private OIDCClientSecretJWT AddClientAuthenticatedToRequest(ref WebRequest request, ref OIDCAuthenticatedMessage requestMessage, string grantType, OIDCClientInformation clientInformation, byte[] privateKey) { OIDCClientSecretJWT tokenData = null; byte[] encKey = null; switch (grantType) { case "client_secret_basic": string basic = clientInformation.ClientId + ":" + clientInformation.ClientSecret; basic = Encoding.ASCII.GetString(Encoding.ASCII.GetBytes(basic)); request.Headers.Add("Authorization", "Basic " + Convert.ToBase64String(Encoding.UTF8.GetBytes(basic))); break; case "client_secret_post": requestMessage.ClientId = clientInformation.ClientId; requestMessage.ClientSecret = clientInformation.ClientSecret; break; case "client_secret_jwt": encKey = Encoding.UTF8.GetBytes(clientInformation.ClientSecret); break; case "private_key_jwt": encKey = privateKey; break; default: // case "none" break; } // If client_secret_jwt or private_key_jwt pass a JWT bearer token with the // specified key for encryption. if (encKey != null) { tokenData = new OIDCClientSecretJWT(); tokenData.Iss = clientInformation.ClientId; tokenData.Sub = clientInformation.ClientId; tokenData.Aud = request.RequestUri.ToString(); if (tokenData.Aud.Contains("?")) { tokenData.Aud = tokenData.Aud.Substring(0, tokenData.Aud.IndexOf("?")); } tokenData.Jti = WebOperations.RandomString(); tokenData.Exp = DateTime.Now; tokenData.Iat = DateTime.Now - new TimeSpan(0, 10, 0); requestMessage.ClientAssertionType = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"; requestMessage.ClientAssertion = JWT.Encode(tokenData, encKey, Jose.JwsAlgorithm.HS256); } return(tokenData); }
public OIDCTokenResponseMessage SubmitTokenRequest(string url, OIDCTokenRequestMessage tokenRequestMessage, OIDCClientInformation clientInformation) { WebRequest request = WebRequest.Create(url); OIDCAuthenticatedMessage message = tokenRequestMessage as OIDCAuthenticatedMessage; string grantType = clientInformation.TokenEndpointAuthMethod; OIDCClientSecretJWT tokenData = AddClientAuthenticatedToRequest(ref request, ref message, grantType, clientInformation); Dictionary <string, object> returnedJson = PostUrlContent(request, message); if (returnedJson.Keys.Contains("error")) { OIDCResponseError error = new OIDCResponseError(); error.deserializeFromDynamic(returnedJson); throw new OIDCException("Error while registering client: " + error.Error + "\n" + error.ErrorDescription); } OIDCTokenResponseMessage tokenResponse = new OIDCTokenResponseMessage(); tokenResponse.deserializeFromDynamic(returnedJson); return(tokenResponse); }
private OIDCClientSecretJWT AddClientAuthenticatedToRequest(ref WebRequest request, ref OIDCAuthenticatedMessage requestMessage, string grantType, OIDCClientInformation clientInformation) { OIDCClientSecretJWT tokenData = null; switch (grantType) { case "client_secret_basic": string basic = clientInformation.ClientId + ":" + clientInformation.ClientSecret; request.Headers.Add("Authorization", "Basic " + Convert.ToBase64String(Encoding.UTF8.GetBytes(basic))); break; case "client_secret_post": requestMessage.ClientId = clientInformation.ClientId; requestMessage.ClientSecret = clientInformation.ClientSecret; break; case "client_secret_jwt": case "private_key_jwt": // TODO understand how to sign JWT tokenData = new OIDCClientSecretJWT(); tokenData.Iss = clientInformation.ClientId; tokenData.Sub = clientInformation.ClientId; tokenData.Aud = request.RequestUri.ToString(); if (tokenData.Aud.Contains("?")) { tokenData.Aud = tokenData.Aud.Substring(0, tokenData.Aud.IndexOf("?")); } tokenData.Jti = RandomString(); tokenData.Exp = DateTime.Now; tokenData.Iat = DateTime.Now - new TimeSpan(0, 10, 0); requestMessage.ClientAssertionType = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"; requestMessage.ClientAssertion = JsonWebToken.Encode(tokenData, Encoding.UTF8.GetBytes(clientInformation.ClientSecret), JwtHashAlgorithm.HS256); break; default: // case "none" break; } return(tokenData); }