public AuthenticationResult(Core.Common.Models.Client client, string errorMessage) { Client = client; ErrorMessage = errorMessage; }
public async Task <bool> UpdateAsync(Core.Common.Models.Client client) { using (var translation = _context.Database.BeginTransaction()) { try { var grantTypes = client.GrantTypes == null ? string.Empty : ConcatListOfIntegers(client.GrantTypes.Select(k => (int)k).ToList()); var responseTypes = client.ResponseTypes == null ? string.Empty : ConcatListOfIntegers(client.ResponseTypes.Select(r => (int)r).ToList()); var connectedClient = await _context.Clients .Include(c => c.ClientScopes) .FirstOrDefaultAsync(c => c.ClientId == client.ClientId) .ConfigureAwait(false); connectedClient.ClientName = client.ClientName; connectedClient.ClientUri = client.ClientUri; connectedClient.Contacts = ConcatListOfStrings(client.Contacts); connectedClient.DefaultAcrValues = client.DefaultAcrValues; connectedClient.DefaultMaxAge = client.DefaultMaxAge; connectedClient.GrantTypes = grantTypes; connectedClient.IdTokenEncryptedResponseAlg = client.IdTokenEncryptedResponseAlg; connectedClient.IdTokenEncryptedResponseEnc = client.IdTokenEncryptedResponseEnc; connectedClient.IdTokenSignedResponseAlg = client.IdTokenSignedResponseAlg; connectedClient.InitiateLoginUri = client.InitiateLoginUri; connectedClient.JwksUri = client.JwksUri; connectedClient.LogoUri = client.LogoUri; connectedClient.PolicyUri = client.PolicyUri; connectedClient.RedirectionUrls = ConcatListOfStrings(client.RedirectionUrls); connectedClient.RequestObjectEncryptionAlg = client.RequestObjectEncryptionAlg; connectedClient.RequestObjectEncryptionEnc = client.RequestObjectEncryptionEnc; connectedClient.RequestObjectSigningAlg = client.RequestObjectSigningAlg; connectedClient.RequestUris = ConcatListOfStrings(client.RequestUris); connectedClient.PostLogoutRedirectUris = ConcatListOfStrings(client.PostLogoutRedirectUris); connectedClient.RequireAuthTime = client.RequireAuthTime; connectedClient.ResponseTypes = responseTypes; connectedClient.SectorIdentifierUri = client.SectorIdentifierUri; connectedClient.SubjectType = client.SubjectType; connectedClient.TokenEndPointAuthMethod = (TokenEndPointAuthenticationMethods)client.TokenEndPointAuthMethod; connectedClient.TokenEndPointAuthSigningAlg = client.TokenEndPointAuthSigningAlg; connectedClient.TosUri = client.TosUri; connectedClient.UserInfoEncryptedResponseAlg = client.UserInfoEncryptedResponseAlg; connectedClient.UserInfoEncryptedResponseEnc = client.UserInfoEncryptedResponseEnc; connectedClient.UserInfoSignedResponseAlg = client.UserInfoSignedResponseAlg; connectedClient.ScimProfile = client.ScimProfile; connectedClient.UpdateDateTime = DateTime.UtcNow; var scopesNotToBeDeleted = new List <string>(); if (client.AllowedScopes != null) { foreach (var scope in client.AllowedScopes) { var record = connectedClient.ClientScopes.FirstOrDefault(c => c.ScopeName == scope.Name); if (record == null) { record = new ClientScope { ClientId = connectedClient.ClientId, ScopeName = scope.Name }; connectedClient.ClientScopes.Add(record); } scopesNotToBeDeleted.Add(record.ScopeName); } } var scopeNames = connectedClient.ClientScopes.Select(o => o.ScopeName).ToList(); foreach (var scopeName in scopeNames.Where(id => !scopesNotToBeDeleted.Contains(id))) { connectedClient.ClientScopes.Remove(connectedClient.ClientScopes.First(s => s.ScopeName == scopeName)); } await _context.SaveChangesAsync(); translation.Commit(); } catch (Exception ex) { _managerEventSource.Failure(ex); translation.Rollback(); return(false); } } return(true); }
