var jwt = await _tokenService.CreateSecurityTokenAsync(idToken);
response.IdentityToken = jwt;
}
return(response);
}