public async Task <JwsPayload> UpdatePayloadDate(JwsPayload jwsPayload) { if (jwsPayload == null) { throw new ArgumentNullException(nameof(jwsPayload)); } var timeKeyValuePair = await GetExpirationAndIssuedTime(); var expirationInSeconds = timeKeyValuePair.Key; var issuedAtTime = timeKeyValuePair.Value; if (jwsPayload.ContainsKey(StandardClaimNames.Iat)) { jwsPayload[StandardClaimNames.Iat] = issuedAtTime; } else { jwsPayload.Add(StandardClaimNames.Iat, issuedAtTime); } if (jwsPayload.ContainsKey(StandardClaimNames.ExpirationTime)) { jwsPayload[StandardClaimNames.ExpirationTime] = expirationInSeconds; } else { jwsPayload.Add(StandardClaimNames.ExpirationTime, expirationInSeconds); } return(jwsPayload); }
protected virtual void CheckRequestObject(JwsHeader header, JwsPayload jwsPayload, OpenIdClient openidClient, HandlerContext context) { if (jwsPayload == null) { throw new OAuthException(ErrorCodes.INVALID_REQUEST, OAuth.ErrorMessages.INVALID_JWS_REQUEST_PARAMETER); } if (!string.IsNullOrWhiteSpace(openidClient.RequestObjectSigningAlg) && header.Alg != openidClient.RequestObjectSigningAlg) { throw new OAuthException(ErrorCodes.INVALID_REQUEST_OBJECT, ErrorMessages.INVALID_SIGNATURE_ALG); } if (!jwsPayload.ContainsKey(OAuth.DTOs.AuthorizationRequestParameters.ResponseType)) { throw new OAuthException(ErrorCodes.INVALID_REQUEST_OBJECT, ErrorMessages.MISSING_RESPONSE_TYPE_CLAIM); } if (!jwsPayload.ContainsKey(OAuth.DTOs.AuthorizationRequestParameters.ClientId)) { throw new OAuthException(ErrorCodes.INVALID_REQUEST_OBJECT, ErrorMessages.MISSING_CLIENT_ID_CLAIM); } if (!jwsPayload[OAuth.DTOs.AuthorizationRequestParameters.ResponseType].ToString().Split(' ').OrderBy(s => s).SequenceEqual(context.Request.RequestData.GetResponseTypesFromAuthorizationRequest().OrderBy(s => s))) { throw new OAuthException(ErrorCodes.INVALID_REQUEST_OBJECT, ErrorMessages.INVALID_RESPONSE_TYPE_CLAIM); } if (jwsPayload[OAuth.DTOs.AuthorizationRequestParameters.ClientId].ToString() != context.Client.ClientId) { throw new OAuthException(ErrorCodes.INVALID_REQUEST_OBJECT, ErrorMessages.INVALID_CLIENT_ID_CLAIM); } }
private static void Init(JwsPayload payload) { if (!payload.ContainsKey(CLAIM_NAMES)) { payload.Add(CLAIM_NAMES, new JObject()); } if (!payload.ContainsKey(CLAIM_SOURCES)) { payload.Add(CLAIM_SOURCES, new JObject()); } }
private static bool CompareJwsPayload(JwsPayload firstJwsPayload, JwsPayload secondJwsPayload) { foreach (var record in firstJwsPayload) { if (!Core.Jwt.Constants.AllStandardResourceOwnerClaimNames.Contains(record.Key)) { continue; } if (!secondJwsPayload.ContainsKey(record.Key)) { return(false); } if (!string.Equals( record.Value.ToString(), secondJwsPayload[record.Key].ToString(), StringComparison.CurrentCultureIgnoreCase)) { return(false); } } return(true); }
public static IEnumerable <AuthorizationRequestClaimParameter> GetClaims(this JwsPayload jObj) { if (!jObj.ContainsKey(AuthorizationRequestParameters.Claims)) { return(new AuthorizationRequestClaimParameter[0]); } return(((JObject)JsonConvert.DeserializeObject(jObj[AuthorizationRequestParameters.Claims].ToString())).GetClaims()); }
public void When_JwsAlg_Is_RS512_And_AuthorizationCode_And_AccessToken_Are_Not_Empty_Then_OtherClaims_Are_FilledIn() { // ARRANGE InitializeMockObjects(); var client = FakeOpenIdAssets.GetClients().First(); client.IdTokenSignedResponseAlg = Constants.JwsAlgNames.RS512; var jwsPayload = new JwsPayload(); var authorizationParameter = new AuthorizationParameter { ClientId = client.ClientId }; // ACT & ASSERT _jwtGenerator.FillInOtherClaimsIdentityTokenPayload(jwsPayload, "authorization_code", "access_token", authorizationParameter, client); Assert.True(jwsPayload.ContainsKey(StandardClaimNames.AtHash)); Assert.True(jwsPayload.ContainsKey(StandardClaimNames.CHash)); }
