protected DataModels.Approval Approve(DataModels.Client Client, DataModels.ResourceOwner Owner, string Scope) { DataModels.Approval approval = ApprovalModel.GetApproval(Client, Owner); if (approval == null || TokenHelper.MissingScopesArray(Scope, approval.scope).Length != 0) { string apprUrl = Request.GetApplicationUrl(); if (!apprUrl.EndsWith("/")) { apprUrl += '/'; } UriBuilder bldr = new UriBuilder(apprUrl); bldr.Path += "approval"; string query = "client_id=" + Client.id + "&redirect=" + Request.AbsoluteUri.UrlEncode(); if (Scope != null) { query += "&scope=" + Scope.UrlEncode(); } bldr.Query = query; Response.AddHeader("Location", bldr.ToString()); Response.StatusCode = (int)System.Net.HttpStatusCode.Redirect; return(null); } return(approval); }
protected void HandleRefreshTokenGrant(ITokenRequest TokenRequest, DataModels.Client Client) { if (Client.type == DataModels.ClientTypes.user_agent_based_application || string.IsNullOrWhiteSpace(Client.secret)) { throw new DataModels.TokenRequestError(DataModels.ErrorCodes.unauthorized_client, "Only secure clients are supported for refreshing tokens"); } string redirectURI = GetRedirectURI(TokenRequest, Client); if (string.IsNullOrWhiteSpace(redirectURI)) { throw new DataModels.TokenRequestError(DataModels.ErrorCodes.invalid_request, "No Redirect URI provided and no Registered Redirect URI available"); } DataModels.TokenResponse res = RefreshTokenGrantHandler.Exchange <DataModels.TokenResponse>(TokenRequest.refresh_token, Client.id); if (res == null) { throw new DataModels.TokenRequestError(DataModels.ErrorCodes.server_error, "Unknown Error refreshing token"); } res.state = TokenRequest.state; UriBuilder bldr = new UriBuilder(redirectURI); bldr.Query = res.ToURIString(); Response.StatusCode = (int)System.Net.HttpStatusCode.Redirect; Response.AddHeader("Location", bldr.ToString()); }
protected void HandleCodeExchange(ITokenRequest TokenRequest, DataModels.Client Client) { DataModels.TokenResponse res = CodeGrantHanldler.Exchange <DataModels.TokenResponse>(TokenRequest, Client); if (res == null) { throw new DataModels.TokenRequestError(DataModels.ErrorCodes.server_error, "Unknown error exchanging code"); } res.state = TokenRequest.state; string uri = GetRedirectURI(TokenRequest, Client); if (string.IsNullOrWhiteSpace(uri)) { throw new DataModels.TokenRequestError(DataModels.ErrorCodes.invalid_request, "No Redirect URI provided and no Registered Redirect URI available"); } UriBuilder bldr = new UriBuilder(uri); bldr.Query = res.ToURIString(); Response.StatusCode = (int)System.Net.HttpStatusCode.Redirect; Response.AddHeader("Location", bldr.ToString()); return; }
public Approval GetApprovalByRefreshToken(DataModels.Client Client, string RefreshToken) { if (Client == null) { throw new ArgumentNullException("Client"); } return(GetApprovalByRefreshToken(Client.id, RefreshToken)); }
public object Get(ApprovalRequest ApprovalRequest) { Uri redirectURI = null; Uri current = new Uri(Request.AbsoluteUri); ApprovalData data = new ApprovalData(); if (!Uri.TryCreate(ApprovalRequest.redirect, UriKind.RelativeOrAbsolute, out redirectURI) || (redirectURI.IsAbsoluteUri && redirectURI.Host != current.Host)) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Redirect URI", data); } data.Redirect = ApprovalRequest.redirect; DataModels.ResourceOwner user = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner"); if (user == null) { UriBuilder bldr = new UriBuilder(Request.GetApplicationUrl()); bldr.Path += "/auth/login"; bldr.Query = "redirect=" + Request.AbsoluteUri.UrlEncode(); return(new HttpResult(data) { Headers = { { "Location", bldr.ToString() } }, StatusCode = System.Net.HttpStatusCode.Redirect, }); } data.User = user; DataModels.Client client = ClientModel.GetClientByID(ApprovalRequest.client_id); if (client == null) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Client ID", data); } if (!string.IsNullOrWhiteSpace(client.owned_by)) { data.Owner = ResourceOwnerModel.GetByID(client.owned_by); } data.Client = client; string[] scopes = ApprovalRequest.scope == null ? new string[] {} : ApprovalRequest.scope.Split(new char[] { ' ', ';', ',' }, StringSplitOptions.RemoveEmptyEntries); List <DataModels.Scope> scopeDetails = ScopeModel.GetScopeDetails(scopes).ToList(); if (scopeDetails.Count != scopes.Length) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_scope, "Invalid Scope(s) requested", data); } data.RequestedScopes = scopeDetails; return((IApprovalData)data); }
