/// <summary> /// Token request for refresh /// </summary> public OAuthTokenRequest(TokenClaimsPrincipal current, String scope) { this.GrantType = "refresh_token"; this.RefreshToken = current.RefreshToken; this.Scope = scope; }
/// <summary> /// Authenticate the user /// </summary> /// <param name="principal">Principal.</param> /// <param name="password">Password.</param> public System.Security.Principal.IPrincipal Authenticate(System.Security.Principal.IPrincipal principal, string password, String tfaSecret) { AuthenticatingEventArgs e = new AuthenticatingEventArgs(principal.Identity.Name); this.Authenticating?.Invoke(this, e); if (e.Cancel) { this.m_tracer.TraceWarning("Pre-Event ordered cancel of auth {0}", principal); return(null); } // Get the scope being requested String scope = "*"; // Authenticate IPrincipal retVal = null; try { using (IRestClient restClient = ApplicationContext.Current.GetRestClient(Core.Interop.ServiceEndpointType.AuthenticationService)) { // Set credentials restClient.Credentials = new OAuthTokenServiceCredentials(principal); // Create grant information OAuthTokenRequest request = null; if (!String.IsNullOrEmpty(password)) { request = new OAuthTokenRequest(principal.Identity.Name, password, scope); } else if (principal is TokenClaimsPrincipal) { request = new OAuthTokenRequest(principal as TokenClaimsPrincipal, scope); } else { request = new OAuthTokenRequest(principal.Identity.Name, null, scope); } // Set credentials if (restClient.Description.Binding.Security?.Mode == Core.Http.Description.SecurityScheme.Basic) { restClient.Credentials = new OAuthTokenServiceCredentials(principal); } else { request.ClientId = ApplicationContext.Current.ApplicationName; request.ClientSecret = ApplicationContext.Current.ApplicationSecret; } try { restClient.Requesting += (o, p) => { if (!String.IsNullOrEmpty(tfaSecret)) { p.AdditionalHeaders.Add("X-SanteDB-TfaSecret", tfaSecret); } }; OAuthTokenResponse response = restClient.Post <OAuthTokenRequest, OAuthTokenResponse>("oauth2_token", "application/x-www-form-urlencoded", request); retVal = new TokenClaimsPrincipal(response.AccessToken, response.IdToken, response.TokenType, response.RefreshToken); this.Authenticated?.Invoke(this, new AuthenticatedEventArgs(principal.Identity.Name, retVal, true)); } catch (RestClientException <OAuthTokenResponse> ex) { this.m_tracer.TraceWarning("OAUTH Server Responded: {0}", ex.Result.ErrorDescription); } catch (WebException ex) // Raw level web exception { this.m_tracer.TraceError("Error authenticating: {0}", ex.Message); } catch (SecurityException ex) { this.m_tracer.TraceError("Server was contacted however the token is invalid: {0}", ex.Message); throw; } catch (Exception ex) // fallback to local { this.m_tracer.TraceError("General Authentication Error: {0}", ex.Message); } } } catch { this.Authenticated?.Invoke(this, new AuthenticatedEventArgs(principal.Identity.Name, retVal, false)); throw; } return(retVal); }