/// <summary> /// Builds the full Uri for starting the OpenID Connect authentication / authorization process against the server /// using browser-based authentication / authorization. /// </summary> /// <param name="config">OAuth / OpenID Connect configuration of the client</param> /// <param name="responseType">OIDC response type</param> /// <param name="args"><see cref="BrowserBasedAuthorizationArgs"/> specifying arguments for the process to start</param> /// <param name="query">Query parameters to populate</param> /// <returns><see cref="Uri"/> to use for starting the process</returns> private static void BuildAuthorizationUriQuery( IBrowserBasedAuthorizationConfig config, string responseType, BrowserBasedAuthorizationArgs args, NameValueCollection query) { query["response_type"] = responseType; query["client_id"] = config.ClientID; query["showRememberMe"] = config.ShowRememberMe ? "true" : "false"; if (config.RedirectUri != null) { query["redirect_uri"] = config.RedirectUri; } if (config.Scope != null) { query["scope"] = config.Scope; } if (args != null && args.State != null) { query["state"] = args.State; } if (args != null && args.Nonce != null) { query["nonce"] = args.Nonce; } }
/// <summary> /// Initializes an <see cref="IAuthzApiConfig"/> instance based on the given <paramref name="browserBasedAuthorizationConfig"/> /// object representing OAuth 2.0 configuration used for connecting to the 10Duke Entitlement service. /// This method assumes that the <c>/authz/</c> endpoint is on the same host as the OAuth 2.0 authorization /// endpoint, that the <c>/authz/</c> endpoint is in the root context. /// </summary> /// <param name="browserBasedAuthorizationConfig"><see cref="IBrowserBasedAuthorizationConfig"/> representing OAuth 2.0 configuration /// for connecting to the 10Duke Entitlement service. If <c>null</c>, this method returns <c>null</c>.</param> /// <returns>The <see cref="IAuthzApiConfig"/> object, or <c>null</c> if <paramref name="browserBasedAuthorizationConfig"/> is <c>null</c>.</returns> public static IAuthzApiConfig FromOAuthConfig(IBrowserBasedAuthorizationConfig browserBasedAuthorizationConfig) { return(browserBasedAuthorizationConfig == null ? null : new AuthzApiConfig() { EndpointUri = BuildDefaultAuthzUri(browserBasedAuthorizationConfig.AuthzUri).ToString(), SignerKey = browserBasedAuthorizationConfig.SignerKey, AllowInsecureCerts = browserBasedAuthorizationConfig.AllowInsecureCerts }); }
/// <summary> /// Builds the full Uri for starting the OpenID Connect authentication / authorization process against the server /// using browser-based Authorization Code Grant flow (optionally with PKCE). /// </summary> /// <param name="config">OAuth / OpenID Connect configuration of the client</param> /// <param name="responseType">OIDC response type</param> /// <param name="args"><see cref="AuthorizationCodeGrantArgs"/> specifying arguments for the process to start</param> /// <param name="query">Query parameters to populate</param> /// <returns><see cref="Uri"/> to use for starting the process</returns> private static void BuildAuthorizationUriQuery( IBrowserBasedAuthorizationConfig config, string responseType, AuthorizationCodeGrantArgs args, NameValueCollection query) { BuildAuthorizationUriQuery(config, responseType, args as BrowserBasedAuthorizationArgs, query); if (args != null && args.CodeVerifier != null) { query["code_challenge_method"] = "S256"; query["code_challenge"] = args.ComputeCodeChallenge(); } }
/// <summary> /// Builds the full Uri for starting the OpenID Connect authentication / authorization process against the server /// using browser-based authentication / authorization. /// </summary> /// <param name="config">OAuth / OpenID Connect configuration of the client</param> /// <param name="responseType">OIDC response type</param> /// <param name="args">Arguments for the OIDC process to start</param> /// <returns><see cref="Uri"/> to use for starting the process</returns> private static Uri BuildAuthorizationUriInternal <A>( IBrowserBasedAuthorizationConfig config, string responseType, A args, AuthorizationUriQueryBuilderFunc <A> authzUriQueryBuilder) where A : BrowserBasedAuthorizationArgs { AssertConfig(config); var uriBuilder = new UriBuilder(config.AuthzUri); var query = HttpUtility.ParseQueryString(uriBuilder.Query); authzUriQueryBuilder(config, responseType, args, query); uriBuilder.Query = query.ToString(); return(uriBuilder.Uri); }
/// <summary> /// Asserts that the given OAuth / OIDC configuration is valid. /// </summary> /// <param name="config">OAuth / OpenID Connect configuration of the client</param> private static void AssertConfig(IBrowserBasedAuthorizationConfig config) { if (config == null) { throw new InvalidOperationException("OAuthConfig must be specified"); } if (config.ClientID == null) { throw new InvalidOperationException("OAuthConfig.ClientID must be specified"); } if (config.AuthzUri == null) { throw new InvalidOperationException("OAuthConfig.AuthzUri must be specified"); } }
/// <summary> /// Initialized a new instance of the <see cref="BrowserBasedAuthorizationConfigWrapper"/> class. /// </summary> /// <param name="wrapped">The wrapped config object.</param> protected BrowserBasedAuthorizationConfigWrapper(IBrowserBasedAuthorizationConfig wrapped) { Wrapped = wrapped; }
/// <summary> /// Builds the full Uri for starting the OpenID Connect authentication / authorization process against the server /// using browser-based authentication / authorization. /// </summary> /// <param name="config">OAuth / OpenID Connect configuration of the client</param> /// <param name="responseType">OIDC response type</param> /// <param name="args"><see cref="BrowserBasedAuthorizationArgs"/> specifying arguments for the process to start</param> /// <returns><see cref="Uri"/> to use for starting the process</returns> public static Uri BuildAuthorizationUri(IBrowserBasedAuthorizationConfig config, string responseType, BrowserBasedAuthorizationArgs args) { return(BuildAuthorizationUriInternal(config, responseType, args, BuildAuthorizationUriQuery)); }