public ActionResult SelectAuthenticator()
{
var authenticators = (IList <AuthenticatorViewModel>)Session["authenticators"] ?? new List <AuthenticatorViewModel>();
var viewModel = new SelectAuthenticatorViewModel
{
Authenticators = authenticators,
AuthenticatorId = authenticators.FirstOrDefault()?.AuthenticatorId,
PasswordId = authenticators.FirstOrDefault(x => x.Name.ToLower() == "password")?.AuthenticatorId,
PhoneId = authenticators.FirstOrDefault(x => x.Name.ToLower() == "phone")?.AuthenticatorId,
CanSkip = TempData["canSkip"] != null && (bool)TempData["canSkip"]
};
return(View(viewModel));
}
public async Task <ActionResult> SelectAuthenticatorAsync(SelectAuthenticatorViewModel model)
{
var authenticators = (IList <AuthenticatorViewModel>)Session["authenticators"];
if (!ModelState.IsValid)
{
return(View("SelectAuthenticator", model));
}
try
{
var isChallengeFlow = (bool?)Session["isChallengeFlow"] ?? false;
Session["isPhoneSelected"] = model.IsPhoneSelected;
Session["phoneId"] = model.PhoneId;
if (isChallengeFlow)
{
AuthenticationResponse selectAuthenticatorResponse = null;
if (model.IsPhoneSelected)
{
var selectPhoneOptions = new SelectPhoneAuthenticatorOptions
{
EnrollmentId = authenticators
.FirstOrDefault(x => x.AuthenticatorId == model.AuthenticatorId)?
.EnrollmentId,
AuthenticatorId = model.AuthenticatorId
};
selectAuthenticatorResponse = await _idxClient.SelectChallengeAuthenticatorAsync(selectPhoneOptions, (IIdxContext)Session["IdxContext"]);
}
else
{
var selectAuthenticatorOptions = new SelectAuthenticatorOptions
{
AuthenticatorId = model.AuthenticatorId,
};
selectAuthenticatorResponse = await _idxClient.SelectChallengeAuthenticatorAsync(selectAuthenticatorOptions, (IIdxContext)Session["IdxContext"]);
}
Session["IdxContext"] = selectAuthenticatorResponse.IdxContext;
switch (selectAuthenticatorResponse?.AuthenticationStatus)
{
case AuthenticationStatus.AwaitingChallengeAuthenticatorData:
var methodViewModel = new SelectAuthenticatorMethodViewModel
{
Profile = selectAuthenticatorResponse.CurrentAuthenticatorEnrollment.Profile,
EnrollmentId = selectAuthenticatorResponse.CurrentAuthenticatorEnrollment.EnrollmentId,
AuthenticatorId = model.AuthenticatorId,
MethodTypes = selectAuthenticatorResponse.CurrentAuthenticatorEnrollment.MethodTypes,
MethodType = selectAuthenticatorResponse.CurrentAuthenticatorEnrollment.MethodTypes.FirstOrDefault(),
};
return(View("SelectPhoneChallengeMethod", methodViewModel));
case AuthenticationStatus.AwaitingAuthenticatorVerification:
return(RedirectToAction("VerifyAuthenticator", "Manage"));
default:
return(View("SelectAuthenticator", model));
}
}
else
{
var enrollAuthenticatorOptions = new SelectEnrollAuthenticatorOptions
{
AuthenticatorId = model.AuthenticatorId,
};
var enrollResponse = await _idxClient.SelectEnrollAuthenticatorAsync(enrollAuthenticatorOptions, (IIdxContext)Session["IdxContext"]);
Session["IdxContext"] = enrollResponse.IdxContext;
Session["isPasswordSelected"] = model.IsPasswordSelected;
switch (enrollResponse?.AuthenticationStatus)
{
case AuthenticationStatus.AwaitingAuthenticatorVerification:
if (model.IsPasswordSelected)
{
return(RedirectToAction("ChangePassword", "Manage"));
}
return(RedirectToAction("VerifyAuthenticator", "Manage"));
case AuthenticationStatus.AwaitingAuthenticatorEnrollmentData:
Session["methodTypes"] = enrollResponse.CurrentAuthenticator.MethodTypes;
return(RedirectToAction("EnrollPhoneAuthenticator", "Manage"));
default:
return(View("SelectAuthenticator", model));
}
}
}
catch (OktaException exception)
{
ModelState.AddModelError(string.Empty, exception.Message);
return(View("SelectAuthenticator", model));
}
}
