public async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext context) { // Acquire a Token for the Graph API and cache it using ADAL. In the TodoListController, we'll use the cache to acquire a token to the Todo List API context.HttpContext.User = context.Ticket.Principal; _serviceProvider.GetService <IHttpContextAccessor>().HttpContext = context.HttpContext; TokenCache tc = _serviceProvider.GetService <TokenCache>(); ClientCredential clientCred = new ClientCredential(_config.ClientId, _config.ClientSecret); AuthenticationContext authContext = new AuthenticationContext(_config.Authority, tc); AuthenticationResult authResult = await authContext.AcquireTokenByAuthorizationCodeAsync( context.ProtocolMessage.Code, new Uri(context.Properties.Items[OpenIdConnectDefaults.RedirectUriForCodePropertiesKey]), clientCred, "https://graph.windows.net"); // Notify the OIDC middleware that we already took care of code redemption. context.HandleCodeRedemption(); context.HandleResponse(); }
private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext arg, TokenProviderConfiguration configuration, Func <AuthorizationCodeReceivedContext, Task> handler) { _logger?.Message("Auth code received..."); var timer = Stopwatch.StartNew(); try { arg.HttpContext.User = arg.Principal; if (IsMfaRequired(arg, configuration) && !arg.Principal.Claims.Any(c => c.Type == "mfa_required" && c.Value == "true")) { throw new UnauthorizedAccessException("MFA required"); } var cache = arg.HttpContext.RequestServices.GetService <TokenCacheBase>(); var context = configuration.ConfidentialClientApplication(cache, s => { _logger?.Message(s); }); var user = await context.AcquireTokenByAuthorizationCode(new[] { configuration.Scope }, arg.ProtocolMessage.Code).ExecuteAsync(); _logger?.Message($"exchanging code with access token took: {timer.ElapsedMilliseconds}ms"); var policyValidator = arg.HttpContext.RequestServices.GetService <IPolicyValidation>(); try { if (policyValidator != null) { var timer2 = Stopwatch.StartNew(); var policy = await ValidatePolicies(configuration, policyValidator, arg.ProtocolMessage.RedirectUri ?? configuration.PolicyRedirectUrl ?? configuration.RedirectUrl); timer2.Stop(); _logger?.Message($"Policy check took {timer2.ElapsedMilliseconds}ms. "); if (policy.AllPoliciesValid) { _logger?.Message("Policies validated!"); AdditionalAuthCodeHandling?.Invoke(arg); } else { _logger?.Message("Not all policies is valid, redirecting to Veracity"); arg.Response.Redirect(policy.RedirectUrl); //Getting the redirect url from the error message. arg.HandleResponse(); } } else { AdditionalAuthCodeHandling?.Invoke(arg); } } catch (AggregateException aex) { var e = aex.InnerException as ServerException; if (e != null) { HandleServerException(arg, e); } } catch (ServerException ex) { HandleServerException(arg, ex); } } catch (Exception ex) { ex.Log(); } timer.Stop(); _logger?.Message($"Total on code received took {timer.ElapsedMilliseconds}ms. "); await handler(arg); }