コード例 #1
0
        internal static Task AuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
        {
            Helpers.ThrowIfConditionFailed(() => context.Code == "AAABAAAAvPM1KaPlrEqdFSBzjqfTGGBtrTYVn589oKw4lLgJ6Svz0AhPVOJr0J2-Uu_KffGlqIbYlRAyxmt-vZ7VlSVdrWvOkNhK9OaAMaSD7LDoPbBTVMEkB0MdAgBTV34l2el-s8ZI02_9PvgQaORZs7n8eGaGbcoKAoxiDn2OcKuJVplXYgrGUwU4VpRaqe6RaNzuseM7qBFbLIv4Wps8CndE6W8ccmuu6EvGC6-H4uF9EZL7gU4nEcTcvkE4Qyt8do6VhTVfM1ygRNQgmV1BCig5t_5xfhL6-xWQdy15Uzn_Df8VSsyDXe8s9cxyKlqc_AIyLFy_NEiMQFUqjZWKd_rR3A8ugug15SEEGuo1kF3jMc7dVMdE6OF9UBd-Ax5ILWT7V4clnRQb6-CXB538DlolREfE-PowXYruFBA-ARD6rwAVtuVfCSbS0Zr4ZqfNjt6x8yQdK-OkdQRZ1thiZcZlm1lyb2EquGZ8Deh2iWBoY1uNcyjzhG-L43EivxtHAp6Y8cErhbo41iacgqOycgyJWxiB5J0HHkxD0nQ2RVVuY8Ybc9sdgyfKkkK2wZ3idGaRCdZN8Q9VBhWRXPDMqHWG8t3aZRtvJ_Xd3WhjNPJC0GpepUGNNQtXiEoIECC363o1z6PZC5-E7U3l9xK06BZkcfTOnggUiSWNCrxUKS44dNqaozdYlO5E028UgAEhJ4eDtcP3PZty-0j4j5Mw0F2FmyAA",
                "context.Code is invalid.");
            eventsFired.Add(nameof(AuthorizationCodeReceived));

            // Verify all events are fired.
            if (eventsFired.Contains(nameof(RedirectToAuthenticationEndpoint)) &&
                eventsFired.Contains(nameof(MessageReceived)) &&
                eventsFired.Contains(nameof(AuthenticationValidated)) &&
                eventsFired.Contains(nameof(AuthorizationResponseRecieved)) &&
                eventsFired.Contains(nameof(AuthorizationCodeReceived)))
            {
                ((ClaimsIdentity)context.AuthenticationTicket.Principal.Identity).AddClaim(new Claim("ManageStore", "Allowed"));
            }

            return Task.FromResult(0);
        }
コード例 #2
0
        private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
        {
            // 1) Use the code to get the access and refresh token, 
            // As we are using the hybrid flow, we will get a "code" and "access_token" but not "refresh_token".
            // Using the code we can get a "refresh_token" if the client application is a server side app (like this example)
            // If the application is a SPA or a native phone app, it is not secure to use the ClientSecret 
            var tokenClient = new TokenClient(Constants.TokenEndpoint, Constants.ClientId, Constants.ClientSecret);
            var tokensResponse = tokenClient.RequestAuthorizationCodeAsync(context.Code, context.RedirectUri).Result;

            var expiration = DateTime.Now.AddSeconds(tokensResponse.ExpiresIn)
               .ToLocalTime()
               .ToString(CultureInfo.InvariantCulture);

            List<Claim> oauthClaims = new List<Claim>
            {
                new Claim("access_token", tokensResponse.AccessToken),
                new Claim("refresh_token", tokensResponse.RefreshToken),
                new Claim("expires_at", expiration)
            };
            
            // 2) Use the access token to retrieve user info claims
            // The access token is a JWT token, it can be used to secure WebApi
            var userInfoClient = new UserInfoClient(new Uri(Constants.UserInfoEndpoint), tokensResponse.AccessToken);
            var userInfo = await userInfoClient.GetAsync();
            List<Claim> userClaims = userInfo.Claims.Select(ui => new Claim(ui.Item1, ui.Item2)).ToList();

            // 3) Add claims to authentication ticket
            ClaimsIdentity identity = context.AuthenticationTicket.Principal.Identity as ClaimsIdentity;
            if (identity != null)
            {
                // Remove all protocol related claims
                var claimsToRemove = identity.Claims.ToList();
                foreach (var claim in claimsToRemove)
                {
                    identity.RemoveClaim(claim);
                }

                // Add oauth and user claims
                identity.AddClaims(oauthClaims);
                identity.AddClaims(userClaims);
            }
        }
コード例 #3
0
 public virtual Task AuthorizationCodeReceived(AuthorizationCodeReceivedContext context) => OnAuthorizationCodeReceived(context);
コード例 #4
0
 public virtual Task AuthorizationCodeReceived(AuthorizationCodeReceivedContext context) => OnAuthorizationCodeReceived(context);
        public override async Task AuthorizationCodeReceived(AuthorizationCodeReceivedContext context)
        {
            var principal = context.AuthenticationTicket.Principal;
            var surveysTokenService = context.HttpContext.RequestServices.GetService<ISurveysTokenService>();
            try
            {
                await surveysTokenService.RequestTokenAsync(
                    principal,
                    context.ProtocolMessage.Code,
                    context.AuthenticationTicket.Properties.Items[OpenIdConnectDefaults.RedirectUriForCodePropertiesKey],
                    _adOptions.WebApiResourceId)
                    .ConfigureAwait(false);
            }
            catch
            {
                // If an exception is thrown within this event, the user is never set on the OWIN middleware,
                // so there is no need to sign out.  However, the access token could have been put into the
                // cache so we need to clean it up.
                await surveysTokenService.ClearCacheAsync(principal)
                    .ConfigureAwait(false);
                throw;
            }

        }