protected async Task <IHttpActionResult> ProcessRequestAsync(NameValueCollection parameters, UserConsent consent = null)
        {
            _logger.Start("OIDC authorize endpoint.");

            ///////////////////////////////////////////////////////////////
            // validate protocol parameters
            //////////////////////////////////////////////////////////////
            var result  = _validator.ValidateProtocol(parameters);
            var request = _validator.ValidatedRequest;

            if (result.IsError)
            {
                return(this.AuthorizeError(
                           result.ErrorType,
                           result.Error,
                           request.ResponseMode,
                           request.RedirectUri,
                           request.State));
            }

            var interaction = _interactionGenerator.ProcessLogin(request, User as ClaimsPrincipal);

            if (interaction.IsError)
            {
                return(this.AuthorizeError(interaction.Error));
            }
            if (interaction.IsLogin)
            {
                return(this.RedirectToLogin(interaction.SignInMessage, request.Raw, _settings));
            }

            // user must be authenticated at this point
            if (!User.Identity.IsAuthenticated)
            {
                throw new InvalidOperationException("User is not authenticated");
            }

            request.Subject = User as ClaimsPrincipal;

            ///////////////////////////////////////////////////////////////
            // validate client
            //////////////////////////////////////////////////////////////
            result = await _validator.ValidateClientAsync();

            if (result.IsError)
            {
                return(this.AuthorizeError(
                           result.ErrorType,
                           result.Error,
                           request.ResponseMode,
                           request.RedirectUri,
                           request.State));
            }

            interaction = await _interactionGenerator.ProcessConsentAsync(request, consent);

            if (interaction.IsError)
            {
                return(this.AuthorizeError(interaction.Error));
            }

            if (interaction.IsConsent)
            {
                return(CreateConsentResult(request, request.Raw, interaction.ConsentError));
            }

            return(await CreateAuthorizeResponseAsync(request));
        }
Esempio n. 2
0
        protected async Task <IHttpActionResult> ProcessRequestAsync(NameValueCollection parameters, UserConsent consent = null)
        {
            if (!_options.AuthorizeEndpoint.IsEnabled)
            {
                Logger.Warn("Endpoint is disabled. Aborting");
                return(NotFound());
            }

            ///////////////////////////////////////////////////////////////
            // validate protocol parameters
            //////////////////////////////////////////////////////////////
            var result  = _validator.ValidateProtocol(parameters);
            var request = _validator.ValidatedRequest;

            if (result.IsError)
            {
                return(this.AuthorizeError(
                           result.ErrorType,
                           result.Error,
                           request.ResponseMode,
                           request.RedirectUri,
                           request.State));
            }

            var loginInteraction = _interactionGenerator.ProcessLogin(request, User as ClaimsPrincipal);

            if (loginInteraction.IsError)
            {
                return(this.AuthorizeError(loginInteraction.Error));
            }
            if (loginInteraction.IsLogin)
            {
                return(this.RedirectToLogin(loginInteraction.SignInMessage, request.Raw, _options));
            }

            // user must be authenticated at this point
            if (!User.Identity.IsAuthenticated)
            {
                throw new InvalidOperationException("User is not authenticated");
            }

            request.Subject = User as ClaimsPrincipal;

            ///////////////////////////////////////////////////////////////
            // validate client
            //////////////////////////////////////////////////////////////
            result = await _validator.ValidateClientAsync();

            if (result.IsError)
            {
                return(this.AuthorizeError(
                           result.ErrorType,
                           result.Error,
                           request.ResponseMode,
                           request.RedirectUri,
                           request.State));
            }

            var consentInteraction = await _interactionGenerator.ProcessConsentAsync(request, consent);

            if (consentInteraction.IsError)
            {
                return(this.AuthorizeError(consentInteraction.Error));
            }

            if (consentInteraction.IsConsent)
            {
                Logger.Info("Showing consent screen");
                return(CreateConsentResult(request, consent, request.Raw, consentInteraction.ConsentError));
            }

            return(await CreateAuthorizeResponseAsync(request));
        }