protected void HandleCodeGrant(ITokenRequest TokenRequest, DataModels.Client Client) { if (Client.type == DataModels.ClientTypes.user_agent_based_application || string.IsNullOrWhiteSpace(Client.secret)) { throw new DataModels.TokenRequestError(DataModels.ErrorCodes.unauthorized_client, "Only secure clients are supported for code grants"); } DataModels.ResourceOwner owner = Authenticate(); if (owner == null) { return; } DataModels.Approval approval = Approve(Client, owner, TokenRequest.scope); if (approval == null) { return; } DataModel.AuthorizationCode code = CodeGrantHanldler.Authorize(TokenRequest, approval, Client, owner); if (code == null) { throw new DataModels.TokenRequestError(DataModels.ErrorCodes.server_error, "Unknown server error"); } string redirect = GetRedirectURI(TokenRequest, Client); UriBuilder bldr = new UriBuilder(redirect); string queryParms = "code=" + code.authorization_code; if (!string.IsNullOrWhiteSpace(code.scope)) { queryParms += "&scope=" + code.scope.UrlEncode(); } if (TokenRequest.state != null) { queryParms += "&state=" + TokenRequest.state.UrlEncode(); } bldr.Query = queryParms; Response.StatusCode = (int)System.Net.HttpStatusCode.Redirect; Response.AddHeader("Location", bldr.ToString()); return; }
protected void HandleTokenGrant(ITokenRequest TokenRequest, DataModels.Client Client) { DataModels.ResourceOwner owner = Authenticate(); if (owner == null) { return; } DataModels.Approval approval = Approve(Client, owner, TokenRequest.scope); if (approval == null) { return; } DataModels.TokenResponse token = TokenGrantHandler.Authorize <DataModels.TokenResponse>(Client, owner, approval.scope); token.state = TokenRequest.state.UrlEncode(); string toRedirect = GetRedirectURI(TokenRequest, Client); if (toRedirect == null) { throw new DataModels.TokenRequestError(DataModels.ErrorCodes.invalid_request, "No Registerd Redirect URI"); } UriBuilder bldr = new UriBuilder(toRedirect); if (Client.type == DataModels.ClientTypes.web_application) { bldr.Query += token.ToURIString(); } else { if (!string.IsNullOrWhiteSpace(bldr.Fragment)) { bldr.Fragment = bldr.Fragment.SafeSubstring(1, bldr.Fragment.Length - 1) + '?' + token.ToURIString(); } else { bldr.Fragment = token.ToURIString(); } } Response.StatusCode = (int)System.Net.HttpStatusCode.Redirect; Response.AddHeader("Location", bldr.ToString()); return; }
protected string GetRedirectURI(ITokenRequest request, DataModels.Client Client) { Uri clientURI = null; Uri.TryCreate(Client.redirect_uri, UriKind.RelativeOrAbsolute, out clientURI); if (request.redirect_uri != null && request.redirect_uri.IsAbsoluteUri) { return(request.redirect_uri.ToString()); } if (clientURI != null && clientURI.IsAbsoluteUri) { return(clientURI.ToString()); } return(null); }
public T Exchange <T>(DataModels.ITokenRequest Request, DataModels.Client Client) where T : DataModels.Token, new() { Server.DataModel.AuthorizationCode code = AuthorizationCodeModel.GetAuthorizationCode(Request.code, Client.id, Request.redirect_uri != null ? Request.redirect_uri.ToString() : null); if (code == null) { throw new DataModels.TokenRequestError(DataModels.ErrorCodes.invalid_request, "Invalid token"); } DataModels.Approval Approval = ApprovalModel.GetApproval(Client.id, code.resource_owner_id); if (!AuthorizationCodeModel.DeleteAuthorizationCode(code.authorization_code, code.client_id, code.redirect_uri)) { throw new DataModels.TokenRequestError(DataModels.ErrorCodes.access_denied, "Code already used"); } return(TokenModel.InsertToken <T>( Extension.TokenHelper.CreateAccessToken(), DataModels.TokenTypes.bearer, 3600, DateTime.Now.GetTotalSeconds(), Client.id, Approval.scope, Approval.resource_owner_id, Approval.refresh_token)); }
public Server.DataModel.AuthorizationCode InsertAuthorizationCode(string AuthorizationCode, DataModels.Client Client, DataModels.ResourceOwner ResourceOwner, long IssueTime, string Scope = "", string RedirectURI = null) { return(InsertAuthorizationCode(AuthorizationCode, Client.id, ResourceOwner.id, IssueTime, Scope, RedirectURI)); }
public Server.DataModel.AuthorizationCode InsertAuthorizationCode(string AuthorizationCode, DataModels.Client Client, DataModels.ResourceOwner ResourceOwner, long IssueTime, List <DataModels.Scope> Scope, Uri RedirectURI) { return(InsertAuthorizationCode(AuthorizationCode, Client, ResourceOwner, IssueTime, Scope, (RedirectURI != null) ? RedirectURI.ToString() : null)); }
