public OAuth2AccessToken ShowDialog(OAuth2Credential credential)
{
if (credential == null)
{
throw new ArgumentNullException("settings");
}
m_credential = credential;
m_client = new OAuth2Client();
var url = new UriBuilder(m_credential.AuthorityUrl);
url.Path += m_credential.AuthorizationEndpoint;
url.Query = String.Format("response_type=code&client_id={0}&redirect_uri={1}", Uri.EscapeUriString(m_credential.ClientId), Uri.EscapeUriString(m_credential.RedirectUrl));
Browser.Navigate(url.ToString());
if (ShowDialog() != DialogResult.OK)
{
return(null);
}
return(m_token);
}
public static async Task <UserIdentity> GetIdentityToken(ApplicationConfiguration configuration, string endpointUrl)
{
// get an endpoint to use.
var endpoint = ClientUtils.SelectEndpoint(endpointUrl, true);
// find user token policy that supports JWTs.
JwtEndpointParameters parameters = null;
foreach (var policy in endpoint.UserIdentityTokens)
{
if (policy.IssuedTokenType == "http://opcfoundation.org/UA/UserTokenPolicy#JWT")
{
parameters = new JwtEndpointParameters();
parameters.FromJson(policy.IssuerEndpointUrl);
break;
}
}
if (parameters == null)
{
throw new ServiceResultException(StatusCodes.BadConfigurationError, "No JWT UserTokenPolicy specified for the selected GDS.");
}
// set the default resource.
if (String.IsNullOrEmpty(parameters.ResourceId))
{
parameters.ResourceId = endpoint.Server.ApplicationUri;
}
// get the authorization server that the GDS actually uses.
var gdsCredentials = OAuth2CredentialCollection.FindByAuthorityUrl(configuration, parameters.AuthorityUrl);
// create default credentials from the server endpoint.
if (gdsCredentials == null)
{
gdsCredentials = new OAuth2Credential();
}
// override with settings provided by server.
gdsCredentials.AuthorityUrl = parameters.AuthorityUrl;
gdsCredentials.GrantType = parameters.GrantType;
gdsCredentials.TokenEndpoint = parameters.TokenEndpoint;
JwtSecurityToken jwt = null;
// need to get credentials from an external authority.
if (gdsCredentials != null && gdsCredentials.GrantType == "site_token")
{
// need to find an OAuth2 server that can supply credentials.
var azureCredentials = OAuth2CredentialCollection.FindByServerUri(configuration, parameters.ResourceId);
if (azureCredentials == null)
{
throw new ServiceResultException(StatusCodes.BadConfigurationError, "No OAuth2 configuration specified for the selected GDS.");
}
// prompt user to provide credentials.
var azureToken = new OAuth2CredentialsDialog().ShowDialog(azureCredentials);
if (azureToken == null)
{
return(null);
}
jwt = new JwtSecurityToken(azureToken.AccessToken);
IssuedIdentityToken issuedToken = new IssuedIdentityToken();
issuedToken.IssuedTokenType = IssuedTokenType.JWT;
issuedToken.DecryptedTokenData = new UTF8Encoding(false).GetBytes(jwt.RawData);
var azureIdentity = new UserIdentity(issuedToken);
// log in using site token.
OAuth2Client client = new OAuth2Client()
{
Configuration = configuration
};
var certificate = await client.Configuration.SecurityConfiguration.ApplicationCertificate.Find(true);
var gdsAccessToken = await client.RequestTokenWithWithSiteTokenAsync(gdsCredentials, certificate, azureToken.AccessToken, parameters.ResourceId, "gdsadmin");
JwtSecurityToken gdsToken = new JwtSecurityToken(gdsAccessToken.AccessToken);
issuedToken = new IssuedIdentityToken();
issuedToken.IssuedTokenType = IssuedTokenType.JWT;
issuedToken.DecryptedTokenData = new UTF8Encoding(false).GetBytes(gdsToken.RawData);
return(new UserIdentity(issuedToken));
}
// attempt to log in directly
else
{
string username = null;
string password = null;
// TBD - Prompt User to Provide.
OAuth2Client client = new OAuth2Client()
{
Configuration = configuration
};
var gdsAccessToken = await client.RequestTokenWithWithUserNameAsync(gdsCredentials, username, password, parameters.ResourceId, "gdsadmin");
JwtSecurityToken gdsToken = new JwtSecurityToken(gdsAccessToken.AccessToken);
IssuedIdentityToken issuedToken = new IssuedIdentityToken();
issuedToken.IssuedTokenType = IssuedTokenType.JWT;
issuedToken.DecryptedTokenData = new UTF8Encoding(false).GetBytes(gdsToken.RawData);
return(new UserIdentity(issuedToken));
}
}