public CommandResult Run(HttpRequestData request, IOptions options, HttpSessionState session) { if (request == null) { throw new ArgumentNullException(nameof(request)); } if (options == null) { throw new ArgumentNullException(nameof(options)); } var urls = new OpenIDUrls(options.RPOptions, request.ApplicationUrl); OIDCAuthCodeResponseMessage authResponse = GetAuthResponse(request, session); OIDCTokenResponseMessage tokenResponse = GetToken(authResponse, options, session, urls.CodeCallbackCommand.ToString()); OIDCUserInfoRequestMessage userInfoRequestMessage = new OIDCUserInfoRequestMessage(); OIDCUserInfoResponseMessage userInfoResponse = GetUserInfo(authResponse, options, session, tokenResponse.AccessToken); var principal = GetPrincipal(userInfoResponse, options, session); string ReturnUrl = request.QueryString["ReturnUrl"].FirstOrDefault() ?? urls.ApplicationBase.ToString(); return(new CommandResult() { HttpStatusCode = HttpStatusCode.SeeOther, Location = new Uri(ReturnUrl), Principal = principal }); }
/// <summary> /// Get user information from the OP after user authentication /// </summary> /// <param name="url">The url to be used to retrieve user information</param> /// <param name="userInfoRequestMessage">The user info request message</param> /// <param name="accessToken">The access token obtain during authentication</param> /// <returns>The response message containing user information</returns> public OIDCUserInfoResponseMessage GetUserInfo(string url, OIDCUserInfoRequestMessage userInfoRequestMessage, string accessToken, string idTokenSub = null, bool bearer = true, string ClientSecret = null, List <OIDCKey> RPKeys = null) { WebRequest request; if (bearer) { request = WebRequest.Create(url); request.Headers.Add("Authorization", "Bearer " + accessToken); } else { request = WebRequest.Create(url + "?access_token=" + accessToken); } string returnedString = WebOperations.PostUrlContent(request, userInfoRequestMessage); string jsonToken = userInfoRequestMessage.CheckSignatureAndDecryptJWT(returnedString, null, ClientSecret, RPKeys); Dictionary <string, object> returnedJson = Deserializer.DeserializeFromJson <Dictionary <string, object> >(jsonToken); if (returnedJson.Keys.Contains("error")) { OIDCResponseError error = new OIDCResponseError(); error.DeserializeFromDictionary(returnedJson); throw new OIDCException("Error while asking for user info: " + error.Error + "\n" + error.ErrorDescription); } OIDCUserInfoResponseMessage userInfoResponse = new OIDCUserInfoResponseMessage(); userInfoResponse.DeserializeFromDictionary(returnedJson); if (idTokenSub != null && userInfoResponse.Sub != idTokenSub) { throw new OIDCException("Wrong sub in UserInfo, it does not match idToken's."); } return(userInfoResponse); }
public void Should_Authenticate_With_Claims_In_Scope_Basic() { rpid = "rp-scope-userinfo_claims"; // given OIDCAuthorizationRequestMessage requestMessage = new OIDCAuthorizationRequestMessage(); requestMessage.ClientId = clientInformation.ClientId; OIDClaims requestClaims = new OIDClaims(); requestClaims.Userinfo = new Dictionary <string, OIDClaimData>(); requestClaims.Userinfo.Add("name", new OIDClaimData()); requestMessage.Scope = new List <MessageScope>() { MessageScope.Openid, MessageScope.Profile, MessageScope.Email, MessageScope.Address, MessageScope.Phone }; requestMessage.ResponseType = new List <ResponseType>() { ResponseType.IdToken, ResponseType.Token }; requestMessage.RedirectUri = clientInformation.RedirectUris[0]; requestMessage.Nonce = WebOperations.RandomString(); requestMessage.State = WebOperations.RandomString(); requestMessage.Claims = requestClaims; requestMessage.Validate(); OpenIdRelyingParty rp = new OpenIdRelyingParty(); rp.Authenticate(GetBaseUrl("/authorization"), requestMessage); semaphore.WaitOne(); OIDCAuthImplicitResponseMessage authResponse = rp.ParseAuthImplicitResponse(result, requestMessage.Scope, requestMessage.State); OIDCUserInfoRequestMessage