public async Task <bool> InsertAsync(Core.Common.Models.Client client) { using (var transaction = _context.Database.BeginTransaction()) { try { var scopes = new List <ClientScope>(); var jsonWebKeys = new List <JsonWebKey>(); var clientSecrets = new List <ClientSecret>(); var grantTypes = client.GrantTypes == null ? string.Empty : ConcatListOfIntegers(client.GrantTypes.Select(k => (int)k).ToList()); var responseTypes = client.ResponseTypes == null ? string.Empty : ConcatListOfIntegers(client.ResponseTypes.Select(r => (int)r).ToList()); if (client.AllowedScopes != null) { var scopeNames = client.AllowedScopes.Select(s => s.Name).ToList(); scopes = _context.Scopes.Where(s => scopeNames.Contains(s.Name)) .Select(s => new ClientScope { ScopeName = s.Name }) .ToList(); } if (client.JsonWebKeys != null) { client.JsonWebKeys.ForEach(jsonWebKey => { var jsonWebKeyRecord = new JsonWebKey { Kid = jsonWebKey.Kid, Use = (Use)jsonWebKey.Use, Kty = (KeyType)jsonWebKey.Kty, SerializedKey = jsonWebKey.SerializedKey, X5t = jsonWebKey.X5t, X5tS256 = jsonWebKey.X5tS256, X5u = jsonWebKey.X5u == null ? string.Empty : jsonWebKey.X5u.AbsoluteUri, Alg = (AllAlg)jsonWebKey.Alg, KeyOps = jsonWebKey.KeyOps == null ? string.Empty : ConcatListOfIntegers(jsonWebKey.KeyOps.Select(k => (int)k).ToList()) }; jsonWebKeys.Add(jsonWebKeyRecord); }); } if (client.Secrets != null) { foreach (var secret in client.Secrets) { clientSecrets.Add(new ClientSecret { Id = Guid.NewGuid().ToString(), ClientId = client.ClientId, Type = (SecretTypes)secret.Type, Value = secret.Value }); } } var newClient = new Models.Client { ClientId = client.ClientId, ClientName = client.ClientName, ClientUri = client.ClientUri, IdTokenEncryptedResponseAlg = client.IdTokenEncryptedResponseAlg, IdTokenEncryptedResponseEnc = client.IdTokenEncryptedResponseEnc, JwksUri = client.JwksUri, TosUri = client.TosUri, LogoUri = client.LogoUri, PolicyUri = client.PolicyUri, RequestObjectEncryptionAlg = client.RequestObjectEncryptionAlg, RequestObjectEncryptionEnc = client.RequestObjectEncryptionEnc, IdTokenSignedResponseAlg = client.IdTokenSignedResponseAlg, RequireAuthTime = client.RequireAuthTime, SectorIdentifierUri = client.SectorIdentifierUri, SubjectType = client.SubjectType, TokenEndPointAuthSigningAlg = client.TokenEndPointAuthSigningAlg, UserInfoEncryptedResponseAlg = client.UserInfoEncryptedResponseAlg, UserInfoSignedResponseAlg = client.UserInfoSignedResponseAlg, UserInfoEncryptedResponseEnc = client.UserInfoEncryptedResponseEnc, DefaultMaxAge = client.DefaultMaxAge, DefaultAcrValues = client.DefaultAcrValues, InitiateLoginUri = client.InitiateLoginUri, RequestObjectSigningAlg = client.RequestObjectSigningAlg, TokenEndPointAuthMethod = (Models.TokenEndPointAuthenticationMethods)client.TokenEndPointAuthMethod, ApplicationType = (Models.ApplicationTypes)client.ApplicationType, RequestUris = ConcatListOfStrings(client.RequestUris), RedirectionUrls = ConcatListOfStrings(client.RedirectionUrls), Contacts = ConcatListOfStrings(client.Contacts), PostLogoutRedirectUris = ConcatListOfStrings(client.PostLogoutRedirectUris), ClientScopes = scopes, JsonWebKeys = jsonWebKeys, GrantTypes = grantTypes, ResponseTypes = responseTypes, ScimProfile = client.ScimProfile, ClientSecrets = clientSecrets, CreateDateTime = DateTime.UtcNow, UpdateDateTime = DateTime.UtcNow }; _context.Clients.Add(newClient); await _context.SaveChangesAsync().ConfigureAwait(false); transaction.Commit(); } catch (Exception ex) { _managerEventSource.Failure(ex); transaction.Rollback(); return(false); } } return(true); }
