async Task IAuthenticator.AuthenticateAsync(CancellationToken cancellationToken)
{
var loginRequest = BuildLoginRequest();
var response = await session.restRequester.PostAsync <LoginResponse>(loginRequest, cancellationToken).ConfigureAwait(false);
session.ProcessLoginResponse(response);
}
/// <see cref="IAuthenticator"/>
async Task IAuthenticator.AuthenticateAsync(CancellationToken cancellationToken)
{
logger.Info("External Browser Authentication");
int localPort = GetRandomUnusedPort();
string proofKey;
string samlResponseToken;
using (var httpListener = GetHttpListener(localPort))
{
httpListener.Start();
logger.Debug("Get IdpUrl and ProofKey");
var authenticatorRestRequest = BuildAuthenticatorRestRequest(localPort);
var authenticatorRestResponse =
await session.restRequester.PostAsync <AuthenticatorResponse>(
authenticatorRestRequest,
cancellationToken
).ConfigureAwait(false);
authenticatorRestResponse.FilterFailedResponse();
var idpUrl = authenticatorRestResponse.data.ssoUrl;
proofKey = authenticatorRestResponse.data.proofKey;
logger.Debug("Open browser");
StartBrowser(idpUrl);
logger.Debug("Get the redirect SAML request");
var context = await httpListener.GetContextAsync().ConfigureAwait(false);
var request = context.Request;
samlResponseToken = ValidateAndExtractToken(request);
HttpListenerResponse response = context.Response;
try
{
using (var output = response.OutputStream)
{
await output.WriteAsync(SUCCESS_RESPONSE, 0, SUCCESS_RESPONSE.Length).ConfigureAwait(false);
}
}
catch (Exception e)
{
// Ignore the exception as it does not affect the overall authentication flow
logger.Warn("External browser response not sent out");
}
httpListener.Stop();
}
logger.Debug("Send login request");
var loginResponse = await session.restRequester.PostAsync <LoginResponse>(
BuildExternalBrowserLoginRequest(samlResponseToken, proofKey),
cancellationToken
).ConfigureAwait(false);
session.ProcessLoginResponse(loginResponse);
}
/// <see cref="IAuthenticator"/>
async Task IAuthenticator.AuthenticateAsync(CancellationToken cancellationToken)
{
logger.Info("Okta Authentication");
logger.Debug("step 1: get sso and token url");
var authenticatorRestRequest = BuildAuthenticatorRestRequest();
var authenticatorResponse = await session.restRequester.PostAsync <AuthenticatorResponse>(authenticatorRestRequest, cancellationToken);
authenticatorResponse.FilterFailedResponse();
Uri ssoUrl = new Uri(authenticatorResponse.data.ssoUrl);
Uri tokenUrl = new Uri(authenticatorResponse.data.tokenUrl);
logger.Debug("step 2: verify urls fetched from step 1");
logger.Debug("Checking sso url");
VerifyUrls(ssoUrl, oktaUrl);
logger.Debug("Checking token url");
VerifyUrls(tokenUrl, oktaUrl);
logger.Debug("step 3: get idp onetime token");
IdpTokenRestRequest idpTokenRestRequest = BuildIdpTokenRestRequest(tokenUrl);
var idpResponse = await session.restRequester.PostAsync <IdpTokenResponse>(idpTokenRestRequest, cancellationToken);
string onetimeToken = idpResponse.CookieToken;
logger.Debug("step 4: get SAML reponse from sso");
var samlRestRequest = BuildSAMLRestRequest(ssoUrl, onetimeToken);
var samlRawResponse = await session.restRequester.GetAsync(samlRestRequest, cancellationToken);
var samlRawHtmlString = await samlRawResponse.Content.ReadAsStringAsync();
logger.Debug("step 5: verify postback url in SAML reponse");
VerifyPostbackUrl(samlRawHtmlString);
logger.Debug("step 6: send SAML reponse to snowflake to login");
var loginRestRequest = BuildOktaLoginRestRequest(samlRawHtmlString);
var authnResponse = await session.restRequester.PostAsync <LoginResponse>(loginRestRequest, cancellationToken);
session.ProcessLoginResponse(authnResponse);
}
