public static Line GetUserInfoLine(string token, string token_id) { try { WebClient wc = new WebClient(); wc.Encoding = System.Text.Encoding.UTF8; wc.Headers.Clear(); wc.Headers.Add("Authorization", "Bearer " + token); //get string JSON = wc.DownloadString("https://api.line.me/v2/profile"); var JwtSecurityToken = new System.IdentityModel.Tokens.JwtSecurityToken(token_id); var email = ""; //如果有email if (JwtSecurityToken.Claims.ToList().Find(c => c.Type == "email") != null) { email = JwtSecurityToken.Claims.First(c => c.Type == "email").Value; } //parsing JSON var Result = Newtonsoft.Json.JsonConvert.DeserializeObject <Line>(JSON); Result.email = email; return(Result); } catch (WebException ex) { using (var reader = new System.IO.StreamReader(ex.Response.GetResponseStream())) { var responseText = reader.ReadToEnd(); throw new Exception("GetUserInfo: " + responseText, ex); } } }
public string Protect(AuthenticationTicket data) { if (data == null) { throw new ArgumentNullException("data"); } string audienceId = ConfigurationManager.AppSettings["audienceId"]; string symmetricKeyAsBase64 = ConfigurationManager.AppSettings["audienceSecret"]; var keyByteArray = TextEncodings.Base64Url.Decode(symmetricKeyAsBase64); var signingKey = new HmacSigningCredentials(keyByteArray); var issued = data.Properties.IssuedUtc; var expires = data.Properties.ExpiresUtc; var token = new System.IdentityModel.Tokens.JwtSecurityToken(_issuer, audienceId, data.Identity.Claims, issued.Value.UtcDateTime, expires.Value.UtcDateTime, signingKey); var handler = new System.IdentityModel.Tokens.JwtSecurityTokenHandler(); var jwt = handler.WriteToken(token); return(jwt); }
public virtual ActionResult OAuth2callback(string state, string code) { if (state != "foobar") { return(RedirectToAction(Actions.LogOn())); } string responseContent = ""; try { var post = string.Format("code={0}&client_id={1}&client_secret={2}&redirect_uri={3}&grant_type={4}" , HttpUtility.UrlEncode(code) , HttpUtility.UrlEncode(google_clientid) , HttpUtility.UrlEncode(google_clientsecret) , HttpUtility.UrlEncode(Google_RedirectUri) , HttpUtility.UrlEncode("authorization_code")); var request = (HttpWebRequest)HttpWebRequest.Create("https://accounts.google.com/o/oauth2/token"); request.Method = "POST"; request.AllowAutoRedirect = false; request.ContentType = "application/x-www-form-urlencoded"; using (var stOut = new StreamWriter(request.GetRequestStream(), System.Text.Encoding.ASCII)) { stOut.Write(post); stOut.Close(); } var httpResponse = (HttpWebResponse)request.GetResponse(); using (var resStream = new StreamReader(httpResponse.GetResponseStream(), Encoding.ASCII)) { responseContent = resStream.ReadToEnd(); } } catch (Exception e) { return(Content("There was a problem with your request (" + e.Message + "). Please go back and try again.")); } var reply = JsonConvert.DeserializeObject <dynamic>(responseContent); var id_token = reply["id_token"]; var token = new System.IdentityModel.Tokens.JwtSecurityToken(id_token.Value); var emailAddress = token.Claims.FirstOrDefault(x => x.Type == "email").Value; var username = CleanUpUsername(emailAddress); var user = this.Repository.GetUserByUsername(username); if (user == null || user.Disabled) { ViewBag.EmailAddress = emailAddress; return(View("NotAUser")); } FormsAuthentication.SetAuthCookie(user.Username, false); return(Redirect("~")); }
internal static SPOnlineConnection InstantiateGraphAccessTokenConnection(string accessToken) { #if NETSTANDARD2_0 var jwtToken = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(accessToken); #else var jwtToken = new System.IdentityModel.Tokens.JwtSecurityToken(accessToken); #endif var tokenResult = new TokenResult(); tokenResult.AccessToken = accessToken; tokenResult.ExpiresOn = jwtToken.ValidTo; var spoConnection = new SPOnlineConnection(tokenResult, ConnectionMethod.AccessToken, ConnectionType.O365, 0, 0, 0, PnPPSVersionTag); spoConnection.ConnectionMethod = ConnectionMethod.GraphDeviceLogin; return(spoConnection); }
