private async Task <AuthorizationCodeRedeemedNotification> RunAuthorizationCodeRedeemedNotificationAsync(OpenIdConnectMessage message, OpenIdConnectTokenEndpointResponse tokenEndpointResponse) { Logger.LogDebug(Resources.OIDCH_0042_AuthorizationCodeRedeemed, message.Code); var authorizationCodeRedeemedNotification = new AuthorizationCodeRedeemedNotification(Context, Options) { Code = message.Code, ProtocolMessage = message, TokenEndpointResponse = tokenEndpointResponse }; await Options.Notifications.AuthorizationCodeRedeemed(authorizationCodeRedeemedNotification); if (authorizationCodeRedeemedNotification.HandledResponse) { Logger.LogVerbose(Resources.OIDCH_0043_AuthorizationCodeRedeemedNotificationHandledResponse); } else if (authorizationCodeRedeemedNotification.Skipped) { Logger.LogVerbose(Resources.OIDCH_0044_AuthorizationCodeRedeemedNotificationSkipped); } return(authorizationCodeRedeemedNotification); }
private async Task <AuthenticationTicket> HandleCodeOnlyFlow(OpenIdConnectMessage message, AuthenticationProperties properties) { AuthenticationTicket ticket = null; JwtSecurityToken jwt = null; OpenIdConnectTokenEndpointResponse tokenEndpointResponse = null; string idToken = null; var authorizationCodeReceivedNotification = await RunAuthorizationCodeReceivedNotificationAsync(message, properties, ticket, jwt); if (authorizationCodeReceivedNotification.HandledResponse) { return(authorizationCodeReceivedNotification.AuthenticationTicket); } else if (authorizationCodeReceivedNotification.Skipped) { return(null); } // Redeeming authorization code for tokens Logger.LogDebug(Resources.OIDCH_0038_Redeeming_Auth_Code, message.Code); tokenEndpointResponse = await RedeemAuthorizationCodeAsync(message.Code, authorizationCodeReceivedNotification.RedirectUri); idToken = tokenEndpointResponse.Message.IdToken; var authorizationCodeRedeemedNotification = await RunAuthorizationCodeRedeemedNotificationAsync(message, tokenEndpointResponse); if (authorizationCodeRedeemedNotification.HandledResponse) { return(authorizationCodeRedeemedNotification.AuthenticationTicket); } else if (authorizationCodeRedeemedNotification.Skipped) { return(null); } // no need to validate signature when token is received using "code flow" as per spec [http://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation]. var validationParameters = Options.TokenValidationParameters.Clone(); validationParameters.ValidateSignature = false; ticket = ValidateToken(idToken, message, properties, validationParameters, out jwt); if (Options.GetClaimsFromUserInfoEndpoint) { Logger.LogDebug(Resources.OIDCH_0040_Sending_Request_UIEndpoint); ticket = await GetUserInformationAsync(properties, tokenEndpointResponse.Message, ticket); } var securityTokenValidatedNotification = await RunSecurityTokenValidatedNotificationAsync(message, ticket); if (securityTokenValidatedNotification.HandledResponse) { return(securityTokenValidatedNotification.AuthenticationTicket); } else if (securityTokenValidatedNotification.Skipped) { return(null); } // If id_token is received using code only flow, no need to validate chash. await ValidateOpenIdConnectProtocolAsync(jwt, message, false); return(ticket); }