public void When_JwsAlg_Is_None_And_Trying_To_FillIn_Other_Claims_Then_The_Properties_Are_Not_Filled_In() { // ARRANGE InitializeMockObjects(); var client = FakeOpenIdAssets.GetClients().First(); client.IdTokenSignedResponseAlg = "none"; var jwsPayload = new JwsPayload(); var authorizationParameter = new AuthorizationParameter { ClientId = client.ClientId }; // ACT & ASSERT _jwtGenerator.FillInOtherClaimsIdentityTokenPayload(jwsPayload, null, null, authorizationParameter, new Client()); Assert.False(jwsPayload.ContainsKey(StandardClaimNames.AtHash)); Assert.False(jwsPayload.ContainsKey(StandardClaimNames.CHash)); }
/// <summary> /// Try to get the value from the PAYLOAD. /// </summary> /// <param name="jwsPayload"></param> /// <param name="key"></param> /// <returns></returns> private static string TryGetKey(JwsPayload jwsPayload, string key) { if (!jwsPayload.ContainsKey(key)) { return(string.Empty); } return(jwsPayload[key].ToString()); }
public static IEnumerable <AuthorizationRequestClaimParameter> GetClaimsFromAccessToken(this JwsPayload jObj, AuthorizationRequestClaimTypes type) { if (!jObj.ContainsKey(AuthorizationRequestParameters.Claims)) { return(new AuthorizationRequestClaimParameter[0]); } var claims = jObj[AuthorizationRequestParameters.Claims] as JObject; return(claims.ExtractClaims(type)); }
private bool CompareJwsPayload(JwsPayload firstJwsPayload, JwsPayload secondJwsPayload) { foreach (var record in firstJwsPayload) { if (!_userClaims.Contains(record.Key)) { continue; } if (!secondJwsPayload.ContainsKey(record.Key)) { return(false); } if (!string.Equals(record.Value.ToString(), secondJwsPayload[record.Key].ToString(), StringComparison.CurrentCultureIgnoreCase)) { return(false); } } return(true); }
public async Task Enrich(JwsPayload result, JObject queryParameters, CancellationToken cancellationToken) { var authRequestId = queryParameters.GetAuthRequestId(); if (!string.IsNullOrWhiteSpace(authRequestId)) { var authorize = await _bcAuthorizeRepository.Get(authRequestId, cancellationToken); if (authorize != null && authorize.Permissions.Any()) { var firstPermission = authorize.Permissions.First(); if (result.ContainsKey(_options.OpenBankingApiConsentClaimName)) { result[_options.OpenBankingApiConsentClaimName] = firstPermission.ConsentId; } else { result.Add(_options.OpenBankingApiConsentClaimName, firstPermission.ConsentId); } } if (authorize.Scopes.Contains(SIDOpenIdConstants.StandardScopes.OpenIdScope.Name) && !result.ContainsKey(UserClaims.Subject)) { result.Add(UserClaims.Subject, authorize.UserId); } } var requestedClaims = queryParameters.GetClaimsFromAuthorizationRequest(); if (requestedClaims != null) { var requestedClaim = requestedClaims.FirstOrDefault(c => c.Name == _options.OpenBankingApiConsentClaimName); if (requestedClaim != null) { result.Add(_options.OpenBankingApiConsentClaimName, requestedClaim.Values.First()); } } }
protected override void CheckRequestObject(JwsHeader header, JwsPayload jwsPayload, OpenIdClient openidClient, HandlerContext context) { base.CheckRequestObject(header, jwsPayload, openidClient, context); if (!jwsPayload.ContainsKey(Jwt.Constants.OAuthClaims.ExpirationTime)) { throw new OAuthException(ErrorCodes.INVALID_REQUEST, string.Format(ErrorMessages.MISSING_PARAMETER, Jwt.Constants.OAuthClaims.ExpirationTime)); } var currentDateTime = DateTime.UtcNow.ConvertToUnixTimestamp(); var exp = jwsPayload.GetExpirationTime(); if (currentDateTime > exp) { throw new OAuthException(ErrorCodes.INVALID_REQUEST_OBJECT, ErrorMessages.REQUEST_OBJECT_IS_EXPIRED); } var audiences = jwsPayload.GetAudiences(); if (audiences.Any() && !audiences.Contains(context.Request.IssuerName)) { throw new OAuthException(ErrorCodes.INVALID_REQUEST_OBJECT, ErrorMessages.REQUEST_OBJECT_BAD_AUDIENCE); } }