public virtual Task Authenticated(OneIdAuthenticatedContext context)
{
return(this.OnAuthenticated(context));
}
/// <inheritdoc />
protected override async Task <AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
{
if (identity is null)
{
throw new ArgumentNullException(nameof(identity));
}
if (properties is null)
{
throw new ArgumentNullException(nameof(properties));
}
if (tokens is null)
{
throw new ArgumentNullException(nameof(tokens));
}
var contextId = ProcessIdTokenAndGetContactIdentifier(tokens, properties);
string idToken = tokens.Response.RootElement.GetString("id_token");
if (Logger.IsEnabled(LogLevel.Trace))
{
Logger.LogTrace("Access Token: {AccessToken}", tokens.AccessToken);
Logger.LogTrace("Refresh Token: {RefreshToken}", tokens.RefreshToken);
Logger.LogTrace("Token Type: {TokenType}", tokens.TokenType);
Logger.LogTrace("Expires In: {ExpiresIn}", tokens.ExpiresIn);
Logger.LogTrace("Response: {TokenResponse}", tokens.Response.RootElement);
Logger.LogTrace("ID Token: {IdToken}", idToken);
}
if (string.IsNullOrWhiteSpace(idToken))
{
throw new InvalidOperationException("No OneID ID token was returned in the OAuth token response.");
}
//if (string.IsNullOrEmpty(contextId))
//{
// throw new InvalidOperationException("An error occurred trying to obtain the context identifier from the current user's identity claims.");
//}
if (Options.ValidateTokens)
{
var validateIdContext = new OneIdValidateIdTokenContext(Context, Scheme, Options, idToken);
//await Options.Events.ValidateIdToken(validateIdContext);
}
foreach (var claim in ExtractClaimsFromToken(idToken))
{
identity.AddClaim(claim);
}
var principal = new ClaimsPrincipal(identity);
var context = new OneIdAuthenticatedContext(principal, properties, Context, Scheme, Options, Backchannel, tokens, tokens.Response.RootElement);
List <AuthenticationToken> exactTokens = context.Properties.GetTokens().ToList();
context.HttpContext.Session.SetString("original_username", principal.Identity.Name);
// Store the received tokens somewhere, if we should
// Store the received tokens somewhere, if we should
context.HttpContext.Session.SetString("access_token", context.AccessToken);
context.HttpContext.Session.SetString("refresh_token", context.RefreshToken);
//if ((Options.TokenSaveOptions & OneIdAuthenticationTokenSave.AccessToken) == OneIdAuthenticationTokenSave.AccessToken)
//{
// context.HttpContext.Session.SetString("access_token", context.AccessToken);
//}
//if ((Options.TokenSaveOptions & OneIdAuthenticationTokenSave.RefreshToken) == OneIdAuthenticationTokenSave.RefreshToken)
//{
// context.HttpContext.Session.SetString("refresh_token", context.RefreshToken);
//}
context.RunClaimActions();
await Events.CreatingTicket(context).ConfigureAwait(false);
return(new AuthenticationTicket(context.Principal, context.Properties, Scheme.Name));
}