public async static Task <LoginResult> RefreshTokenAsync(OidcSettings settings, string refreshToken)
        {
            var config = await LoadOpenIdConnectConfigurationAsync(settings);

            var tokenClient = new TokenClient(
                config.TokenEndpoint,
                settings.ClientId,
                settings.ClientSecret);

            var provider = JwkNetExtensions.CreateProvider();
            var jwk      = provider.ToJsonWebKey();

            var tokenResponse = await tokenClient.RequestRefreshTokenPopAsync(
                refreshToken : refreshToken,
                algorithm : jwk.Alg,
                key : jwk.ToJwkString());

            if (tokenResponse.IsError)
            {
                return(new LoginResult {
                    ErrorMessage = tokenResponse.Error
                });
            }
            else
            {
                return(new LoginResult
                {
                    Success = true,
                    AccessToken = tokenResponse.AccessToken,
                    RefreshToken = tokenResponse.RefreshToken,
                    IdentityToken = tokenResponse.IdentityToken,
                    AccessTokenExpiration = DateTime.Now.AddSeconds(tokenResponse.ExpiresIn)
                });
            }
        }
Esempio n. 2
0
 public AuthRequestBuilder(OidcSettings settings, IServiceProvider serviceProvider, IOidcLogger <AuthRequestBuilder> logger)
 {
     Settings        = settings;
     ServiceProvider = serviceProvider;
     Metadata        = serviceProvider.GetRequiredService <IMetadataService>();
     Logger          = logger;
 }
Esempio n. 3
0
 public Store(OidcSettings settings, IMetadataService metadata, IStorage storage, IOidcLogger <Store> logger)
 {
     Settings = settings;
     Metadata = metadata;
     Storage  = storage;
     Logger   = logger;
 }
Esempio n. 4
0
        public OidcSettingsValidationResult Validate(OidcSettings settings)
        {
            var result = new OidcSettingsValidationResult();

            if (settings == null)
            {
                result.AddError("Missing Oidc settings");
                return(result);
            }

            if (settings.Issuer == null)
            {
                result.AddError("Missing issuer");
            }
            if (settings.ClientId.IsEmpty())
            {
                result.AddError("Missing client id");
            }
            if (settings.ResponseType.IsEmpty())
            {
                result.AddError("Missing response type");
            }
            if (settings.Scope.IsEmpty())
            {
                result.AddError("Missing scope");
            }
            if (settings.StoragePrefix.IsEmpty())
            {
                result.AddError("Missing storage prefix");
            }

            return(result);
        }
 public Metadata(OidcSettings settings)
 {
     Issuer           = settings.Issuer;
     MetadataEndpoint = settings.MetadataEndpoint;
     Endpoints        = settings.Endpoints ?? new OpenidEndpoints();
     Jwks             = settings.Jwks;
 }
Esempio n. 6
0
        public static IServiceCollection AddOidc(this IServiceCollection services, OidcSettings settings)
        {
            new OidcSettingsValidator().EnsureValidSettings(services, settings);

            services.AddAuthorizationCore();

            services.TryAddScoped(settings);
            services.TryAddScoped <Metadata>();
            services.TryAddScoped <Interop>(); //TODO: ensure that IJSRuntime is singleton too
            services.TryAddScoped <AuthenticationStateProvider, AuthStateProvider>();
            services.TryAddScoped <OidcHttpClient>();
            services.TryAddScoped <IUserManager, UserManager>();

            services.TryAddTransient(typeof(IOidcLogger <>), typeof(OidcLogger <>));
            services.TryAddTransient <IMetadataService, MetadataService>();
            services.TryAddTransient <ISignatureValidatorFactory, SignatureValidatorFactory>();
            services.TryAddTransient <IJwtValidator, JwtValidator>();
            services.TryAddTransient <ITokenParser, TokenParser>();
            services.TryAddTransient <ITokenRevocationClient, TokenRevocationClient>();
            services.TryAddTransient <IAuthRequestBuilder, AuthRequestBuilder>();
            services.TryAddTransient <IAuthResponseParser, AuthResponseParser>();
            services.TryAddTransient <IOidcClient, OidcClient>();
            services.TryAddTransient <ISessionMonitor, SessionMonitor>();
            services.TryAddTransient <ILogoutRequestBuilder, LogoutRequestBuilder>();
            services.TryAddTransient <ILogoutResponseParser, LogoutResponseParser>();
            services.TryAddTransient <ILogoutClient, LogoutClient>();
            services.TryAddTransientStorage(settings);

