private ClaimsPrincipal GetPrincipal(OIDCUserInfoResponseMessage userInfoResponse, IOptions options, HttpSessionState session)
{
OpenIDProviderData providerData = options.OpenIDProviders[session["op"] as string];
string issuer = providerData.ProviderMatadata.Issuer;
List <Claim> c = new List <Claim>();
if (userInfoResponse.Name != null)
{
c.Add(new Claim(ClaimTypes.Name, userInfoResponse.Name, ClaimValueTypes.String, issuer));
}
if (userInfoResponse.FamilyName != null)
{
c.Add(new Claim(ClaimTypes.Surname, userInfoResponse.FamilyName, ClaimValueTypes.String, issuer));
}
if (userInfoResponse.GivenName != null)
{
c.Add(new Claim(ClaimTypes.GivenName, userInfoResponse.GivenName, ClaimValueTypes.String, issuer));
}
if (userInfoResponse.Email != null)
{
c.Add(new Claim(ClaimTypes.Email, userInfoResponse.Email, ClaimValueTypes.String, issuer));
}
if (userInfoResponse.Gender != null)
{
c.Add(new Claim(ClaimTypes.Gender, userInfoResponse.Gender, ClaimValueTypes.String, issuer));
}
c.Add(new Claim(ClaimTypes.Role, "User"));
ClaimsIdentity ci = new ClaimsIdentity(c, "OpenIDAuthentication", ClaimTypes.Name, ClaimTypes.Role);
ClaimsPrincipal principal = new ClaimsPrincipal(ci);
return(options.RPOptions.SystemIdentityModelIdentityConfiguration.ClaimsAuthenticationManager.Authenticate(null, principal));
}
private OIDCTokenResponseMessage GetToken(OIDCAuthCodeResponseMessage authResponse, IOptions options, HttpSessionState session, string redirectUri)
{
OpenIDProviderData providerData = options.OpenIDProviders[session["op"] as string];
OIDCTokenRequestMessage tokenRequestMessage = new OIDCTokenRequestMessage();
tokenRequestMessage.Scope = authResponse.Scope;
tokenRequestMessage.State = authResponse.State;
tokenRequestMessage.Code = authResponse.Code;
tokenRequestMessage.ClientId = providerData.ClientInformation.ClientId;
tokenRequestMessage.ClientSecret = providerData.ClientInformation.ClientSecret;
tokenRequestMessage.RedirectUri = redirectUri;
tokenRequestMessage.GrantType = "authorization_code";
OIDCTokenResponseMessage response = rp.SubmitTokenRequest(providerData.ProviderMatadata.TokenEndpoint, tokenRequestMessage, providerData.ClientInformation);
OIDCIdToken idToken = response.GetIdToken(providerData.ProviderMatadata.Keys, tokenRequestMessage.ClientSecret);
rp.ValidateIdToken(idToken, providerData.ClientInformation, providerData.ProviderMatadata.Issuer, null);
return(response);
}
private OIDCAuthorizationRequestMessage generateRequestMessage(OpenIDProviderData providerData, OpenIDUrls urls)
{
OIDCAuthorizationRequestMessage requestMessage = new OIDCAuthorizationRequestMessage();
requestMessage.ClientId = providerData.ClientInformation.ClientId;
requestMessage.Scope = new List <MessageScope>()
{
MessageScope.Openid, MessageScope.Profile
};
requestMessage.ResponseType = new List <ResponseType>()
{
ResponseType.Code
};
requestMessage.RedirectUri = urls.CodeCallbackCommand.ToString();
requestMessage.State = WebOperations.RandomString();
requestMessage.Nonce = WebOperations.RandomString();
requestMessage.Validate();
return(requestMessage);
}
private OIDCAuthorizationRequestMessage generateRequestObject(OpenIDProviderData providerData, OpenIDUrls urls, string state, string nonce)
{
OIDCAuthorizationRequestMessage requestObject = new OIDCAuthorizationRequestMessage();
requestObject.Iss = providerData.ClientInformation.ClientId;
requestObject.Aud = providerData.ProviderMatadata.Issuer;
requestObject.ClientId = providerData.ClientInformation.ClientId;
requestObject.Scope = new List <MessageScope>()
{
MessageScope.Openid, MessageScope.Profile
};
requestObject.ResponseType = new List <ResponseType>()
{
ResponseType.Code
};
requestObject.RedirectUri = urls.CodeCallbackCommand.ToString();
requestObject.State = state;
requestObject.Nonce = nonce;
requestObject.Validate();
return(requestObject);
}
private OIDCUserInfoResponseMessage GetUserInfo(OIDCAuthCodeResponseMessage authResponse, IOptions options, HttpSessionState session, string accessToken)
{
OpenIDProviderData providerData = options.OpenIDProviders[session["op"] as string];
OpenIdRelyingParty rp = new OpenIdRelyingParty();
OIDClaims requestClaims = new OIDClaims();
requestClaims.IdToken = new Dictionary <string, OIDClaimData>();
requestClaims.IdToken.Add("name", new OIDClaimData());
requestClaims.IdToken.Add("family_name", new OIDClaimData());
requestClaims.IdToken.Add("given_name", new OIDClaimData());
requestClaims.IdToken.Add("email", new OIDClaimData());
requestClaims.IdToken.Add("gender", new OIDClaimData());
OIDCUserInfoRequestMessage userInfoRequestMessage = new OIDCUserInfoRequestMessage();
userInfoRequestMessage.Scope = authResponse.Scope;
userInfoRequestMessage.State = authResponse.State;
userInfoRequestMessage.Claims = requestClaims;
var urlInfoUrl = providerData.ProviderMatadata.UserinfoEndpoint;
return(rp.GetUserInfo(urlInfoUrl, userInfoRequestMessage, accessToken));
}