// // The Client ID is used by the application to uniquely identify itself to Azure AD. // The App Key is a credential used to authenticate the application to Azure AD. Azure AD supports password and certificate credentials. // The Metadata Address is used by the application to retrieve the signing keys used by Azure AD. // The AAD Instance is the instance of Azure, for example public Azure or Azure China. // The Authority is the sign-in URL of the tenant. // The Post Logout Redirect Uri is the URL where the user will be redirected after they sign out. // // This is the resource ID of the AAD Graph API. We'll need this to request a token to call the Graph API. public void ConfigureAuth(IAppBuilder app) { app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions()); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = MediaLibraryWebApp.Configuration.ClientId, Authority = MediaLibraryWebApp.Configuration.Authority, PostLogoutRedirectUri = MediaLibraryWebApp.Configuration.PostLogoutRedirectUri, Notifications = new OpenIdConnectAuthenticationNotifications() { // // If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away. // AuthorizationCodeReceived = (context) => { var code = context.Code; System.IdentityModel.Tokens.JwtSecurityToken jwtToken = context.JwtSecurityToken; string userObjectID = context.AuthenticationTicket.Identity.FindFirst(MediaLibraryWebApp.Configuration.ClaimsObjectidentifier).Value; Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential credential = new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential(MediaLibraryWebApp.Configuration.ClientId, MediaLibraryWebApp.Configuration.AppKey); NaiveSessionCache cache = new NaiveSessionCache(userObjectID); AuthenticationContext authContext = new AuthenticationContext(MediaLibraryWebApp.Configuration.Authority, cache); //Getting a token to connect with GraphApi later on userProfile page AuthenticationResult graphAPiresult = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, MediaLibraryWebApp.Configuration.GraphResourceId); //Getting a access token which can be used to configure auth restrictions for multiple tentants since audience will be same for each web app requesting this token AuthenticationResult kdAPiresult = authContext.AcquireTokenByAuthorizationCode(code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, MediaLibraryWebApp.Configuration.KdResourceId); string kdAccessToken = kdAPiresult.AccessToken; //Initializing MediaServicesCredentials in order to obtain access token to be used to connect var amsCredentials = new MediaServicesCredentials(MediaLibraryWebApp.Configuration.MediaAccount, MediaLibraryWebApp.Configuration.MediaKey); //Forces to get access token amsCredentials.RefreshToken(); //Adding token to a claim so it can be accessible within controller context.AuthenticationTicket.Identity.AddClaim(new Claim(MediaLibraryWebApp.Configuration.ClaimsSignInJwtToken, jwtToken.RawData)); //Adding media services access token as claim so it can be accessible within controller context.AuthenticationTicket.Identity.AddClaim(new Claim(MediaLibraryWebApp.Configuration.ClaimsAmsAcessToken, amsCredentials.AccessToken)); return(Task.FromResult(0)); } } }); }
public static AuthResult FromADALAuthenticationResult(Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationResult authResult, Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache tokenCache) { var TokenClaim = new System.IdentityModel.Tokens.JwtSecurityToken(authResult.IdToken); var alias = TokenClaim.Claims.FirstOrDefault(m => m.Type == "upn").Value; var result = new AuthResult { AccessToken = authResult.AccessToken, IdToken = authResult.IdToken, UserName = $"{authResult.UserInfo.GivenName} {authResult.UserInfo.FamilyName}", UserUniqueId = authResult.UserInfo.UniqueId, ExpiresOnUtcTicks = authResult.ExpiresOn.UtcTicks, TokenCache = tokenCache.Serialize(), Alias = alias }; return result; }