            return(services);
        }
Esempio n. 7
0
 public BrowserStorage(OidcSettings settings, Interop interop, IOidcLogger <BrowserStorage> logger)
 {
     StorageType = settings.StorageType.IsLocal() ? "localStorage" : "sessionStorage";
     KeyPrefix   = settings.StoragePrefix;
     Interop     = interop;
     Logger      = logger;
 }
 public SessionMonitor(OidcSettings settings, Interop interop, IMetadataService metadata, IOidcLogger <SessionMonitor> logger)
 {
     Settings = settings;
     Interop  = interop;
     Metadata = metadata;
     Logger   = logger;
     Timer    = new Timer(TimerCallback, null, Timeout.Infinite, Timeout.Infinite);
 }
Esempio n. 9
0
        public async Task LoginAsync(OidcSettings settings)
        {
            _settings = settings;

            if (_config == null)
            {
                await LoadOpenIdConnectConfigurationAsync();
            }

            this.Visibility = Visibility.Visible;
            webView.Navigate(CreateUrl());
        }
Esempio n. 10
0
        private static void TryAddTransientStorage(this IServiceCollection services, OidcSettings settings)
        {
            services.TryAddTransient <IStore, Store>();

            if (settings.StorageType.IsMemory())
            {
                services.TryAddTransient <IStorage, MemoryStorage>();
            }
            else
            {
                services.TryAddTransient <IStorage, BrowserStorage>();
            }
        }
Esempio n. 11
0
        private async void LoginButton_Click(object sender, RoutedEventArgs e)
        {
            var settings = new OidcSettings
            {
                Authority       = "https://localhost:44333/core",
                ClientId        = "wpf.hybrid",
                ClientSecret    = "secret",
                RedirectUri     = "http://localhost/wpf.hybrid",
                Scope           = "openid profile write",
                LoadUserProfile = true
            };

            await _login.LoginAsync(settings);
        }
        private static string CreateUrl(OidcSettings settings, OpenIdConnectConfiguration config, string nonce, string verifier)
        {
            var challenge = verifier.ToCodeChallenge();
            var request   = new AuthorizeRequest(config.AuthorizationEndpoint);

            return(request.CreateAuthorizeUrl(
                       clientId: settings.ClientId,
                       responseType: "code id_token",
                       scope: settings.Scope,
                       redirectUri: settings.RedirectUri,
                       nonce: nonce,
                       responseMode: OidcConstants.ResponseModes.FormPost,
                       acrValues: settings.AcrValues,
                       codeChallenge: settings.UsePkce ? challenge : null,
                       codeChallengeMethod: settings.UsePkce ? OidcConstants.CodeChallengeMethods.Sha256 : null));
        }
        public void EnsureValidSettings(IServiceCollection services, OidcSettings settings)
        {
            if (services == null)
            {
                throw new ArgumentNullException(nameof(services));
            }

            var validationResult = Validate(settings);

            if (!validationResult.HasErrors)
            {
                return;
            }

            validationResult.PrintErrors();
            throw new OidcException("Oidc configuration aborted", true);
        }
Esempio n. 14
0
        public UserManager(
            OidcSettings settings, IOidcClient oidcClient, ILogoutClient logoutClient, ISessionMonitor monitor,
            IUserManagerHelper helper, IOidcLogger <UserManager> logger
            )
        {
            Settings     = settings;
            OidcClient   = oidcClient;
            LogoutClient = logoutClient;
            Monitor      = monitor;
            Helper       = helper;
            Logger       = logger;

            Version = GetType().InformationalVersion();
            if (Settings.MonitorSession)
            {
                Monitor.OnSessionChanged += SessionChanged;
            }
        }
Esempio n. 15
0
        public MainWindow()
        {
            InitializeComponent();