userInfoRequestMessage = new OIDCUserInfoRequestMessage(); userInfoRequestMessage.Scope = authResponse.Scope; userInfoRequestMessage.State = authResponse.State; // when OIDCUserInfoResponseMessage response = rp.GetUserInfo(GetBaseUrl("/userinfo"), userInfoRequestMessage, authResponse.AccessToken); // then response.Validate(); Assert.IsNotNullOrEmpty(response.Name); Assert.IsNotNullOrEmpty(response.GivenName); Assert.IsNotNullOrEmpty(response.FamilyName); Assert.IsNotNullOrEmpty(response.Email); Assert.IsNotNull(response.Address); Assert.IsNotNullOrEmpty(response.Address.StreetAddress); Assert.IsNotNullOrEmpty(response.Address.PostalCode); Assert.IsNotNullOrEmpty(response.Address.Locality); Assert.IsNotNullOrEmpty(response.Address.Country); Assert.IsNotNullOrEmpty(response.PhoneNumber); }
public OIDCUserInfoResponseMessage GetUserInfo(List <MessageScope> scope, string state, string accessToken, string idTokenSub = null, bool bearer = true, string ClientSecret = null, List <OIDCKey> RPKeys = null) { OIDCUserInfoRequestMessage userInfoRequestMessage = new OIDCUserInfoRequestMessage(); userInfoRequestMessage.Scope = scope; userInfoRequestMessage.State = state; OpenIdRelyingParty rp = new OpenIdRelyingParty(); var urlInfoUrl = providerMetadata.UserinfoEndpoint; return(rp.GetUserInfo(urlInfoUrl, userInfoRequestMessage, accessToken, idTokenSub, bearer, ClientSecret, RPKeys)); }
public OIDCUserInfoResponseMessage GetUserInfo(string url, OIDCUserInfoRequestMessage userInfoRequestMessage, string accessToken) { WebRequest request = WebRequest.Create(url); request.Headers.Add("Authorization", "Bearer " + accessToken); Dictionary <string, object> returnedJson = PostUrlContent(request, userInfoRequestMessage); if (returnedJson.Keys.Contains("error")) { OIDCResponseError error = new OIDCResponseError(); error.deserializeFromDynamic(returnedJson); throw new OIDCException("Error while asking for user info: " + error.Error + "\n" + error.ErrorDescription); } OIDCUserInfoResponseMessage userInfoResponse = new OIDCUserInfoResponseMessage(); userInfoResponse.deserializeFromDynamic(returnedJson); return(userInfoResponse); }
public void Should_Use_Distributed_Claims() { rpid = "rp-claims-distributed"; claims = "distributed"; // given OpenIdRelyingParty rp = new OpenIdRelyingParty(); string hostname = GetBaseUrl("/"); providerMetadata = rp.ObtainProviderInformation(hostname); OIDCAuthCodeResponseMessage authResponse = GetAuthResponse(ResponseType.Code, null, true) as OIDCAuthCodeResponseMessage; OIDCTokenResponseMessage tokenResponse = GetToken(authResponse); OIDCUserInfoRequestMessage userInfoRequestMessage = new OIDCUserInfoRequestMessage(); // when OIDCUserInfoResponseMessage userInfoResponse = GetUserInfo(authResponse.Scope, authResponse.State, tokenResponse.AccessToken); // then Assert.NotNull(userInfoResponse); Assert.AreEqual(userInfoResponse.CustomClaims["age"], 30); }
private OIDCUserInfoResponseMessage GetUserInfo(OIDCAuthCodeResponseMessage authResponse, IOptions options, HttpSessionState session, string accessToken) { OpenIDProviderData providerData = options.OpenIDProviders[session["op"] as string]; OpenIdRelyingParty rp = new OpenIdRelyingParty(); OIDClaims requestClaims = new OIDClaims(); requestClaims.IdToken = new Dictionary <string, OIDClaimData>(); requestClaims.IdToken.Add("name", new OIDClaimData()); requestClaims.IdToken.Add("family_name", new OIDClaimData()); requestClaims.IdToken.Add("given_name", new OIDClaimData()); requestClaims.IdToken.Add("email", new OIDClaimData()); requestClaims.IdToken.Add("gender", new OIDClaimData()); OIDCUserInfoRequestMessage userInfoRequestMessage = new OIDCUserInfoRequestMessage(); userInfoRequestMessage.Scope = authResponse.Scope; userInfoRequestMessage.State = authResponse.State; userInfoRequestMessage.Claims = requestClaims; var urlInfoUrl = providerData.ProviderMatadata.UserinfoEndpoint; return(rp.GetUserInfo(urlInfoUrl, userInfoRequestMessage, accessToken)); }