public static AuthResult FromMSALAuthenticationResult(Microsoft.Identity.Client.AuthenticationResult authResult, Microsoft.Identity.Client.TokenCache tokenCache) { var TokenClaim = new System.IdentityModel.Tokens.JwtSecurityToken(authResult.IdToken); var alias = TokenClaim.Claims.FirstOrDefault(m => m.Type == "preferred_username").Value; var result = new AuthResult { AccessToken = authResult.Token, IdToken = authResult.IdToken, UserName = $"{authResult.User.Name}", UserUniqueId = authResult.User.UniqueId, ExpiresOnUtcTicks = authResult.ExpiresOn.UtcTicks, TokenCache = tokenCache.Serialize(), Alias = alias }; return result; }
private static void VerifyTokenContent(AuthenticationResultProxy result) { // Verify the token content confirms the user in AuthenticationResult.UserInfo var token = new System.IdentityModel.Tokens.JwtSecurityToken(result.AccessToken); foreach (var claim in token.Claims) { if (claim.Type == "oid") { Verify.AreEqual(result.UserInfo.UniqueId, claim.Value); } if (claim.Type == "upn") { Verify.AreEqual(result.UserInfo.DisplayableId, claim.Value); } } }
public void ConfigureAuth(IAppBuilder app) { ApplicationDbContext db = new ApplicationDbContext(); app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType); app.UseCookieAuthentication(new CookieAuthenticationOptions()); app.UseOpenIdConnectAuthentication( new OpenIdConnectAuthenticationOptions { ClientId = clientId, Authority = Authority, PostLogoutRedirectUri = postLogoutRedirectUri, Notifications = new OpenIdConnectAuthenticationNotifications() { // If there is a code in the OpenID Connect response, redeem it for an access token and refresh token, and store those away. AuthorizationCodeReceived = (context) => { var code = context.Code; ClientCredential credential = new ClientCredential(clientId, appKey); string signedInUserID = context.AuthenticationTicket.Identity.FindFirst(ClaimTypes.NameIdentifier).Value; AuthenticationContext authContext = new AuthenticationContext(Authority, new ADALTokenCache(signedInUserID)); AuthenticationResult result = authContext.AcquireTokenByAuthorizationCode( code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, graphResourceId); // added by [email protected] to the original template // Getting KeyDelivery Access Token AuthenticationResult kdAPiresult = authContext.AcquireTokenByAuthorizationCode( code, new Uri(HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path)), credential, kdResourceId); string kdAccessToken = kdAPiresult.AccessToken; System.IdentityModel.Tokens.JwtSecurityToken kdAccessJwtToken = new System.IdentityModel.Tokens.JwtSecurityToken(kdAccessToken); //context.AuthenticationTicket.Identity.AddClaim( // new System.Security.Claims.Claim("KdAccessJwtSecurityTokenClaim", kdAccessJwtToken.RawData)); // added by [email protected] to the original template return Task.FromResult(0); } } }); }
protected override void LoadUserAuthInfo(AuthUserSession userSession, IAuthTokens tokens, Dictionary <string, string> authInfo) { var idAuthTokens = tokens as IdentityServerAuthTokens; if (!string.IsNullOrWhiteSpace(idAuthTokens?.IdToken)) { #if NETSTANDARD1_6 var jwtToken = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(idAuthTokens.IdToken); #elif NET45 var jwtToken = new System.IdentityModel.Tokens.JwtSecurityToken(idAuthTokens.IdToken); #endif idAuthTokens.Issuer = jwtToken.Issuer; idAuthTokens.Subject = jwtToken.Subject; foreach (var claim in jwtToken.Claims) { switch (claim.Type) { case JwtClaimTypes.Expiration: idAuthTokens.Expiration = claim.Value; break; case JwtClaimTypes.Audience: idAuthTokens.Audience = claim.Value; break; case JwtClaimTypes.IssuedAt: idAuthTokens.IssuedAt = claim.Value; break; case JwtClaimTypes.AuthenticationTime: idAuthTokens.AuthenticationTime = claim.Value; break; case JwtClaimTypes.Nonce: idAuthTokens.Nonce = claim.Value; break; } } } base.LoadUserAuthInfo(userSession, tokens, authInfo); }
public static string MakeToken(string secret, string user) { var securityKey = new System.IdentityModel.Tokens.InMemorySymmetricSecurityKey(Encoding.Default.GetBytes(secret)); System.IdentityModel.Tokens.SigningCredentials signingCredentials = new System.IdentityModel.Tokens.SigningCredentials( securityKey, "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256", "http://www.w3.org/2001/04/xmlenc#sha256"); byte[] randomNonce = new Byte[32]; RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(); rng.GetBytes(randomNonce); List <Claim> claims = new List <Claim>() { new Claim("user", user), new Claim("nonce", Convert.ToBase64String(randomNonce)), }; var jwtSecurityToken = new System.IdentityModel.Tokens.JwtSecurityToken( issuer, audience, claims, DateTime.Now, DateTime.Now.AddHours(1), signingCredentials ); var handler = new System.IdentityModel.Tokens.JwtSecurityTokenHandler(); string tokenString = handler.WriteToken(jwtSecurityToken); return(tokenString); }
