/// <summary>
/// Get user information from the OP after user authentication
/// </summary>
/// <param name="url">The url to be used to retrieve user information</param>
/// <param name="userInfoRequestMessage">The user info request message</param>
/// <param name="accessToken">The access token obtain during authentication</param>
/// <returns>The response message containing user information</returns>
public OIDCUserInfoResponseMessage GetUserInfo(string url, OIDCUserInfoRequestMessage userInfoRequestMessage, string accessToken, string idTokenSub = null, bool bearer = true, string ClientSecret = null, List<OIDCKey> RPKeys = null)
{
WebRequest request;
if (bearer)
{
request = WebRequest.Create(url);
request.Headers.Add("Authorization", "Bearer " + accessToken);
}
else
{
request = WebRequest.Create(url + "?access_token=" + accessToken);
}
string returnedString = WebOperations.PostUrlContent(request, userInfoRequestMessage);
string jsonToken = userInfoRequestMessage.CheckSignatureAndDecryptJWT(returnedString, null, ClientSecret, RPKeys);
Dictionary<string, object> returnedJson = Deserializer.DeserializeFromJson<Dictionary<string, object>>(jsonToken);
if (returnedJson.Keys.Contains("error"))
{
OIDCResponseError error = new OIDCResponseError();
error.DeserializeFromDictionary(returnedJson);
throw new OIDCException("Error while asking for user info: " + error.Error + "\n" + error.ErrorDescription);
}
OIDCUserInfoResponseMessage userInfoResponse = new OIDCUserInfoResponseMessage();
userInfoResponse.DeserializeFromDictionary(returnedJson);
if (idTokenSub != null && userInfoResponse.Sub != idTokenSub)
{
throw new OIDCException("Wrong sub in UserInfo, it does not match idToken's.");
}
return userInfoResponse;
}
private ClaimsPrincipal GetPrincipal(OIDCUserInfoResponseMessage userInfoResponse, IOptions options, HttpSessionState session)
{
OpenIDProviderData providerData = options.OpenIDProviders[session["op"] as string];
string issuer = providerData.ProviderMatadata.Issuer;
List<Claim> c = new List<Claim>();
if (userInfoResponse.Name != null) c.Add(new Claim(ClaimTypes.Name, userInfoResponse.Name, ClaimValueTypes.String, issuer));
if (userInfoResponse.FamilyName != null) c.Add(new Claim(ClaimTypes.Surname, userInfoResponse.FamilyName, ClaimValueTypes.String, issuer));
if (userInfoResponse.GivenName != null) c.Add(new Claim(ClaimTypes.GivenName, userInfoResponse.GivenName, ClaimValueTypes.String, issuer));
if (userInfoResponse.Email != null) c.Add(new Claim(ClaimTypes.Email, userInfoResponse.Email, ClaimValueTypes.String, issuer));
if (userInfoResponse.Gender != null) c.Add(new Claim(ClaimTypes.Gender, userInfoResponse.Gender, ClaimValueTypes.String, issuer));
c.Add(new Claim(ClaimTypes.Role, "User"));
ClaimsIdentity ci = new ClaimsIdentity(c, "OpenIDAuthentication", ClaimTypes.Name, ClaimTypes.Role);
ClaimsPrincipal principal = new ClaimsPrincipal(ci);
return options.RPOptions.SystemIdentityModelIdentityConfiguration.ClaimsAuthenticationManager.Authenticate(null, principal);
}
public static string successPage(string authCode, string accessToken, OIDCIdToken idToken, OIDCUserInfoResponseMessage userInfoResponse)
{
string stringIdToken = idToken.serializeToJsonString();
string userInfoString = userInfoResponse.serializeToJsonString();
String successPage = File.ReadAllText(Path.Combine(Client.ROOT_PATH, "success_page.html"));
return String.Format(successPage, authCode, accessToken, stringIdToken, userInfoString);
}