public Server.DataModel.AuthorizationCode InsertAuthorizationCode(string AuthorizationCode, DataModels.Client Client, DataModels.ResourceOwner ResourceOwner, long IssueTime, List <DataModels.Scope> Scope, string RedirectURI) { string scope = ""; if (Scope != null) { foreach (DataModels.Scope scopeDesc in Scope) { scope += scopeDesc.scope_name + " "; } scope = scope.Trim(); } return(InsertAuthorizationCode(AuthorizationCode, Client, ResourceOwner, IssueTime, scope, RedirectURI)); }
public Server.DataModel.AuthorizationCode Authorize(DataModels.ITokenRequest Request, DataModels.Approval Approval, DataModels.Client Client, DataModels.ResourceOwner Owner) { Server.DataModel.AuthorizationCode code = AuthorizationCodeModel.InsertAuthorizationCode( Extension.TokenHelper.CreateAccessToken(), Client, Owner, DateTime.Now.GetTotalSeconds(), Approval.scope, Request.redirect_uri); if (code == null) { throw new DataModels.TokenRequestError(DataModels.ErrorCodes.server_error, "Error storing access code"); } if (string.IsNullOrWhiteSpace(Approval.refresh_token)) { Approval.refresh_token = Extension.TokenHelper.CreateAccessToken(); if (!ApprovalModel.AddOrUpdateApproval(Approval)) { AuthorizationCodeModel.DeleteAuthorizationCode(code.authorization_code, code.client_id, code.redirect_uri); throw new DataModels.TokenRequestError(DataModels.ErrorCodes.server_error, "Error updating approval"); } } return(code); }
public T InsertToken <T>(string AccessToken, DataModels.TokenTypes TokenType, long ExpiresIn, long IssuedTime, DataModels.Client Client, string Scope = "", DataModels.ResourceOwner ResourceOwner = null, string RefreshToken = null) where T : DataModels.Token, new() { return(InsertToken <T>(AccessToken, TokenType, ExpiresIn, IssuedTime, Client.id, Scope, ResourceOwner.id, RefreshToken)); }
public object Post(ApprovalResponse ApprovalResponse) { ApprovalData data = new ApprovalData(); data.User = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner"); Request.Items.Add("Model", data); data.Redirect = ApprovalResponse.redirect; Uri referrerURI = Request.GetReferrerURI(); Uri current = new Uri(Request.AbsoluteUri); //CRSF protection if (!referrerURI.SchemeHostPathMatch(current)) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Request", ApprovalResponse); } Uri redirectURI = null; if (!Uri.TryCreate(ApprovalResponse.redirect, UriKind.RelativeOrAbsolute, out redirectURI) || (redirectURI.IsAbsoluteUri && redirectURI.Host != current.Host)) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Redirect URI", data); } data.Redirect = redirectURI.ToString(); DataModels.ResourceOwner owner = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner"); if (owner == null) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.access_denied, "Not Authenticated", data); } data.Owner = owner; DataModels.Client client = ClientModel.GetClientByID(ApprovalResponse.client_id); if (client == null) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Client ID", data); } data.Client = client; List <DataModels.Scope> scopes = ScopeModel.GetScopeDetails(ApprovalResponse.approved_scopes).ToList(); string scope = ""; if (scopes != null) { scopes.ForEach((cur) => scope += cur.scope_name + " "); } data.RequestedScopes = scopes; DataModels.Approval approval = new DataModels.Approval() { client_id = client.id, resource_owner_id = owner.id, type = DataModels.ApprovalTypes.user_granted, scope = scope, }; if (!ApprovalModel.AddOrUpdateApproval(approval)) { throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.server_error, "Error storing approval", data); } return(new HttpResult(data) { StatusCode = System.Net.HttpStatusCode.Redirect, Location = ApprovalResponse.redirect }); }
public T InsertToken <T>(string AccessToken, DataModels.TokenTypes TokenType, long ExpiresIn, long IssuedTime, DataModels.Client Client, IEnumerable <DataModels.Scope> Scope, DataModels.ResourceOwner ResourceOwner = null, string RefreshToken = null) where T : DataModels.Token, new() { string scope = ""; if (Scope != null) { foreach (DataModels.Scope scopeDetails in Scope) { scope += scopeDetails.scope_name + " "; } scope = scope.Trim(); } return(InsertToken <T>(AccessToken, TokenType, ExpiresIn, IssuedTime, Client.id, scope, ResourceOwner.id, RefreshToken)); }
protected DataModels.TokenResponse HandleClientCredentialsGrant(ITokenRequest Request, DataModels.Client Client) { DataModels.TokenResponse res = ClientGrantHanlder.Authorize <DataModels.TokenResponse>(Request, Client); res.state = Request.state; Response.StatusCode = (int)System.Net.HttpStatusCode.Created; return(res); }