public OpenIDLoginResponse(OpenIDResponseType responseType, string id, string issuer, string audience, IdentityModel identity, string x509Thumbprint, string nonce, string state)
{
if (responseType == OpenIDResponseType.Code)
{
this.AccessCode = AuthTokenManager.GenerateAccessCode(id, identity);
}
else if (responseType == OpenIDResponseType.IdToken)
{
this.ID = id;
this.Issuer = issuer;
this.Subject = Guid.NewGuid().ToString();
this.Audience = audience;
this.UserID = identity.UserID;
this.UserName = identity.UserName;
this.Roles = identity.Roles;
this.KeyID = x509Thumbprint;
this.X509Thumbprint = x509Thumbprint; //same https://docs.microsoft.com/en-us/azure/active-directory/develop/id-tokens
this.Nonce = nonce;
this.State = state;
this.IssuedAtTime = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
this.NotBefore = DateTimeOffset.UtcNow.AddMinutes(-5).ToUnixTimeSeconds();
this.Expiration = DateTimeOffset.UtcNow.AddMinutes(5).ToUnixTimeSeconds();
}
else
{
throw new IdentityProviderException($"Not supported response type {responseType}");
}
}
public OpenIDIdentityConsumer(string serviceProvider, string secret, string loginUrl, string redirectUrl, string logoutUrl, string tokenUrl, string userInfoUrl, string redirectUrlPostLogout, string identityProviderCertUrl, string scope, bool requiredSignature, OpenIDResponseType responseType)
{
this.serviceProvider = serviceProvider;
this.secret = secret;
this.loginUrl = loginUrl;
this.redirectUrl = redirectUrl;
this.logoutUrl = logoutUrl;
this.tokenUrl = tokenUrl;
this.userInfoUrl = userInfoUrl;
this.redirectUrlPostLogout = redirectUrlPostLogout;
this.identityProviderCertUrl = identityProviderCertUrl;
this.scope = scope;
this.requiredSignature = requiredSignature;
this.responseType = responseType;
}
public static async Task <OpenIDIdentityConsumer> FromMetadata(string serviceProvider, string secret, string metadataUrl, string redirectUrl, string redirectUrlPostLogout, string scope, OpenIDResponseType responseType)
{
var request = WebRequest.Create(metadataUrl);
var response = await request.GetResponseAsync();
var binding = OpenIDBinding.GetBindingForResponse(response, BindingDirection.Response);
var document = new OpenIDMetadataResponse(binding);
if (!document.ScopesSupported.Contains("openid"))
{
throw new IdentityProviderException("OpenID Scope Not Supported From This Service.");
}
if (String.IsNullOrWhiteSpace(scope))
{
var sb = new StringBuilder();
sb.Append("openid");
if (document.ScopesSupported.Contains("profile"))
{
sb.Append("+profile");
}
if (document.ScopesSupported.Contains("email"))
{
sb.Append("+email");
}
if (document.ScopesSupported.Contains("offline_access"))
{
sb.Append("+offline_access");
}
scope = sb.ToString();
}
return(new OpenIDIdentityConsumer(
serviceProvider,
secret,
document.LoginUrl,
redirectUrl,
document.LogoutUrl,
document.TokenUrl,
document.UserInfoUrl,
redirectUrlPostLogout,
document.KeysUrl,
scope,
true,
responseType
));
}