            _settings = new OidcSettings
            {
                Authority       = "https://localhost:44333/core",
                ClientId        = "wpf.hybrid.pop",
                ClientSecret    = "secret",
                RedirectUri     = "http://localhost/wpf.hybrid.pop",
                Scope           = "openid profile write offline_access",
                LoadUserProfile = true
            };

            _login       = new LoginWebView(_settings.RedirectUri);
            _login.Done += _login_Done;

            Loaded += MainWindow_Loaded;
            //IdentityTextBox.Visibility = Visibility.Hidden;
        }
        public OidcSettingsValidationResult Validate(OidcSettings settings)
        {
            var result = new OidcSettingsValidationResult();

            if (settings == null)
            {
                result.AddError("Missing Oidc settings");
                return(result);
            }

            if (settings.Issuer == null)
            {
                result.AddError("Missing issuer");
            }
            if (settings.ClientId.IsEmpty())
            {
                result.AddError("Missing client id");
            }
            if (settings.ResponseType.IsEmpty())
            {
                result.AddError("Missing response type");
            }
            if (settings.Scope.IsEmpty())
            {
                result.AddError("Missing scope");
            }

            if (settings.StorageType.IsMemory() && settings.InteractionType.IsRedirect())
            {
                result.AddError("Interaction type cannot be redirect using memory storage");
            }

            if (!settings.StorageType.IsMemory() && settings.StoragePrefix.IsEmpty())
            {
                result.AddError("Missing storage prefix");
            }

            return(result);
        }
        public static IServiceCollection AddOidc(this IServiceCollection services, Uri issuer, Action <OidcSettings, Uri> configure)
        {
            services.AddAuthorizationCore();
            services.TryAddScoped <Metadata>();
            services.TryAddScoped <Interop>(); //TODO: ensure that IJSRuntime is singleton too
            services.TryAddScoped <AuthenticationStateProvider, AuthStateProvider>();
            services.TryAddScoped <OidcHttpClient>();
            services.TryAddScoped <IUserManager, UserManager>();

            services.TryAddScoped(typeof(IOidcLogger <>), typeof(OidcLogger <>)); // remove this when this will be published (https://github.com/aspnet/AspNetCore/pull/12928)
            services.TryAddScoped <IMetadataService, MetadataService>();
            services.TryAddScoped <ISignatureValidatorFactory, SignatureValidatorFactory>();
            services.TryAddScoped <IJwtValidator, JwtValidator>();
            services.TryAddScoped <ITokenParser, TokenParser>();
            services.TryAddScoped <ITokenRevocationClient, TokenRevocationClient>();
            services.TryAddScoped <IAuthRequestBuilder, AuthRequestBuilder>();
            services.TryAddScoped <IAuthResponseParser, AuthResponseParser>();
            services.TryAddScoped <IUserManagerHelper, UserManagerHelper>();
            services.TryAddScoped <IOidcClient, OidcClient>();
            services.TryAddScoped <ISessionMonitor, SessionMonitor>();
            services.TryAddScoped <ILogoutRequestBuilder, LogoutRequestBuilder>();
            services.TryAddScoped <ILogoutResponseParser, LogoutResponseParser>();
            services.TryAddScoped <ILogoutClient, LogoutClient>();
            services.TryAddScoped <IStorage, BrowserStorage>();
            services.TryAddScoped <IStore, Store>();

            services.TryAddScoped(b =>
            {
                var navigationManager = b.GetRequiredService <NavigationManager>();
                var settings          = new OidcSettings(issuer);
                settings.UseDefaultActions();
                configure?.Invoke(settings, new Uri(navigationManager.BaseUri));
                new OidcSettingsValidator().EnsureValidSettings(services, settings);
                return(settings);
            });

            return(services);
        }
        private static List <Claim> ValidateIdentityToken(string identityToken, OidcSettings settings, OpenIdConnectConfiguration config)
        {
            var tokens = new List <X509SecurityToken>(
                from key in config.JsonWebKeySet.Keys
                select new X509SecurityToken(new X509Certificate2(Convert.FromBase64String(key.X5c.First()))));

            var parameter = new TokenValidationParameters
            {
                ValidIssuer         = config.Issuer,
                ValidAudience       = settings.ClientId,
                IssuerSigningTokens = tokens
            };