public async Task When_Passing_Registration_Parameter_With_Specific_Values_Then_Client_Is_Returned() { // ARRANGE InitializeFakeObjects(); const string clientName = "client_name"; const string clientUri = "client_uri"; const string policyUri = "policy_uri"; const string tosUri = "tos_uri"; const string jwksUri = "jwks_uri"; const string kid = "kid"; const string sectorIdentifierUri = "sector_identifier_uri"; const double defaultMaxAge = 3; const string defaultAcrValues = "default_acr_values"; const bool requireAuthTime = false; const string initiateLoginUri = "initiate_login_uri"; const string requestUri = "request_uri"; var registrationParameter = new RegistrationParameter { ClientName = clientName, ResponseTypes = new List <ResponseType> { ResponseType.token }, GrantTypes = new List <GrantType> { GrantType.@implicit }, ApplicationType = ApplicationTypes.native, ClientUri = clientUri, PolicyUri = policyUri, TosUri = tosUri, JwksUri = jwksUri, Jwks = new JsonWebKeySet(), SectorIdentifierUri = sectorIdentifierUri, IdTokenSignedResponseAlg = Jwt.Constants.JwsAlgNames.RS256, IdTokenEncryptedResponseAlg = Jwt.Constants.JweAlgNames.RSA1_5, IdTokenEncryptedResponseEnc = Jwt.Constants.JweEncNames.A128CBC_HS256, UserInfoSignedResponseAlg = Jwt.Constants.JwsAlgNames.RS256, UserInfoEncryptedResponseAlg = Jwt.Constants.JweAlgNames.RSA1_5, UserInfoEncryptedResponseEnc = Jwt.Constants.JweEncNames.A128CBC_HS256, RequestObjectSigningAlg = Jwt.Constants.JwsAlgNames.RS256, RequestObjectEncryptionAlg = Jwt.Constants.JweAlgNames.RSA1_5, RequestObjectEncryptionEnc = Jwt.Constants.JweEncNames.A128CBC_HS256, TokenEndPointAuthMethod = "client_secret_post", TokenEndPointAuthSigningAlg = Jwt.Constants.JwsAlgNames.RS256, DefaultMaxAge = defaultMaxAge, DefaultAcrValues = defaultAcrValues, RequireAuthTime = requireAuthTime, InitiateLoginUri = initiateLoginUri, RequestUris = new List <string> { requestUri } }; var jsonWebKeys = new List <JsonWebKey> { new JsonWebKey { Kid = kid } }; var client = new Core.Common.Models.Client { ClientName = clientName, ResponseTypes = new List <ResponseType> { ResponseType.token }, GrantTypes = new List <GrantType> { GrantType.@implicit }, ApplicationType = ApplicationTypes.native, ClientUri = clientUri, PolicyUri = policyUri, TosUri = tosUri, JwksUri = jwksUri, JsonWebKeys = new List <JsonWebKey>(), SectorIdentifierUri = sectorIdentifierUri, IdTokenSignedResponseAlg = Jwt.Constants.JwsAlgNames.RS256, IdTokenEncryptedResponseAlg = Jwt.Constants.JweAlgNames.RSA1_5, IdTokenEncryptedResponseEnc = Jwt.Constants.JweEncNames.A128CBC_HS256, UserInfoSignedResponseAlg = Jwt.Constants.JwsAlgNames.RS256, UserInfoEncryptedResponseAlg = Jwt.Constants.JweAlgNames.RSA1_5, UserInfoEncryptedResponseEnc = Jwt.Constants.JweEncNames.A128CBC_HS256, RequestObjectSigningAlg = Jwt.Constants.JwsAlgNames.RS256, RequestObjectEncryptionAlg = Jwt.Constants.JweAlgNames.RSA1_5, RequestObjectEncryptionEnc = Jwt.Constants.JweEncNames.A128CBC_HS256, TokenEndPointAuthMethod = TokenEndPointAuthenticationMethods.client_secret_basic, TokenEndPointAuthSigningAlg = Jwt.Constants.JwsAlgNames.RS256, DefaultMaxAge = defaultMaxAge, DefaultAcrValues = defaultAcrValues, RequireAuthTime = requireAuthTime, InitiateLoginUri = initiateLoginUri, RequestUris = new List <string> { requestUri } }; _generateClientFromRegistrationRequest.Setup(g => g.Execute(It.IsAny <RegistrationParameter>())) .Returns(client); _clientRepositoryFake.Setup(c => c.InsertAsync(It.IsAny <Core.Common.Models.Client>())) .Callback <Core.Common.Models.Client>(c => client = c) .Returns(Task.FromResult(true)); // ACT var result = await _registerClientAction.Execute(registrationParameter); // ASSERT _oauthEventSource.Verify(s => s.StartRegistration(clientName)); _clientRepositoryFake.Verify(c => c.InsertAsync(It.IsAny <Core.Common.Models.Client>())); _oauthEventSource.Verify(s => s.EndRegistration(It.IsAny <string>(), clientName)); Assert.NotEmpty(result.ClientSecret); Assert.True(client.AllowedScopes.Contains(Constants.StandardScopes.OpenId)); Assert.True(client.AllowedScopes.Contains(Constants.StandardScopes.Address)); Assert.True(client.AllowedScopes.Contains(Constants.StandardScopes.Email)); Assert.True(client.AllowedScopes.Contains(Constants.StandardScopes.Phone)); Assert.True(client.AllowedScopes.Contains(Constants.StandardScopes.ProfileScope)); }
public async Task <ActionResult> Execute(AuthorizationParameter authorizationParameter, IPrincipal principal, Core.Common.Models.Client client, string issuerName) { if (authorizationParameter == null) { throw new ArgumentNullException(nameof(authorizationParameter)); } if (client == null) { throw new ArgumentNullException(nameof(client)); } var claimsPrincipal = principal == null ? null : principal as ClaimsPrincipal; _oAuthEventSource.StartAuthorizationCodeFlow( authorizationParameter.ClientId, authorizationParameter.Scope, authorizationParameter.Claims == null ? string.Empty : authorizationParameter.Claims.ToString()); var result = await _processAuthorizationRequest.ProcessAsync(authorizationParameter, claimsPrincipal, client, issuerName); if (!_clientValidator.CheckGrantTypes(client, GrantType.authorization_code)) // 1. Check the client is authorized to use the authorization_code flow. { throw new IdentityServerExceptionWithState( ErrorCodes.InvalidRequestCode, string.Format(ErrorDescriptions.TheClientDoesntSupportTheGrantType, authorizationParameter.ClientId, "authorization_code"), authorizationParameter.State); } if (result.Type == TypeActionResult.RedirectToCallBackUrl) { if (claimsPrincipal == null) { throw new IdentityServerExceptionWithState( ErrorCodes.InvalidRequestCode, ErrorDescriptions.TheResponseCannotBeGeneratedBecauseResourceOwnerNeedsToBeAuthenticated, authorizationParameter.State); } await _generateAuthorizationResponse.ExecuteAsync(result, authorizationParameter, claimsPrincipal, client, issuerName); } var actionTypeName = Enum.GetName(typeof(TypeActionResult), result.Type); _oAuthEventSource.EndAuthorizationCodeFlow( authorizationParameter.ClientId, actionTypeName, result.RedirectInstruction == null ? string.Empty : Enum.GetName(typeof(IdentityServerEndPoints), result.RedirectInstruction.Action)); return(result); }
public static JweAlg?GetUserInfoEncryptedResponseAlg(this Core.Common.Models.Client client) { var algName = client.UserInfoEncryptedResponseAlg; return(GetDefaultEncryptAlg(algName)); }
public Core.Common.Models.Client AuthenticateClient(AuthenticateInstruction instruction, Core.Common.Models.Client client) { if (instruction == null || client == null) { throw new ArgumentNullException("the instruction or client parameter cannot be null"); } if (client.Secrets == null) { return(null); } var clientSecret = client.Secrets.FirstOrDefault(s => s.Type == ClientSecretTypes.SharedSecret); if (clientSecret == null) { return(null); } var sameSecret = string.Compare(clientSecret.Value, _clientPasswordService.Encrypt(instruction.ClientSecretFromHttpRequestBody), StringComparison.CurrentCultureIgnoreCase) == 0; return(sameSecret ? client : null); }
