private OIDCClientSecretJWT AddClientAuthenticatedToRequest(ref WebRequest request, ref OIDCAuthenticatedMessage requestMessage, string grantType, OIDCClientInformation clientInformation, byte[] privateKey)
{
OIDCClientSecretJWT tokenData = null;
byte[] encKey = null;
switch (grantType)
{
case "client_secret_basic":
string basic = clientInformation.ClientId + ":" + clientInformation.ClientSecret;
basic = Encoding.ASCII.GetString(Encoding.ASCII.GetBytes(basic));
request.Headers.Add("Authorization", "Basic " + Convert.ToBase64String(Encoding.UTF8.GetBytes(basic)));
break;
case "client_secret_post":
requestMessage.ClientId = clientInformation.ClientId;
requestMessage.ClientSecret = clientInformation.ClientSecret;
break;
case "client_secret_jwt":
encKey = Encoding.UTF8.GetBytes(clientInformation.ClientSecret);
break;
case "private_key_jwt":
encKey = privateKey;
break;
default: // case "none"
break;
}
// If client_secret_jwt or private_key_jwt pass a JWT bearer token with the
// specified key for encryption.
if (encKey != null)
{
tokenData = new OIDCClientSecretJWT();
tokenData.Iss = clientInformation.ClientId;
tokenData.Sub = clientInformation.ClientId;
tokenData.Aud = request.RequestUri.ToString();
if (tokenData.Aud.Contains("?"))
{
tokenData.Aud = tokenData.Aud.Substring(0, tokenData.Aud.IndexOf("?"));
}
tokenData.Jti = WebOperations.RandomString();
tokenData.Exp = DateTime.Now;
tokenData.Iat = DateTime.Now - new TimeSpan(0, 10, 0);
requestMessage.ClientAssertionType = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
requestMessage.ClientAssertion = JWT.Encode(tokenData, encKey, Jose.JwsAlgorithm.HS256);
}
return(tokenData);
}
public OIDCTokenResponseMessage SubmitTokenRequest(string url, OIDCTokenRequestMessage tokenRequestMessage, OIDCClientInformation clientInformation)
{
WebRequest request = WebRequest.Create(url);
OIDCAuthenticatedMessage message = tokenRequestMessage as OIDCAuthenticatedMessage;
string grantType = clientInformation.TokenEndpointAuthMethod;
OIDCClientSecretJWT tokenData = AddClientAuthenticatedToRequest(ref request, ref message, grantType, clientInformation);
Dictionary <string, object> returnedJson = PostUrlContent(request, message);
if (returnedJson.Keys.Contains("error"))
{
OIDCResponseError error = new OIDCResponseError();
error.deserializeFromDynamic(returnedJson);
throw new OIDCException("Error while registering client: " + error.Error + "\n" + error.ErrorDescription);
}
OIDCTokenResponseMessage tokenResponse = new OIDCTokenResponseMessage();
tokenResponse.deserializeFromDynamic(returnedJson);
return(tokenResponse);
}
private OIDCClientSecretJWT AddClientAuthenticatedToRequest(ref WebRequest request, ref OIDCAuthenticatedMessage requestMessage, string grantType, OIDCClientInformation clientInformation)
{
OIDCClientSecretJWT tokenData = null;
switch (grantType)
{
case "client_secret_basic":
string basic = clientInformation.ClientId + ":" + clientInformation.ClientSecret;
request.Headers.Add("Authorization", "Basic " + Convert.ToBase64String(Encoding.UTF8.GetBytes(basic)));
break;
case "client_secret_post":
requestMessage.ClientId = clientInformation.ClientId;
requestMessage.ClientSecret = clientInformation.ClientSecret;
break;
case "client_secret_jwt":
case "private_key_jwt":
// TODO understand how to sign JWT
tokenData = new OIDCClientSecretJWT();
tokenData.Iss = clientInformation.ClientId;
tokenData.Sub = clientInformation.ClientId;
tokenData.Aud = request.RequestUri.ToString();
if (tokenData.Aud.Contains("?"))
{
tokenData.Aud = tokenData.Aud.Substring(0, tokenData.Aud.IndexOf("?"));
}
tokenData.Jti = RandomString();
tokenData.Exp = DateTime.Now;
tokenData.Iat = DateTime.Now - new TimeSpan(0, 10, 0);
requestMessage.ClientAssertionType = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
requestMessage.ClientAssertion = JsonWebToken.Encode(tokenData, Encoding.UTF8.GetBytes(clientInformation.ClientSecret), JwtHashAlgorithm.HS256);
break;
default: // case "none"
break;
}
return(tokenData);
}
