public async Task <JwsPayload> GenerateAccessToken(Common.Models.Client client, IEnumerable <string> scopes, string issuerName)
{
if (client == null)
{
throw new ArgumentNullException(nameof(client));
}
if (scopes == null)
{
throw new ArgumentNullException(nameof(scopes));
}
var timeKeyValuePair = await GetExpirationAndIssuedTime();
var expirationInSeconds = timeKeyValuePair.Key;
var issuedAtTime = timeKeyValuePair.Value;
var jwsPayload = new JwsPayload();
jwsPayload.Add(StandardClaimNames.Audiences, new[]
{
client.ClientId
});
jwsPayload.Add(StandardClaimNames.Issuer, issuerName);
jwsPayload.Add(StandardClaimNames.ExpirationTime, expirationInSeconds);
jwsPayload.Add(StandardClaimNames.Iat, issuedAtTime);
jwsPayload.Add(StandardClaimNames.Scopes, scopes);
return(jwsPayload);
}
public Task <bool> InsertAsync(Common.Models.Client newClient)
{
if (newClient == null)
{
throw new ArgumentNullException(nameof(newClient));
}
newClient.CreateDateTime = DateTime.UtcNow;
_clients.Add(newClient.Copy());
return(Task.FromResult(true));
}
public Task <bool> DeleteAsync(Common.Models.Client newClient)
{
if (newClient == null)
{
throw new ArgumentNullException(nameof(newClient));
}
var client = _clients.FirstOrDefault(c => c.ClientId == newClient.ClientId);
if (client == null)
{
return(Task.FromResult(false));
}
_clients.Remove(client);
return(Task.FromResult(true));
}
public Task <bool> UpdateAsync(Common.Models.Client newClient)
{
if (newClient == null)
{
throw new ArgumentNullException(nameof(newClient));
}
var client = _clients.FirstOrDefault(c => c.ClientId == newClient.ClientId);
client.ClientName = newClient.ClientName;
client.ClientUri = newClient.ClientUri;
client.Contacts = newClient.Contacts;
client.DefaultAcrValues = newClient.DefaultAcrValues;
client.DefaultMaxAge = newClient.DefaultMaxAge;
client.GrantTypes = newClient.GrantTypes;
client.IdTokenEncryptedResponseAlg = newClient.IdTokenEncryptedResponseAlg;
client.IdTokenEncryptedResponseEnc = newClient.IdTokenEncryptedResponseEnc;
client.IdTokenSignedResponseAlg = newClient.IdTokenSignedResponseAlg;
client.InitiateLoginUri = newClient.InitiateLoginUri;
client.JsonWebKeys = newClient.JsonWebKeys;
client.JwksUri = newClient.JwksUri;
client.LogoUri = newClient.LogoUri;
client.PolicyUri = newClient.PolicyUri;
client.PostLogoutRedirectUris = newClient.PostLogoutRedirectUris;
client.RedirectionUrls = newClient.RedirectionUrls;
client.RequestObjectEncryptionAlg = newClient.RequestObjectEncryptionAlg;
client.RequestObjectEncryptionEnc = newClient.RequestObjectEncryptionEnc;
client.RequestObjectSigningAlg = newClient.RequestObjectSigningAlg;
client.RequestUris = newClient.RequestUris;
client.RequireAuthTime = newClient.RequireAuthTime;
client.RequirePkce = newClient.RequirePkce;
client.ResponseTypes = newClient.ResponseTypes;
client.ScimProfile = newClient.ScimProfile;
client.Secrets = newClient.Secrets;
client.SectorIdentifierUri = newClient.SectorIdentifierUri;
client.SubjectType = newClient.SubjectType;
client.TokenEndPointAuthMethod = newClient.TokenEndPointAuthMethod;
client.TokenEndPointAuthSigningAlg = newClient.TokenEndPointAuthSigningAlg;
client.TosUri = newClient.TosUri;
client.UpdateDateTime = DateTime.UtcNow;
client.UserInfoEncryptedResponseAlg = newClient.UserInfoEncryptedResponseAlg;
client.UserInfoEncryptedResponseEnc = newClient.UserInfoEncryptedResponseEnc;
client.UserInfoSignedResponseAlg = newClient.UserInfoSignedResponseAlg;
client.AllowedScopes = newClient.AllowedScopes;
return(Task.FromResult(true));
}
public static Common.Models.Client Copy(this Common.Models.Client client)
{
return(new Common.Models.Client
{
AllowedScopes = client.AllowedScopes == null ? new List <Scope>() : client.AllowedScopes.Select(s => s.Copy()).ToList(),
ApplicationType = client.ApplicationType,
ClientId = client.ClientId,
ClientName = client.ClientName,
ClientUri = client.ClientUri,
Contacts = client.Contacts == null ? new List <string>() : client.Contacts.ToList(),
CreateDateTime = client.CreateDateTime,
DefaultAcrValues = client.DefaultAcrValues,
DefaultMaxAge = client.DefaultMaxAge,