public async Task When_No_Consent_Has_Been_Given_And_ResponseMode_Is_No_Correct_Then_Exception_Is_Thrown() { // ARRANGE InitializeFakeObjects(); const string subject = "subject"; const string state = "state"; var authorizationParameter = new AuthorizationParameter { Claims = null, Scope = "profile", ResponseMode = ResponseMode.None, State = state }; var claims = new List <Claim> { new Claim(Jwt.Constants.StandardResourceOwnerClaimNames.Subject, subject) }; var claimsIdentity = new ClaimsIdentity(claims, "SimpleIdentityServer"); var claimsPrincipal = new ClaimsPrincipal(claimsIdentity); var client = new Core.Common.Models.Client { ClientId = "clientId" }; var resourceOwner = new ResourceOwner { Id = subject }; var actionResult = new ActionResult { Type = TypeActionResult.RedirectToCallBackUrl, RedirectInstruction = new RedirectInstruction() }; ICollection <string> scopeNames = new List <string>(); ICollection <Scope> scopes = new List <Scope>(); _consentHelperFake.Setup(c => c.GetConfirmedConsentsAsync(It.IsAny <string>(), It.IsAny <AuthorizationParameter>())) .Returns(Task.FromResult((Core.Common.Models.Consent)null)); _clientRepositoryFake.Setup(c => c.GetClientByIdAsync(It.IsAny <string>())) .Returns(Task.FromResult(client)); _parameterParserHelperFake.Setup(p => p.ParseScopes(It.IsAny <string>())) .Returns(scopeNames); _resourceOwnerRepositoryFake.Setup(r => r.GetAsync(It.IsAny <string>())) .Returns(Task.FromResult(resourceOwner)); _actionResultFactoryFake.Setup(a => a.CreateAnEmptyActionResultWithRedirectionToCallBackUrl()) .Returns(actionResult); _scopeRepositoryFake.Setup(s => s.SearchByNamesAsync(It.IsAny <IEnumerable <string> >())) .Returns(Task.FromResult(scopes)); _parameterParserHelperFake.Setup(p => p.ParseResponseTypes(It.IsAny <string>())) .Returns(new List <ResponseType> { ResponseType.id_token, ResponseType.id_token }); // ACT & ASSERT var exception = await Assert.ThrowsAsync <IdentityServerExceptionWithState>(() => _confirmConsentAction.Execute(authorizationParameter, claimsPrincipal, null)); Assert.NotNull(exception); Assert.True(exception.Code == ErrorCodes.InvalidRequestCode); Assert.True(exception.Message == ErrorDescriptions.TheAuthorizationFlowIsNotSupported); Assert.True(exception.State == state); }
public async Task ExecuteAsync(ActionResult actionResult, AuthorizationParameter authorizationParameter, ClaimsPrincipal claimsPrincipal, Core.Common.Models.Client client, string issuerName) { if (actionResult == null || actionResult.RedirectInstruction == null) { throw new ArgumentNullException(nameof(actionResult)); } ; if (authorizationParameter == null) { throw new ArgumentNullException(nameof(authorizationParameter)); } if (claimsPrincipal == null) { throw new ArgumentNullException(nameof(claimsPrincipal)); } if (client == null) { throw new ArgumentNullException(nameof(client)); } var newAccessTokenGranted = false; var allowedTokenScopes = string.Empty; GrantedToken grantedToken = null; var newAuthorizationCodeGranted = false; AuthorizationCode authorizationCode = null; _oauthEventSource.StartGeneratingAuthorizationResponseToClient(authorizationParameter.ClientId, authorizationParameter.ResponseType); var responses = _parameterParserHelper.ParseResponseTypes(authorizationParameter.ResponseType); var idTokenPayload = await GenerateIdTokenPayload(claimsPrincipal, authorizationParameter, issuerName); var userInformationPayload = await GenerateUserInformationPayload(claimsPrincipal, authorizationParameter); if (responses.Contains(ResponseType.token)) // 1. Generate an access token. { if (!string.IsNullOrWhiteSpace(authorizationParameter.Scope)) { allowedTokenScopes = string.Join(" ", _parameterParserHelper.ParseScopes(authorizationParameter.Scope)); } grantedToken = await _grantedTokenHelper.GetValidGrantedTokenAsync(allowedTokenScopes, client.ClientId, userInformationPayload, idTokenPayload); if (grantedToken == null) { grantedToken = await _grantedTokenGeneratorHelper.GenerateTokenAsync(client, allowedTokenScopes, issuerName, userInformationPayload, idTokenPayload); newAccessTokenGranted = true; } actionResult.RedirectInstruction.AddParameter(Constants.StandardAuthorizationResponseNames.AccessTokenName, grantedToken.AccessToken); } if (responses.Contains(ResponseType.code)) // 2. Generate an authorization code. { var subject = claimsPrincipal == null ? string.Empty : claimsPrincipal.GetSubject(); var assignedConsent = await _consentHelper.GetConfirmedConsentsAsync(subject, authorizationParameter); if (assignedConsent != null) { // Insert a temporary authorization code // It will be used later to retrieve tha id_token or an access token. authorizationCode = new AuthorizationCode { Code = Guid.NewGuid().ToString(), RedirectUri = authorizationParameter.RedirectUrl, CreateDateTime = DateTime.UtcNow, ClientId = authorizationParameter.ClientId, Scopes = authorizationParameter.Scope, IdTokenPayload = idTokenPayload, UserInfoPayLoad = userInformationPayload }; newAuthorizationCodeGranted = true; actionResult.RedirectInstruction.AddParameter(Constants.StandardAuthorizationResponseNames.AuthorizationCodeName, authorizationCode.Code); } } _jwtGenerator.FillInOtherClaimsIdentityTokenPayload(idTokenPayload, authorizationCode == null ? string.Empty : authorizationCode.Code, grantedToken == null ? string.Empty : grantedToken.AccessToken, authorizationParameter, client); if (newAccessTokenGranted) // 3. Insert the stateful access token into the DB OR insert the access token into the caching. { await _tokenStore.AddToken(grantedToken); _oauthEventSource.GrantAccessToClient(authorizationParameter.ClientId, grantedToken.AccessToken, allowedTokenScopes); } if (newAuthorizationCodeGranted) // 4. Insert the authorization code into the caching. { if (client.RequirePkce) { authorizationCode.CodeChallenge = authorizationParameter.CodeChallenge; authorizationCode.CodeChallengeMethod = authorizationParameter.CodeChallengeMethod; } await _authorizationCodeStore.AddAuthorizationCode(authorizationCode); _oauthEventSource.GrantAuthorizationCodeToClient(authorizationParameter.ClientId, authorizationCode.Code, authorizationParameter.Scope); } if (responses.Contains(ResponseType.id_token)) { var idToken = await GenerateIdToken(idTokenPayload, authorizationParameter); actionResult.RedirectInstruction.AddParameter(Constants.StandardAuthorizationResponseNames.IdTokenName, idToken); } if (!string.IsNullOrWhiteSpace(authorizationParameter.State)) { actionResult.RedirectInstruction.AddParameter(Constants.StandardAuthorizationResponseNames.StateName, authorizationParameter.State); } var sessionState = GetSessionState(authorizationParameter.ClientId, authorizationParameter.OriginUrl, authorizationParameter.SessionId); if (sessionState != null) { actionResult.RedirectInstruction.AddParameter(Constants.StandardAuthorizationResponseNames.SessionState, sessionState); } if (authorizationParameter.ResponseMode == ResponseMode.form_post) { actionResult.Type = TypeActionResult.RedirectToAction; actionResult.RedirectInstruction.Action = IdentityServerEndPoints.FormIndex; actionResult.RedirectInstruction.AddParameter("redirect_uri", authorizationParameter.RedirectUrl); } // Set the response mode if (actionResult.Type == TypeActionResult.RedirectToCallBackUrl) { var responseMode = authorizationParameter.ResponseMode; if (responseMode == ResponseMode.None) { var responseTypes = _parameterParserHelper.ParseResponseTypes(authorizationParameter.ResponseType); var authorizationFlow = _authorizationFlowHelper.GetAuthorizationFlow(responseTypes, authorizationParameter.State); responseMode = GetResponseMode(authorizationFlow); } actionResult.RedirectInstruction.ResponseMode = responseMode; } _oauthEventSource.EndGeneratingAuthorizationResponseToClient(authorizationParameter.ClientId, actionResult.RedirectInstruction.Parameters.SerializeWithJavascript()); }