public static void ValidateToken(string tokenString, string secret) { var securityKey = new System.IdentityModel.Tokens.InMemorySymmetricSecurityKey(Encoding.Default.GetBytes(secret)); var jwt = new System.IdentityModel.Tokens.JwtSecurityToken(tokenString); var tokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters() { ValidAudiences = new string[] { audience }, ValidIssuers = new string[] { issuer }, IssuerSigningKey = securityKey }; System.IdentityModel.Tokens.SecurityToken validatedToken; var handler = new System.IdentityModel.Tokens.JwtSecurityTokenHandler(); handler.ValidateToken(tokenString, tokenValidationParameters, out validatedToken); }
public override void JwtLogin() { JwtToken = new System.IdentityModel.Tokens.JwtSecurityToken("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"); }
public ActionResult Route() { string userName = Request["userName"]; string passWord = Request["passWord"]; string authnlogin_but = Request["authnlogin_but"]; string oidclogin_but = Request["oidclogin_but"]; string oidc_but = Request["oidc_but"]; string location = Request["location"]; string myStatus = null; string myStateToken; string mySessionToken; string myRelayState = null; string myOktaId = null; AuthResponse userAuthClientRsp; // set relayState //string relayState = Request["relayState"]; //if (string.IsNullOrEmpty(relayState) && Request.QueryString["RelayState"] != null) //{ // relayState = Request.QueryString["RelayState"]; //} //else if (string.IsNullOrEmpty(relayState) && TempData["relayState"] != null) //{ // relayState = (string)TempData["relayState"]; //} //TempData["relayState"] = relayState; if (authnlogin_but == "Authn Sign In") { OktaClient oktaClient = new OktaClient(MvcApplication.apiToken, MvcApplication.apiUrl); try { var usersClient = oktaClient.GetUsersClient(); var authClient = oktaClient.GetAuthClient(); userAuthClientRsp = authClient.Authenticate(username: userName, password: passWord, relayState: myRelayState); logger.Debug("thisAuth status " + userAuthClientRsp.Status); myStatus = userAuthClientRsp.Status; myStateToken = userAuthClientRsp.StateToken; mySessionToken = userAuthClientRsp.SessionToken; if (userAuthClientRsp.Embedded.User != null) { myOktaId = userAuthClientRsp.Embedded.User.Id; } } catch (OktaException ex) { if (ex.ErrorCode == "E0000004") { logger.Debug("Invalid Credentials for User: "******"errMessage"] = "Invalid Credentials for User: "******"E0000085") { logger.Debug("Access Denied by Polciy for User: "******"errMessage"] = "Access Denied by Polciy for User: "******"errMessage"] = appSettings["aicpa.DeniedNoteText"]; } else { logger.Error(userName + " = " + ex.ErrorCode + ":" + ex.ErrorSummary); // generic failure TempData["errMessage"] = "Sign in process failed!"; } TempData["userName"] = userName; return(RedirectToAction("Login")); } switch (myStatus) { case "PASSWORD_WARN": //password about to expire logger.Debug("PASSWORD_WARN "); //no action required break; case "PASSWORD_EXPIRED": //password has expired logger.Debug("PASSWORD_EXPIRED "); break; case "RECOVERY": //user has requested a recovery token logger.Debug("RECOVERY "); //find which recovery mode sms, email is being used //POST to next link break; case "RECOVERY_CHALLENGE": //user must verify factor specific recovery challenge logger.Debug("RECOVERY_CHALLENGE "); //verify the recovery factor //POST to verify link break; case "PASSWORD_RESET": //user satified recovery and must now set password logger.Debug("PASSWORD_RESET "); //reset users password //POST to next link break; case "LOCKED_OUT": //user account is locked, unlock required logger.Debug("LOCKED_OUT "); break; case "MFA_ENROLL": //user must select and enroll an available factor logger.Debug("MFA_ENROLL "); break; case "MFA_ENROLL_ACTIVATE": //user must activate the factor to complete enrollment logger.Debug("MFA_ENROLL_ACTIVATE "); //user must activate the factor //POST to next link break; case "MFA_REQUIRED": //user must provide second factor with previously enrolled factor logger.Debug("MFA_REQUIRED "); break; case "MFA_CHALLENGE": //use must verify factor specifc challenge logger.Debug("MFA_CHALLENGE "); break; case "SUCCESS": //authentication is complete logger.Debug("SUCCESS"); TempData["errMessage"] = "Authn Login Successful "; TempData["oktaOrg"] = MvcApplication.apiUrl; //TempData["token"] = MvcApplication.apiToken; string landingPage = null; landingPage = location + "/AltLanding/UnprotectedLanding"; //if (string.IsNullOrEmpty(relayState)) //{ // landingPage = location + "/AltLanding/UnprotectedLanding"; //} //else //{ // landingPage = relayState; //} //option 1 //string redirectUrl = oktaSessionMgmt.SetSessionCookie(mySessionToken,landingPage); //return Redirect(redirectUrl); //option 2 - build redirectURL //System.Text.StringBuilder redirectUrl = new System.Text.StringBuilder(); //string destLink = location + "/AltLanding/UnprotectedLanding"; //redirectUrl.Append(MvcApplication.apiUrl); ////redirectUrl.Append("/login/sessionCookieRedirect?token=" + mySessionToken); //redirectUrl.Append("/login/sessionCookieRedirect?checkAccountSetupComplete=true&token=" + mySessionToken); //string encodedURL = HttpUtility.UrlEncode(destLink); //redirectUrl.Append("&redirectUrl=" + encodedURL); //return Redirect(redirectUrl.ToString()); //option 3 get session first, then set cookie Session oktaSession = new Okta.Core.Models.Session(); oktaSession = oktaSessionMgmt.CreateSession(mySessionToken); string cookieToken = oktaSession.CookieToken; logger.Debug("session Id " + oktaSession.Id + " for User " + userName); string redirectUrl = oktaSessionMgmt.SetSessionCookie(cookieToken, landingPage); return(Redirect(redirectUrl)); // break; default: logger.Debug("Status: " + myStatus); TempData["errMessage"] = "Status: " + myStatus; break; }//end of switch } if (oidc_but == "Initiate Auth OIDC") { //version using Custom Authorization Server logger.Debug("Initiate OIDC Auth Code without Session"); Random random = new Random(); string stateCode = random.Next(99999, 1000000).ToString(); string oauthUrl = appSettings["oidc.AuthServer"] + "/v1/authorize?response_type=code&response_mode=query&client_id=" + appSettings["oidc.spintweb.clientId"] + "&scope=" + appSettings["oidc.scopes"] + "&state=" + stateCode + "&nonce=CWBb0zHdZ92WqBLkyIuExu&redirect_uri=" + appSettings["oidc.spintweb.RedirectUri"]; return(Redirect(oauthUrl)); } if (oidc_but == "Initiate Implicit OIDC") { //version using Custom Authorization Server logger.Debug("Initiate OIDC Implicit without Session"); Random random = new Random(); string stateCode = random.Next(99999, 1000000).ToString(); //string stateCode = "myStateInfo"; string oauthUrl = appSettings["oidc.AuthServer"] + "/v1/authorize?response_type=id_token token&response_mode=form_post&client_id=" + appSettings["oidc.spintnative.clientId"] + "&scope=" + appSettings["oidc.scopes"] + "&state=" + stateCode + "&nonce=CWBb0zHdZ92WqBLkyIuExu&redirect_uri=" + appSettings["oidc.spintnative.RedirectUri"]; //string oauthUrl = appSettings["oidc.AuthServer"] + "/v1/authorize?response_type=id_token token&response_mode=form_post&client_id=6788997876556&scope=" + appSettings["oidc.scopes"] + "&state=" + stateCode + "&nonce=CWBb0zHdZ92WqBLkyIuExu&redirect_uri=" + appSettings["oidc.spintnative.RedirectUri"]; return(Redirect(oauthUrl)); } if (oidc_but == "Initiate ResourceOwner OIDC") { string error = null; string error_description = null; string token_type = null; string scope = null; string id_token_status = null; string idToken = null; string access_token_status = null; string accessToken = null; string refresh_token_status = null; string refreshToken = null; string jsonPayload = null; IRestResponse <TokenRequestResponse> response = null; OidcIdTokenMin