GrantTypes = client.GrantTypes == null ? new List <GrantType>() : client.GrantTypes.ToList(),
IdTokenEncryptedResponseAlg = client.IdTokenEncryptedResponseAlg,
IdTokenEncryptedResponseEnc = client.IdTokenEncryptedResponseEnc,
IdTokenSignedResponseAlg = client.IdTokenSignedResponseAlg,
InitiateLoginUri = client.InitiateLoginUri,
JsonWebKeys = client.JsonWebKeys == null ? new List <Common.JsonWebKey>() : client.JsonWebKeys.Select(j => j.Copy()).ToList(),
JwksUri = client.JwksUri,
LogoUri = client.LogoUri,
PolicyUri = client.PolicyUri,
PostLogoutRedirectUris = client.PostLogoutRedirectUris == null ? new List <string>() : client.PostLogoutRedirectUris.ToList(),
RedirectionUrls = client.RedirectionUrls == null ? new List <string>() : client.RedirectionUrls.ToList(),
RequestObjectEncryptionAlg = client.RequestObjectEncryptionAlg,
RequestObjectEncryptionEnc = client.RequestObjectEncryptionEnc,
RequestObjectSigningAlg = client.RequestObjectSigningAlg,
RequestUris = client.RequestUris == null ? new List <string>() : client.RequestUris.ToList(),
RequireAuthTime = client.RequireAuthTime,
RequirePkce = client.RequirePkce,
ResponseTypes = client.ResponseTypes == null ? new List <ResponseType>() : client.ResponseTypes.ToList(),
ScimProfile = client.ScimProfile,
Secrets = client.Secrets == null ? new List <ClientSecret>() : client.Secrets.Select(s => s.Copy()).ToList(),
SectorIdentifierUri = client.SectorIdentifierUri,
SubjectType = client.SubjectType,
TokenEndPointAuthMethod = client.TokenEndPointAuthMethod,
TokenEndPointAuthSigningAlg = client.TokenEndPointAuthSigningAlg,
TosUri = client.TosUri,
UpdateDateTime = client.UpdateDateTime,
UserInfoEncryptedResponseAlg = client.UserInfoEncryptedResponseAlg,
UserInfoEncryptedResponseEnc = client.UserInfoEncryptedResponseEnc,
UserInfoSignedResponseAlg = client.UserInfoSignedResponseAlg
});
}
private async Task <AuthenticationResult> ValidateJwsPayLoad(JwsPayload jwsPayload)
{
// The checks are coming from this url : http://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication
var expectedIssuer = await _configurationService.GetIssuerNameAsync();
var jwsIssuer = jwsPayload.Issuer;
var jwsSubject = jwsPayload.GetClaimValue(Jwt.Constants.StandardResourceOwnerClaimNames.Subject);
var jwsAudiences = jwsPayload.Audiences;
var expirationDateTime = jwsPayload.ExpirationTime.ConvertFromUnixTimestamp();
Common.Models.Client client = null;
// 1. Check the issuer is correct.
if (!string.IsNullOrWhiteSpace(jwsIssuer))
{
client = await _clientRepository.GetClientByIdAsync(jwsIssuer);
}
// 2. Check the client is correct.
if (client == null || jwsSubject != jwsIssuer)
{
return(new AuthenticationResult(null, ErrorDescriptions.TheClientIdPassedInJwtIsNotCorrect));
}
// 3. Check if the audience is correct
if (jwsAudiences == null ||
!jwsAudiences.Any() ||
!jwsAudiences.Any(j => j.Contains(expectedIssuer)))
{
return(new AuthenticationResult(null, ErrorDescriptions.TheAudiencePassedInJwtIsNotCorrect));
}
// 4. Check the expiration time
if (DateTime.UtcNow > expirationDateTime)
{
return(new AuthenticationResult(null, ErrorDescriptions.TheReceivedJwtHasExpired));
}
return(new AuthenticationResult(client, null));
}
public void AddNewClient(int id, string lastName, string firstName, string password, int employeeId, ClientTypeEnum clientTypeId)
{
using (var httpClient = new HttpClient())
{
httpClient.BaseAddress = new Uri(URLSERVERBASE);
var client = new Common.Models.Client()
{
Id = id,
FirstName = firstName,
LastName = lastName,
Password = password,
RegisterationDate = DateTime.Now,
RegisteredBy = employeeId,
ClientTypeId = clientTypeId
};
httpClient.DefaultRequestHeaders.Clear();
httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
var response = httpClient.PostAsJsonAsync("api/Clients/AddClient", client).Result;
if (!response.IsSuccessStatusCode)
{
throw new Exception("Can't add this client");
}
}
}
public Task <JwsPayload> GenerateAccessToken(Common.Models.Client client, IEnumerable <string> scopes, string issuerName)
{
return(GenerateAccessToken(new[] { client.ClientId }, scopes, issuerName));
}
