protected override Task ApplyResponseChallengeAsync() { if (Response.StatusCode != 401) { return(Task.FromResult <object>(null)); } var challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode); if (challenge == null) { return(Task.FromResult <object>(null)); } string baseUri = Request.Scheme + Uri.SchemeDelimiter + this.GetHostName() + Request.PathBase; string currentUri = baseUri + Request.Path + Request.QueryString; string redirectUri = baseUri + Options.CallbackPath; var properties = challenge.Properties; if (string.IsNullOrEmpty(properties.RedirectUri)) { properties.RedirectUri = currentUri; } string codeVerifier = string.Empty; string codeChallenge = string.Empty; if (Options.RequirePkce) { codeVerifier = CryptoRandom.CreateUniqueId(32); codeChallenge = codeVerifier.ToSha256().TrimEnd('=').Replace('+', '-').Replace('/', '_'); properties.Dictionary.Add(PkceCodeVerifierKey, codeVerifier); } // OAuth2 10.12 CSRF GenerateCorrelationId(properties); string state = Options.StateDataFormat.Protect(properties); string authorizationEndpoint = Options.Endpoints.AuthorizationEndpoint + "?response_type=code" + "&scope=*" + "&client_id=" + Uri.EscapeDataString(Options.ClientId) + "&redirect_uri=" + Uri.EscapeDataString(redirectUri) + "&state=" + Uri.EscapeDataString(state); if (Options.RequirePkce) { authorizationEndpoint += "&code_challenge=" + codeChallenge + "&code_challenge_method=S256"; } var redirectContext = new GeocachingApplyRedirectContext( Context, Options, properties, authorizationEndpoint); Options.Provider.ApplyRedirect(redirectContext); return(Task.FromResult <object>(null)); }
/// <summary> /// Called when a Challenge causes a redirect to authorize endpoint in the Geocaching middleware /// </summary> /// <param name="context">Contains redirect URI and <see cref="AuthenticationProperties"/> of the challenge </param> public virtual void ApplyRedirect(GeocachingApplyRedirectContext context) { OnApplyRedirect(context); }