public string Protect(TData data, string?purpose) { var userData = _serializer.Serialize(data); var protector = _protector; if (!string.IsNullOrEmpty(purpose)) { protector = protector.CreateProtector(purpose); } var protectedData = protector.Protect(userData); return(Base64UrlTextEncoder.Encode(protectedData)); }
public void DataOfVariousLengthRoundTripCorrectly() { for (int length = 0; length != 256; ++length) { var data = new byte[length]; for (int index = 0; index != length; ++index) { data[index] = (byte)(5 + length + (index * 23)); } string text = Base64UrlTextEncoder.Encode(data); byte[] result = Base64UrlTextEncoder.Decode(text); for (int index = 0; index != length; ++index) { Assert.Equal(data[index], result[index]); } } }
protected virtual void GenerateCorrelationId(AuthenticationProperties properties) { if (properties == null) { throw new ArgumentNullException(nameof(properties)); } var bytes = new byte[32]; CryptoRandom.GetBytes(bytes); var correlationId = Base64UrlTextEncoder.Encode(bytes); var cookieOptions = Options.CorrelationCookie.Build(Context, Clock.UtcNow); properties.Items[CorrelationProperty] = correlationId; var cookieName = Options.CorrelationCookie.Name + Scheme.Name + "." + correlationId; Response.Cookies.Append(cookieName, CorrelationMarker, cookieOptions); }
protected override string BuildChallengeUrl([NotNull] AuthenticationProperties properties, [NotNull] string redirectUri) { var scopeParameter = properties.GetParameter <ICollection <string> >(OAuthChallengeProperties.ScopeKey); var scope = scopeParameter != null?FormatScope(scopeParameter) : FormatScope(); var parameters = new Dictionary <string, string?> { ["client_id"] = Options.ClientId, ["scope"] = scope, ["response_type"] = "code" }; if (Options.UsePkce) { var bytes = new byte[32]; RandomNumberGenerator.Fill(bytes); var codeVerifier = Base64UrlTextEncoder.Encode(bytes); // Store this for use during the code redemption. properties.Items.Add(OAuthConstants.CodeVerifierKey, codeVerifier); var challengeBytes = SHA256.HashData(Encoding.UTF8.GetBytes(codeVerifier)); var codeChallenge = WebEncoders.Base64UrlEncode(challengeBytes); parameters[OAuthConstants.CodeChallengeKey] = codeChallenge; parameters[OAuthConstants.CodeChallengeMethodKey] = OAuthConstants.CodeChallengeMethodS256; } var state = Options.StateDataFormat.Protect(properties); parameters["state"] = state; // Mixcloud does not appear to support the `state` parameter, so have to bundle it here: parameters["redirect_uri"] = QueryHelpers.AddQueryString(redirectUri, "state", state); return(QueryHelpers.AddQueryString(Options.AuthorizationEndpoint, parameters)); }
/// <inheritdoc /> protected override string BuildChallengeUrl(AuthenticationProperties properties, string redirectUri) { var scopeParameter = properties.GetParameter <ICollection <string> >(OAuthChallengeProperties.ScopeKey); var scope = scopeParameter != null?FormatScope(scopeParameter) : FormatScope(); var parameters = new Dictionary <string, string> { { "client_id", Options.ClientId }, { "scope", scope }, { "response_type", "code" }, { "redirect_uri", redirectUri }, { "request_credentials", Options.RequestCredentials.ToEnumString() }, { "access_type", Options.AccessType.ToEnumString() } }; if (Options.UsePkce) { var bytes = new byte[32]; CryptoRandom.GetBytes(bytes); var codeVerifier = Base64UrlTextEncoder.Encode(bytes); // Store this for use during the code redemption. properties.Items.Add(OAuthConstants.CodeVerifierKey, codeVerifier); using var sha256 = SHA256.Create(); var challengeBytes = sha256.ComputeHash(Encoding.UTF8.GetBytes(codeVerifier)); var codeChallenge = WebEncoders.Base64UrlEncode(challengeBytes); parameters[OAuthConstants.CodeChallengeKey] = codeChallenge; parameters[OAuthConstants.CodeChallengeMethodKey] = OAuthConstants.CodeChallengeMethodS256; } parameters["state"] = Options.StateDataFormat.Protect(properties); return(QueryHelpers.AddQueryString(Options.AuthorizationEndpoint, parameters)); }
/// <summary> /// 生成一个较短的CorrelationId,以便解决state长度限制为128字节的问题 /// </summary> /// <param name="properties"></param> protected virtual void GenerateCorrelationIdX(AuthenticationProperties properties) { if (properties == null)//contains .redirect={redirect_uri} { throw new ArgumentNullException(nameof(properties)); } var bytes = new byte[8];//32->12->8 CryptoRandom.GetBytes(bytes); var correlationId = Base64UrlTextEncoder.Encode(bytes); var cookieOptions = Options.CorrelationCookie.Build(Context, Clock.UtcNow); properties.Items[CorrelationProperty] = correlationId; //need to build challenge url var cookieName1 = BuildCorelationCookieName(correlationId); Response.Cookies.Append(cookieName1, CorrelationMarker, cookieOptions); var cookieName2 = BuildStateCookieName(correlationId); Response.Cookies.Append(cookieName2, Options.StateDataFormat.Protect(properties), cookieOptions); }