private static async Task <TokenIntrospectionResponse> LoadClaimsForToken( string token, HttpContext context, AuthenticationScheme scheme, OAuth2IntrospectionEvents events, OAuth2IntrospectionOptions options) { var introspectionClient = await options.IntrospectionClient.Value.ConfigureAwait(false); using var request = CreateTokenIntrospectionRequest(token, context, scheme, events, options); return(await introspectionClient.IntrospectTokenAsync(request).ConfigureAwait(false)); }
private static async Task <AuthenticateResult> ReportNonSuccessAndReturn( string error, HttpContext httpContext, AuthenticationScheme scheme, OAuth2IntrospectionEvents events, OAuth2IntrospectionOptions options) { var authenticationFailedContext = new AuthenticationFailedContext(httpContext, scheme, options) { Error = error }; await events.AuthenticationFailed(authenticationFailedContext); if (authenticationFailedContext.Result != null) { return(authenticationFailedContext.Result); } return(AuthenticateResult.Fail(error)); }
private static TokenIntrospectionRequest CreateTokenIntrospectionRequest( string token, HttpContext context, AuthenticationScheme scheme, OAuth2IntrospectionEvents events, OAuth2IntrospectionOptions options) { if (options.ClientSecret == null && options.ClientAssertionExpirationTime <= DateTime.UtcNow) { lock (options.AssertionUpdateLockObj) { if (options.ClientAssertionExpirationTime <= DateTime.UtcNow) { var updateClientAssertionContext = new UpdateClientAssertionContext(context, scheme, options) { ClientAssertion = options.ClientAssertion ?? new ClientAssertion() }; events.UpdateClientAssertion(updateClientAssertionContext); options.ClientAssertion = updateClientAssertionContext.ClientAssertion; options.ClientAssertionExpirationTime = updateClientAssertionContext.ClientAssertionExpirationTime; } } } return(new TokenIntrospectionRequest { Token = token, TokenTypeHint = options.TokenTypeHint, Address = options.IntrospectionEndpoint, ClientId = options.ClientId, ClientSecret = options.ClientSecret, ClientAssertion = options.ClientAssertion ?? new ClientAssertion(), ClientCredentialStyle = options.ClientCredentialStyle, AuthorizationHeaderStyle = options.AuthorizationHeaderStyle, }); }
private static async Task <AuthenticateResult> CreateTicket( IEnumerable <Claim> claims, string token, HttpContext httpContext, AuthenticationScheme scheme, OAuth2IntrospectionEvents events, OAuth2IntrospectionOptions options) { var authenticationType = options.AuthenticationType ?? scheme.Name; var id = new ClaimsIdentity(claims, authenticationType, options.NameClaimType, options.RoleClaimType); var principal = new ClaimsPrincipal(id); var tokenValidatedContext = new TokenValidatedContext(httpContext, scheme, options) { Principal = principal, SecurityToken = token }; await events.TokenValidated(tokenValidatedContext); if (tokenValidatedContext.Result != null) { return(tokenValidatedContext.Result); } if (options.SaveToken) { tokenValidatedContext.Properties.StoreTokens(new[] { new AuthenticationToken { Name = "access_token", Value = token } }); } tokenValidatedContext.Success(); return(tokenValidatedContext.Result); }
/// <summary> /// Dafault options constructor /// </summary> public OAuth2IntrospectionOptions() { Events = new OAuth2IntrospectionEvents(); }