public static ListedCapabilityStatement AddProxyOAuthSecurityService(this ListedCapabilityStatement statement, IUrlResolver urlResolver, string authorizeRouteName, string tokenRouteName) { EnsureArg.IsNotNull(statement, nameof(statement)); EnsureArg.IsNotNull(urlResolver, nameof(urlResolver)); EnsureArg.IsNotNullOrWhiteSpace(authorizeRouteName, nameof(authorizeRouteName)); EnsureArg.IsNotNullOrWhiteSpace(tokenRouteName, nameof(tokenRouteName)); var restComponent = statement.GetListedRestComponent(); var security = restComponent.Security ?? new CapabilityStatement.SecurityComponent(); security.Service.Add(Constants.RestfulSecurityServiceOAuth); var tokenEndpoint = urlResolver.ResolveRouteNameUrl(tokenRouteName, null); var authorizationEndpoint = urlResolver.ResolveRouteNameUrl(authorizeRouteName, null); var smartExtension = new Extension() { Url = Constants.SmartOAuthUriExtension, Extension = new List <Extension> { new Extension(Constants.SmartOAuthUriExtensionToken, new FhirUri(tokenEndpoint)), new Extension(Constants.SmartOAuthUriExtensionAuthorize, new FhirUri(authorizationEndpoint)), }, }; security.Extension.Add(smartExtension); restComponent.Security = security; return(statement); }
private void AddProxyOAuthSecurityService(ListedCapabilityStatement statement, string authorizeRouteName, string tokenRouteName) { EnsureArg.IsNotNull(statement, nameof(statement)); EnsureArg.IsNotNullOrWhiteSpace(authorizeRouteName, nameof(authorizeRouteName)); EnsureArg.IsNotNullOrWhiteSpace(tokenRouteName, nameof(tokenRouteName)); ListedRestComponent restComponent = statement.Rest.Server(); SecurityComponent security = restComponent.Security ?? new SecurityComponent(); var codableConceptInfo = new CodableConceptInfo(); security.Service.Add(codableConceptInfo); codableConceptInfo.Coding.Add(_modelInfoProvider.Version == FhirSpecification.Stu3 ? Constants.RestfulSecurityServiceStu3OAuth : Constants.RestfulSecurityServiceOAuth); Uri tokenEndpoint = _urlResolver.ResolveRouteNameUrl(tokenRouteName, null); Uri authorizationEndpoint = _urlResolver.ResolveRouteNameUrl(authorizeRouteName, null); var smartExtension = new { url = Constants.SmartOAuthUriExtension, extension = new[] { new { url = Constants.SmartOAuthUriExtensionToken, valueUri = tokenEndpoint, }, new { url = Constants.SmartOAuthUriExtensionAuthorize, valueUri = authorizationEndpoint, }, }, }; security.Extension.Add(JObject.FromObject(smartExtension)); restComponent.Security = security; }
public void GivenIncompleteQueryParams_WhenAuthorizeRequestAction_ThenRedirectResultReturned( string responseType, string clientId, string redirectUri, string launch, string scope, string state, string aud) { Uri redirect = null; if (!string.IsNullOrEmpty(redirectUri)) { redirect = new Uri(redirectUri); } _urlResolver.ResolveRouteNameUrl(Arg.Any <string>(), Arg.Any <IDictionary <string, object> >()).Returns(redirect); var result = _controller.Authorize(responseType, clientId, redirect, launch, scope, state, aud); var redirectResult = result as RedirectResult; Assert.NotNull(redirectResult); var uri = new Uri(redirectResult.Url); var queryParams = HttpUtility.ParseQueryString(uri.Query); Assert.Equal(responseType, queryParams["response_type"]); Assert.Equal(clientId, queryParams["client_id"]); if (!string.IsNullOrEmpty(redirectUri)) { Assert.Contains(redirect.Host, uri.AbsoluteUri); } if (!string.IsNullOrEmpty(scope)) { Assert.NotNull(queryParams["scope"]); } if (!string.IsNullOrEmpty(state)) { Assert.NotNull(queryParams["state"]); } }
public ActionResult AvailableVersions() { _logger.LogInformation("Attempting to get available schemas"); var availableSchemas = new List <object>(); var currentVersion = _schemaInformation.Current ?? 0; foreach (var version in Enum.GetValues(typeof(SchemaVersion)).Cast <SchemaVersion>().Where(sv => sv >= currentVersion)) { var routeValues = new Dictionary <string, object> { { "id", (int)version } }; Uri scriptUri = _urlResolver.ResolveRouteNameUrl(RouteNames.Script, routeValues); availableSchemas.Add(new { id = version, script = scriptUri }); } return(new JsonResult(availableSchemas)); }
public ActionResult Authorize( [FromQuery(Name = "response_type")] string responseType, [FromQuery(Name = "client_id")] string clientId, [FromQuery(Name = "redirect_uri")] Uri redirectUri, [FromQuery(Name = "launch")] string launch, [FromQuery(Name = "scope")] string scope, [FromQuery(Name = "state")] string state, [FromQuery(Name = "aud")] string aud) { if (string.IsNullOrEmpty(launch)) { launch = Base64UrlEncoder.Encode("{}"); } var newStateObj = new JObject { { "s", state }, { "l", launch }, }; var queryBuilder = new QueryBuilder(); if (!string.IsNullOrEmpty(responseType)) { queryBuilder.Add("response_type", responseType); } if (!string.IsNullOrEmpty(clientId)) { queryBuilder.Add("client_id", clientId); } try { var callbackUrl = _urlResolver.ResolveRouteNameUrl(RouteNames.AadSmartOnFhirProxyCallback, new RouteValueDictionary { { "encodedRedirect", Base64UrlEncoder.Encode(redirectUri.ToString()) } }); queryBuilder.Add("redirect_uri", callbackUrl.AbsoluteUri); } catch (Exception ex) { _logger.LogDebug(ex, "Redirect URL passed to Authorize failed to resolve."); } if (!_isAadV2 && !string.IsNullOrEmpty(aud)) { queryBuilder.Add("resource", aud); } else if (!string.IsNullOrEmpty(scope)) { // Azure AD v2.0 uses fully qualified scopes and does not allow '/' (slash) // We add qualification to scopes and replace '/' -> '$' var scopes = scope.Split(' '); var scopesBuilder = new StringBuilder(); string[] wellKnownScopes = { "profile", "openid", "email", "offline_access" }; foreach (var s in scopes) { if (wellKnownScopes.Contains(s)) { scopesBuilder.Append($"{s} "); } else { scopesBuilder.Append($"{aud}/{s.Replace('/', '$')} "); } } var newScopes = scopesBuilder.ToString().TrimEnd(' '); queryBuilder.Add("scope", Uri.EscapeDataString(newScopes)); } if (!string.IsNullOrEmpty(state)) { string newState = Base64UrlEncoder.Encode(newStateObj.ToString()); queryBuilder.Add("state", newState); } return(Redirect($"{_aadAuthorizeEndpoint}{queryBuilder}")); }