protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
using (SAEONLogs.MethodCall(GetType()))
{
try
{
SAEONLogs.Debug("IntrospectionUrl: {IntrospectionUrl}", Options.IntrospectionUrl);
var token = Request.GetBearerToken();
if (string.IsNullOrWhiteSpace(token))
{
SAEONLogs.Error("ODPAuthorization Failed, no token");
return(AuthenticateResult.Fail("No token"));
}
SAEONLogs.Debug("Token: {Token}", token);
// Validate token
using (var client = new HttpClient())
{
client.SetBearerToken(token);
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue(MediaTypeNames.Application.Json));
using (var formContent = new FormUrlEncodedContent(new[] { new KeyValuePair <string, string>("token", token) }))
{
var response = await client.PostAsync(new Uri(Options.IntrospectionUrl), formContent).ConfigureAwait(false);
if (!response.IsSuccessStatusCode)
{
SAEONLogs.Error("HttpError: {StatusCode} {Reason}", response.StatusCode, response.ReasonPhrase);
SAEONLogs.Error("Response: {Response}", await response.Content.ReadAsStringAsync().ConfigureAwait(false));
}
response.EnsureSuccessStatusCode();
var json = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
SAEONLogs.Information("Response: {Response}", json);
var jObj = JObject.Parse(json);
var isActive = jObj.Value <bool>("active");
if (!isActive)
{
SAEONLogs.Error("ODPAuthorization, invalid token {Token}", token);
return(AuthenticateResult.Fail("Invalid token"));
}
if (jObj["ext"] is null)
{ // Access token
var clientId = jObj.Value <string>("client_id");
var claims = new List <Claim> {
new Claim(ODPAuthenticationDefaults.ClientIdClaim, clientId),
new Claim(ODPAuthenticationDefaults.AccessTokenClaim, token)
};
var identity = new ClaimsIdentity(claims, ODPAuthenticationDefaults.AuthenticationScheme);
var principal = new ClaimsPrincipal(identity);
var ticket = new AuthenticationTicket(principal, ODPAuthenticationDefaults.AuthenticationScheme);
SAEONLogs.Debug("ODPAuthentication access token succeeded Claims: {@Claims}", claims.ToClaimsList());
return(AuthenticateResult.Success(ticket));
}
else
{
var clientId = jObj.Value <string>("client_id");
var userId = jObj["ext"].Value <string>("user_id");
var userEmail = jObj["ext"].Value <string>("email");
var userRoles = from r in jObj["ext"]["access_rights"] select(string) r["role_name"];
SAEONLogs.Debug("User Id: {Id} Email: {Email}, Roles: {Role}", userId, userEmail, userRoles);
var claims = new List <Claim> {
new Claim(ODPAuthenticationDefaults.ClientIdClaim, clientId),
new Claim(ODPAuthenticationDefaults.IdTokenClaim, token),
new Claim(ClaimTypes.NameIdentifier, userId),
new Claim(ClaimTypes.Email, userId)
};
foreach (var userRole in userRoles)
{
claims.Add(new Claim(ClaimTypes.Role, userRole));
}
if (userRoles.Contains("admin") || userRoles.Contains("Admin"))
{
claims.Add(new Claim(ODPAuthenticationDefaults.AdminTokenClaim, true.ToString()));
}
var identity = new ClaimsIdentity(claims, ODPAuthenticationDefaults.AuthenticationScheme);
var principal = new ClaimsPrincipal(identity);
var ticket = new AuthenticationTicket(principal, ODPAuthenticationDefaults.AuthenticationScheme);
SAEONLogs.Debug("ODPAuthentication id token succeeded Claims: {@Claims}", claims.ToClaimsList());
return(AuthenticateResult.Success(ticket));
}
}
}
}
catch (Exception ex)
{
SAEONLogs.Exception(ex);
throw;
}
}
}
