protected override void Given() { _options = new OidcMiddlewareOptions { AuthenticatedCallback = i => _identity = i, ClientId = ClientId, ClientSecret = ClientSecret, NonceCache = _nonceCache.Object, TokenClient = _tokenClient.Object, TokenEndpoint = TokenEndpoint, TokenValidator = _tokenValidator.Object, UserInfoClient = _userInfoClient.Object }; _nonceCache.Setup(c => c.GetNonceAsync(It.IsAny <IAuthenticationManager>())) .ReturnsAsync(Nonce); _tokenClient.Setup(c => c.RequestAuthorizationCodeAsync(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <string>(), It.IsAny <string>(), It.IsAny <Uri>())) .ReturnsAsync(new TokenResponse("{\"id_token\": \"" + IdentityToken + "\",\"access_token\": \"" + AccessToken + "\",\"refresh_token\": \"" + RefreshToken + "\"}")); _tokenValidator.Setup(v => v.ValidateToken(It.IsAny <OidcMiddlewareOptions>(), It.IsAny <string>(), It.IsAny <string>())); _userInfoClient.Setup(c => c.GetUserClaims(It.IsAny <OidcMiddlewareOptions>(), It.IsAny <string>())) .ReturnsAsync(new List <Claim> { new Claim("name", LoggedInName) }); _server = CreateServer(app => app.UseCodeFlowAuthentication(_options)); _state = _options.StateDataFormat.Protect(new AuthenticationProperties { RedirectUri = OriginalUrl }); _url = $"{OriginalUrl}&code={Code}&state={_state}"; }
public async Task <IEnumerable <Claim> > GetUserClaims(OidcMiddlewareOptions options, string accessToken) { var userInfoClient = new UserInfoClient(new Uri(options.UserInfoEndpoint), accessToken); var userInfo = await userInfoClient.GetAsync(); var claims = userInfo.Claims.Select(c => new Claim(c.Item1, c.Item2)).ToList(); return(claims); }
protected override void Given() { _options = new OidcMiddlewareOptions { AuthorizeEndpoint = AuthorizeEndpoint, ClientId = ClientId, NonceCache = _nonceCache.Object }; _nonceCache.Setup(c => c.SetNonceAsync(It.IsAny <IAuthenticationManager>(), It.IsAny <string>())); _server = CreateServer( app => app.UseCodeFlowAuthentication(_options), context => { context.Authentication.Challenge(AuthenticationType); return(true); }); }
public void ValidateToken(OidcMiddlewareOptions options, string token, string nonce) { var keyBytes = Encoding.UTF8.GetBytes(options.ClientSecret); Array.Resize(ref keyBytes, 64); var parameters = new TokenValidationParameters { ValidAudience = options.ClientId, ValidIssuer = options.BaseUrl, }; if (options.TokenValidationMethod == TokenValidationMethod.SigningKey) { if (options.TokenSigningCertificateLoader == null) { throw new Exception("Options does not have TokenSigningCertificateLoader, which is required for TokenValidationMethod of SigningKey."); } parameters.IssuerSigningKeyResolver = (token1, securityToken, keyIdentifier, validationParameters) => { var certificate = options.TokenSigningCertificateLoader(); return(new[] { new X509SecurityKey(certificate) }); }; } else { parameters.IssuerSigningKey = new SymmetricSecurityKey(keyBytes); } var principal = new JwtSecurityTokenHandler().ValidateToken(token, parameters, out var jwt); var nonceClaim = principal.FindAll("nonce").FirstOrDefault(); if (!string.Equals(nonceClaim.Value, nonce, StringComparison.Ordinal)) { throw new Exception($"Invalid nonce. :: {nonce} , nonceClaim :: {nonceClaim.Value}"); } }