oidcIdToken = new OidcIdTokenMin(); OidcAccessToken oidcAccessToken = new OidcAccessToken(); string basicAuth = appSettings["oidc.spintnative.clientId"] + ":" + appSettings["oidc.spintnative.clientSecret"]; var bytesBasicAuth = System.Text.Encoding.UTF8.GetBytes(basicAuth); string encodedBasicAuth = System.Convert.ToBase64String(bytesBasicAuth); try { var client = new RestClient(appSettings["oidc.AuthServer"] + "/v1/token"); //var client = new RestClient(MvcApplication.apiUrl + "/oauth2/aus90h4gyj2Hc8QOy0h7/v1/token"); var request = new RestRequest(Method.POST); request.AddHeader("Accept", "application/json"); request.AddHeader("Content-Type", "application/x-www-form-urlencoded"); request.AddHeader("Authorization", " Basic " + encodedBasicAuth); request.AddQueryParameter("grant_type", "password"); request.AddQueryParameter("username", userName); request.AddQueryParameter("password", passWord); request.AddQueryParameter("scope", appSettings["oidc.scopes"]); request.AddQueryParameter("redirect_uri", appSettings["oidc.spintnative.RedirectUri"]); response = client.Execute <TokenRequestResponse>(request); error = response.Data.error; error_description = response.Data.error_description; token_type = response.Data.token_type; scope = response.Data.scope; if (response.Data.id_token != null) { idToken = response.Data.id_token; id_token_status = "id_token present"; TempData["idToken"] = response.Data.id_token; string clientId = appSettings["oidc.spintnative.clientId"]; string issuer = appSettings["oidc.Issuer"]; string audience = appSettings["oidc.spintnative.clientId"]; jsonPayload = oktaOidcHelper.DecodeAndValidateIdToken(idToken, clientId, issuer, audience); if (jsonPayload.Contains("Failure")) { TempData["errMessage"] = "Invalid ID Token!"; } else { // TempData["errMessage"] = jsonPayload; System.IdentityModel.Tokens.JwtSecurityToken tokenReceived = new System.IdentityModel.Tokens.JwtSecurityToken(idToken); oidcIdToken = Newtonsoft.Json.JsonConvert.DeserializeObject <OidcIdTokenMin>(jsonPayload); } } else { id_token_status = "id_token NOT present"; } if (response.Data.access_token != null) { accessToken = response.Data.access_token; access_token_status = "access_token present"; TempData["accessToken"] = response.Data.access_token; System.IdentityModel.Tokens.JwtSecurityToken tokenReceived2 = new System.IdentityModel.Tokens.JwtSecurityToken(accessToken); } else { access_token_status = "access_token NOT present"; } if (response.Data.refresh_token != null) { refreshToken = response.Data.refresh_token; refresh_token_status = "refresh_token present"; } else { refresh_token_status = "refresh_token NOT present"; } } catch (Exception ex) { logger.Error(ex.ToString()); } if (accessToken != null || idToken != null) { TempData["errMessage"] = "OIDC_Get Oauth Resource Owner SUCCESS token_type = " + token_type + " scope = " + scope + " : " + id_token_status + " : " + access_token_status + " oktaId = " + oidcIdToken.sub; TempData["oktaOrg"] = MvcApplication.apiUrl; //TempData["token"] = MvcApplication.apiToken; return(View("../AltLanding/ResOwnerLanding", oidcIdToken)); } else { TempData["errMessage"] = "OIDC_Get Oauth Resource Owner error " + error_description; TempData["oktaOrg"] = MvcApplication.apiUrl; //TempData["token"] = MvcApplication.apiToken; return(View("../AltLanding/UnprotectedLanding")); } }// end handle resource owner workflow if (oidc_but == "Client Credential Flow") { //this is available with Custom Authorization Server logger.Debug("Client Credential Flow"); string error = null; string error_description = null; string token_type = null; string scope = null; string access_token_status = null; string accessToken = null; string id_token_status = null; string idToken = null; System.IdentityModel.Tokens.JwtSecurityToken tokenReceived2 = null; System.IdentityModel.Tokens.JwtSecurityToken tokenReceived3 = null; string expires = null; IRestResponse <TokenRequestResponse> response = null; OidcIdToken oidcIdToken = new OidcIdToken(); OidcAccessToken oidcAccessToken = new OidcAccessToken(); string basicAuth = appSettings["oidc.clientcredservice.clientId"] + ":" + appSettings["oidc.clientcredservice.clientSecret"]; var bytesBasicAuth = System.Text.Encoding.UTF8.GetBytes(basicAuth); string encodedBasicAuth = System.Convert.ToBase64String(bytesBasicAuth); var client = new RestClient(appSettings["oidc.AuthServer"] + "/v1/token"); var request = new RestRequest(Method.POST); // request.AddHeader("cache-control", "no-cache"); request.AddHeader("Accept", "application/json"); request.AddHeader("Content-Type", "application/x-www-form-urlencoded"); request.AddHeader("Authorization", " Basic " + encodedBasicAuth); request.AddQueryParameter("grant_type", "client_credentials"); request.AddQueryParameter("scope", "clientCred_scope"); response = client.Execute <TokenRequestResponse>(request); //error = response.Data.error; //error_description = response.Data.error_description; token_type = response.Data.token_type; scope = response.Data.scope; expires = response.Data.expires_in; if (response.Data.access_token != null) { accessToken = response.Data.access_token; access_token_status = "access_token present"; TempData["accessToken"] = response.Data.access_token; tokenReceived2 = new System.IdentityModel.Tokens.JwtSecurityToken(accessToken); } else { access_token_status = "access_token NOT present"; } if (response.Data.id_token != null) { idToken = response.Data.id_token; id_token_status = "id_token present"; TempData["idToken"] = response.Data.id_token; tokenReceived3 = new System.IdentityModel.Tokens.JwtSecurityToken(idToken); } else { id_token_status = "id_token NOT present"; } if (accessToken != null) { TempData["errMessage"] = "Oauth Client Credentials SUCCESS token_type = " + token_type + " expires " + expires + " scope = " + scope + " : " + access_token_status; TempData["oktaOrg"] = MvcApplication.apiUrl; //TempData["token"] = MvcApplication.apiToken; //GetInfoResponse getInfoResponse = new GetInfoResponse(); return(View("../AltLanding/ClientCredLanding")); } else { TempData["errMessage"] = "Oauth Client Credentials Error token_type = " + token_type + " expires " + expires + " scope = " + scope + " : " + access_token_status; TempData["oktaOrg"] = MvcApplication.apiUrl; //TempData["token"] = MvcApplication.apiToken; return(View("../AltLanding/UnprotectedLanding")); } } TempData["userName"] = userName; TempData["passWord"] = passWord; //return View("Login"); return(RedirectToAction("UnprotectedLanding", "AltLanding")); }
public virtual ActionResult OAuth2callback(string state, string code) { if (state != "foobar") { return RedirectToAction(Actions.LogOn()); } string responseContent = ""; try { var post = string.Format("code={0}&client_id={1}&client_secret={2}&redirect_uri={3}&grant_type={4}" , HttpUtility.UrlEncode(code) , HttpUtility.UrlEncode(google_clientid) , HttpUtility.UrlEncode(google_clientsecret) , HttpUtility.UrlEncode(Google_RedirectUri) , HttpUtility.UrlEncode("authorization_code")); var request = (HttpWebRequest)HttpWebRequest.Create("https://accounts.google.com/o/oauth2/token"); request.Method = "POST"; request.AllowAutoRedirect = false; request.ContentType = "application/x-www-form-urlencoded"; using (var stOut = new StreamWriter(request.GetRequestStream(), System.Text.Encoding.ASCII)) { stOut.Write(post); stOut.Close(); } var httpResponse = (HttpWebResponse)request.GetResponse(); using (var resStream = new StreamReader(httpResponse.GetResponseStream(), Encoding.ASCII)) { responseContent = resStream.ReadToEnd(); } } catch (Exception e) { return Content("There was a problem with your request (" + e.Message + "). Please go back and try again."); } var reply = JsonConvert.DeserializeObject<dynamic>(responseContent); var id_token = reply["id_token"]; var token = new System.IdentityModel.Tokens.JwtSecurityToken(id_token.Value); var emailAddress = token.Claims.FirstOrDefault(x => x.Type == "email").Value; var username = CleanUpUsername(emailAddress); var user = this.Repository.GetUserByUsername(username); if (user == null || user.Disabled) { ViewBag.EmailAddress = emailAddress; return View("NotAUser"); } FormsAuthentication.SetAuthCookie(user.Username, false); return Redirect("~"); }