public async Task <ValidationResult> ValidateAsync(NameValueCollection parameters, ClaimsPrincipal subject) { _validatedRequest.Raw = parameters; _validatedRequest.Subject = subject; if (!subject.Identity.IsAuthenticated) { return(Invalid()); } var idTokenHint = parameters.Get(Constants.EndSessionRequest.IdTokenHint); if (idTokenHint.IsPresent()) { // validate id_token var tokenValidationResult = await _tokenValidator.ValidateIdentityTokenAsync(idTokenHint); if (tokenValidationResult.IsError) { return(Invalid()); } _validatedRequest.Client = tokenValidationResult.Client; // validate sub claim against currently logged on user var subClaim = tokenValidationResult.Claims.FirstOrDefault(c => c.Type == Constants.ClaimTypes.Subject); if (subClaim != null) { if (subject.GetSubjectId() != subClaim.Value) { return(Invalid()); } } var redirectUri = parameters.Get(Constants.EndSessionRequest.PostLogoutRedirectUri); if (redirectUri.IsPresent()) { Uri uri; if (Uri.TryCreate(redirectUri, UriKind.Absolute, out uri)) { if (_validatedRequest.Client.PostLogoutRedirectUris.Contains(uri)) { _validatedRequest.PostLogOutUri = uri; } else { return(Invalid()); } } var state = parameters.Get(Constants.EndSessionRequest.State); if (state.IsPresent()) { _validatedRequest.State = state; } } } return(Valid()); }
public async Task <IHttpActionResult> Get() { Logger.Info("Start identity token validation request"); if (!_options.IdentityTokenValidationEndpoint.IsEnabled) { Logger.Warn("Endpoint is disabled. Aborting"); return(NotFound()); } var parameters = Request.RequestUri.ParseQueryString(); var token = parameters.Get("token"); if (token.IsMissing()) { Logger.Error("token is missing."); return(BadRequest("token is missing.")); } var clientId = parameters.Get("client_id"); if (clientId.IsMissing()) { Logger.Error("client_id is missing."); return(BadRequest("client_id is missing.")); } var result = await _validator.ValidateIdentityTokenAsync(token, clientId); if (result.IsError) { Logger.Info("Returning error: " + result.Error); return(BadRequest(result.Error)); } var response = result.Claims.ToClaimsDictionary(); Logger.Debug(JsonConvert.SerializeObject(response, Formatting.Indented)); Logger.Info("Returning identity token claims"); return(Json(response)); }