public static JweEnc?GetRequestObjectEncryptionEnc(this Core.Common.Models.Client client) { var encName = client.RequestObjectEncryptionEnc; return(GetDefaultEncryptEnc(encName)); }
public Core.Common.Models.Client AuthenticateClient(AuthenticateInstruction instruction, Core.Common.Models.Client client) { if (client == null || instruction == null) { throw new ArgumentNullException("the client or instruction cannot be null"); } if (client.Secrets == null) { return(null); } var clientSecret = client.Secrets.FirstOrDefault(s => s.Type == ClientSecretTypes.SharedSecret); if (clientSecret == null) { return(null); } var sameSecret = string.Compare(clientSecret.Value, instruction.ClientSecretFromAuthorizationHeader, StringComparison.CurrentCultureIgnoreCase) == 0; return(sameSecret ? client : null); }
public static JweAlg?GetRequestObjectEncryptionAlg(this Core.Common.Models.Client client) { var algName = client.RequestObjectEncryptionAlg; return(GetDefaultEncryptAlg(algName)); }
public static JwsAlg?GetRequestObjectSigningAlg(this Core.Common.Models.Client client) { var algName = client.RequestObjectSigningAlg; return(GetDefaultJwsAlg(algName)); }
public static JweEnc?GetUserInfoEncryptedResponseEnc(this Core.Common.Models.Client client) { var encName = client.UserInfoEncryptedResponseEnc; return(GetDefaultEncryptEnc(encName)); }
public async Task <ActionResult> Execute(AuthorizationParameter authorizationParameter, IPrincipal principal, Core.Common.Models.Client client, string issuerName) { if (authorizationParameter == null) { throw new ArgumentNullException(nameof(authorizationParameter)); } if (client == null) { throw new ArgumentNullException(nameof(client)); } if (string.IsNullOrWhiteSpace(authorizationParameter.Nonce)) { throw new IdentityServerExceptionWithState( ErrorCodes.InvalidRequestCode, string.Format(ErrorDescriptions.MissingParameter, Constants.StandardAuthorizationRequestParameterNames.NonceName), authorizationParameter.State); } _oAuthEventSource.StartImplicitFlow( authorizationParameter.ClientId, authorizationParameter.Scope, authorizationParameter.Claims == null ? string.Empty : authorizationParameter.Claims.ToString()); if (!_clientValidator.CheckGrantTypes(client, GrantType.@implicit)) { throw new IdentityServerExceptionWithState( ErrorCodes.InvalidRequestCode, string.Format(ErrorDescriptions.TheClientDoesntSupportTheGrantType, authorizationParameter.ClientId, "implicit"), authorizationParameter.State); } var result = await _processAuthorizationRequest.ProcessAsync(authorizationParameter, principal as ClaimsPrincipal, client, issuerName); if (result.Type == TypeActionResult.RedirectToCallBackUrl) { var claimsPrincipal = principal as ClaimsPrincipal; await _generateAuthorizationResponse.ExecuteAsync(result, authorizationParameter, claimsPrincipal, client, issuerName); } var actionTypeName = Enum.GetName(typeof(TypeActionResult), result.Type); _oAuthEventSource.EndImplicitFlow( authorizationParameter.ClientId, actionTypeName, result.RedirectInstruction == null ? string.Empty : Enum.GetName(typeof(IdentityServerEndPoints), result.RedirectInstruction.Action)); return(result); }