            JwtSecurityTokenHandler.InboundClaimTypeMap.Clear();
            try
            {
                var handler = new JwtSecurityTokenHandler();
                return(handler.ValidateToken(identityToken, parameter, out var token).Claims.ToList());
            }
            catch
            {
                return(null);
            }
        }
        public async static Task <LoginResult> AuthenticateAsync(OidcSettings settings)
        {
            var taskCompletion = new TaskCompletionSource <LoginResult>();

            var nonce    = CryptoRandom.CreateUniqueId(32);
            var verifier = CryptoRandom.CreateUniqueId(32);
            var config   = await LoadOpenIdConnectConfigurationAsync(settings);

            var login = new LoginWebView(settings.RedirectUri);

            login.Completed += async(o, e) =>
            {
                if (e == null)
                {
                    taskCompletion.TrySetCanceled();
                }
                else
                {
                    try
                    {
                        var result = await ValidateResponseAsync(e, settings, config, nonce, verifier);

                        taskCompletion.SetResult(result);
                    }
                    catch (Exception ex)
                    {
                        taskCompletion.SetException(ex);
                    }
                }
            };

            login.WindowStartupLocation = WindowStartupLocation.CenterScreen;
            login.ShowDialog(CreateUrl(settings, config, nonce, verifier));

            return(await taskCompletion.Task);
        }
 public static FlowExtensions UseDemoFlow(this OidcSettings settings)
 {
     return(new FlowExtensions(settings));
 }
 public static OidcSettings CodeWithShortLivedToken(OidcSettings settings)
 {
     settings.ClientId     = "spa.short";
     settings.ResponseType = "code";
     return(settings);
 }
 public OidcLogger(OidcSettings settings, ILoggerFactory loggerFactory)
 {
     Settings   = settings;
     RealLogger = loggerFactory.CreateLogger <T>();
 }
 public FlowExtensions(OidcSettings settings)
 {
     Settings = settings;
 }
Esempio n. 24
0
 public TokenParser(OidcSettings settings, IJwtValidator validator, ILogger <TokenParser> logger)
 {
     Settings  = settings;
     Validator = validator;
     Logger    = logger;
 }
Esempio n. 25
0
 public AuthResponseParser(OidcSettings settings, ITokenParser tokenParser, IOidcLogger <AuthResponseParser> logger)
 {
     Settings    = settings;
     TokenParser = tokenParser;
     Logger      = logger;
 }
 public static OidcSettings Code(OidcSettings settings)
 {
     settings.ClientId     = "spa";
     settings.ResponseType = "code";
     return(settings);
 }
Esempio n. 27
0
 public AuthRequestBuilder(OidcSettings settings, IMetadataService metadata, IOidcLogger <AuthRequestBuilder> logger)
 {
     Settings = settings;
     Metadata = metadata;
     Logger   = logger;
 }
 public static OidcSettings ImplicitReference(OidcSettings settings)
 {
     settings.ClientId     = "implicit.reference";
     settings.ResponseType = "id_token token";
     return(settings);
 }
 public static OidcSettings ImplicitWithShortLivedToken(OidcSettings settings)
 {
     settings.ClientId     = "implicit.shortlived";
     settings.ResponseType = "id_token token";
     return(settings);
 }
        private static ClaimsPrincipal CreatePrincipal(List <Claim> tokenClaims, List <Claim> profileClaims, OidcSettings settings)
        {
            List <Claim> filteredClaims = new List <Claim>(tokenClaims);

            if (settings.FilterClaims)
            {
                filteredClaims = tokenClaims.Where(c => !settings.FilterClaimTypes.Contains(c.Type)).ToList();
            }

            var allClaims = new List <Claim>();

            allClaims.AddRange(filteredClaims);
            allClaims.AddRange(profileClaims);

            var id = new ClaimsIdentity(allClaims.Distinct(new ClaimComparer()), "OIDC");

            return(new ClaimsPrincipal(id));
        }