public IdentityTokenResponse PostJSONToken(IdentityTokenRequest token) { IdentityTokenResponse response = new IdentityTokenResponse(); try { IdentityToken identityToken = null; using (DecodedJsonToken decodedToken = JsonTokenDecoder.Decode(token)) { if (decodedToken.IsValid) { identityToken = new IdentityToken(token, decodedToken.Audience, decodedToken.AuthMetadataUri); } } response.token = identityToken; } catch (Exception ex) { response.errorMessage = ex.Message; } return(response); }
public async System.Threading.Tasks.Task <AppointmentProxyResponse> PostServiceRequest(AppointmentProxyRequest proxyRequest) { AppointmentProxyResponse proxyResponse = new AppointmentProxyResponse(); try { IdentityToken identityToken = null; var organizerDomain = string.Empty; var thirdPartyEventId = (string.IsNullOrEmpty(proxyRequest.thirdPartyEventId)) ? string.Empty : proxyRequest.thirdPartyEventId; var thirdPartySecretKey = string.Empty; using (DecodedJsonToken decodedToken = JsonTokenDecoder.Decode(proxyRequest)) { if (decodedToken.IsValid) { identityToken = new IdentityToken(proxyRequest, decodedToken.Audience, decodedToken.AuthMetadataUri); // todo - add whatever logic you need to do here if (!string.IsNullOrEmpty(proxyRequest.organizerEmailAddress)) { organizerDomain = proxyRequest.organizerEmailAddress.Split('@')[1]; } if (string.IsNullOrEmpty(thirdPartyEventId)) { thirdPartyEventId = $"KF{Guid.NewGuid().ToString()}"; } var secretKey = organizerDomain.Replace('.', '-'); thirdPartySecretKey = await KeyVaultClientHelper.GetDomainSecret(secretKey); } } proxyResponse.token = identityToken; proxyResponse.organizerTenant = organizerDomain; proxyResponse.thirdPartyEventId = thirdPartyEventId; proxyResponse.thirdPartySecretKey = thirdPartySecretKey; } catch (Exception ex) { proxyResponse.errorMessage = ex.Message; } return(proxyResponse); }
public async Task <HttpResponseMessage> Validate([FromBody] IdentityTokenRequest token) { //validate the identity token passed from the client IdentityTokenResponse response = new IdentityTokenResponse(); try { //decode and validate the token passed in IdentityToken identityToken = null; using (DecodedJsonToken decodedToken = JsonTokenDecoder.Decode(token)) { if (decodedToken.IsValid) { identityToken = new IdentityToken(token, decodedToken.Audience, decodedToken.AuthMetadataUri); } } response.token = identityToken; //now that the key is validated, we can perform a lookup against DocDB for it's hased value (combination of metadata document URL with the Exchange identifier) if (identityToken != null) { //the token is valid...check if user is valid (has valid refresh token) response.validToken = true; string hash = ComputeSHA256Hash(response.token.uniqueID, response.token.amurl, Salt); response.user = DocumentDBRepository <UserModel> .GetItem("Users", i => i.hash == hash); if (response.user != null) { //check for and validate the refresh token if (!String.IsNullOrEmpty(response.user.refresh_token)) { var graphToken = await TokenHelper.GetAccessTokenWithRefreshToken(response.user.refresh_token, SettingsHelper.O365UnifiedAPIResourceId); if (graphToken != null) { //TODO: get the user details against AAD Graph response.validUser = true; } } } else { //the user doesn't exist, so we can add a placeholder record in the data store...TODO: get more data on user???? response.user = new UserModel() { id = Guid.NewGuid().ToString().ToLower(), hash = hash }; await DocumentDBRepository <UserModel> .CreateItemAsync("Users", response.user); } } else { //this was an invalid token!!!! } } catch (Exception ex) { response.errorMessage = ex.Message; } return(Request.CreateResponse <IdentityTokenResponse>(HttpStatusCode.OK, response)); }