public Core.Common.Models.Client AuthenticateClient(AuthenticateInstruction instruction, Core.Common.Models.Client client) { if (instruction == null) { throw new ArgumentNullException(nameof(instruction)); } if (client == null) { throw new ArgumentNullException(nameof(client)); } if (instruction.Certificate == null || client.Secrets == null) { return(null); } var thumbPrint = client.Secrets.FirstOrDefault(s => s.Type == ClientSecretTypes.X509Thumbprint); var name = client.Secrets.FirstOrDefault(s => s.Type == ClientSecretTypes.X509Name); if (thumbPrint == null || name == null) { return(null); } var certificate = instruction.Certificate; var isSameThumbPrint = thumbPrint == null || thumbPrint != null && thumbPrint.Value == certificate.Thumbprint; var isSameName = name == null || name != null && name.Value == certificate.SubjectName.Name; return(isSameName && isSameThumbPrint ? client : null); }
public async Task When_No_Consent_Has_Been_Given_For_The_Claims_Then_Create_And_Insert_A_New_One() { // ARRANGE InitializeFakeObjects(); const string subject = "subject"; const string clientId = "clientId"; var authorizationParameter = new AuthorizationParameter { Claims = new ClaimsParameter { UserInfo = new List <ClaimParameter> { new ClaimParameter { Name = Jwt.Constants.StandardResourceOwnerClaimNames.Subject } } }, Scope = "profile" }; var claims = new List <Claim> { new Claim(Jwt.Constants.StandardResourceOwnerClaimNames.Subject, subject) }; var claimsIdentity = new ClaimsIdentity(claims, "SimpleIdentityServer"); var claimsPrincipal = new ClaimsPrincipal(claimsIdentity); var client = new Core.Common.Models.Client { ClientId = clientId }; var resourceOwner = new ResourceOwner { Id = subject }; var actionResult = new ActionResult { RedirectInstruction = new RedirectInstruction() }; ICollection <Scope> scopes = new List <Scope>(); _consentHelperFake.Setup(c => c.GetConfirmedConsentsAsync(It.IsAny <string>(), It.IsAny <AuthorizationParameter>())) .Returns(Task.FromResult((Core.Common.Models.Consent)null)); _clientRepositoryFake.Setup(c => c.GetClientByIdAsync(It.IsAny <string>())) .Returns(Task.FromResult(client)); _parameterParserHelperFake.Setup(p => p.ParseScopes(It.IsAny <string>())) .Returns(new List <string>()); _scopeRepositoryFake.Setup(s => s.SearchByNamesAsync(It.IsAny <IEnumerable <string> >())) .Returns(Task.FromResult(scopes)); _authenticateResourceOwnerServiceStub.Setup(r => r.AuthenticateResourceOwnerAsync(It.IsAny <string>())) .Returns(Task.FromResult(resourceOwner)); _actionResultFactoryFake.Setup(a => a.CreateAnEmptyActionResultWithRedirectionToCallBackUrl()) .Returns(actionResult); Core.Common.Models.Consent insertedConsent = null; _consentRepositoryFake.Setup(co => co.InsertAsync(It.IsAny <Core.Common.Models.Consent>())) .Callback <Core.Common.Models.Consent>(consent => insertedConsent = consent) .Returns(Task.FromResult(new Core.Common.Models.Consent())); // ACT await _confirmConsentAction.Execute(authorizationParameter, claimsPrincipal); // ASSERT Assert.NotNull(insertedConsent); Assert.True(insertedConsent.Claims.Contains(Jwt.Constants.StandardResourceOwnerClaimNames.Subject)); Assert.True(insertedConsent.ResourceOwner.Id == subject); Assert.True(insertedConsent.Client.ClientId == clientId); _actionResultFactoryFake.Verify(a => a.CreateAnEmptyActionResultWithRedirectionToCallBackUrl()); }
public static JwsAlg?GetIdTokenSignedResponseAlg(this Core.Common.Models.Client client) { var algName = client.IdTokenSignedResponseAlg; return(GetDefaultJwsAlg(algName)); }