private async Task <Dictionary <string, string> > CreateAuthenticationAndSessionResponse(TParty party, List <Claim> claims, OidcDownSequenceData sequenceData) { try { var authenticationResponse = new AuthenticationResponse { State = sequenceData.State, ExpiresIn = party.Client.AccessTokenLifetime, }; var sessionResponse = new SessionResponse { SessionState = claims.FindFirstValue(c => c.Type == JwtClaimTypes.SessionId).GetSessionStateValue(party.Client.ClientId, sequenceData.RedirectUri) }; logger.ScopeTrace(() => $"Response type '{sequenceData.ResponseType}'."); var responseTypes = sequenceData.ResponseType.ToSpaceList(); if (responseTypes.Where(rt => rt.Contains(IdentityConstants.ResponseTypes.Code)).Any()) { authenticationResponse.Code = await oauthAuthCodeGrantDownLogic.CreateAuthCodeGrantAsync(party.Client as TClient, claims, sequenceData.RedirectUri, sequenceData.Scope, sequenceData.Nonce, sequenceData.CodeChallenge, sequenceData.CodeChallengeMethod); } string algorithm = IdentityConstants.Algorithms.Asymmetric.RS256; if (responseTypes.Where(rt => rt.Contains(IdentityConstants.ResponseTypes.Token)).Any()) { authenticationResponse.TokenType = IdentityConstants.TokenTypes.Bearer; authenticationResponse.AccessToken = await jwtDownLogic.CreateAccessTokenAsync(party.Client as TClient, claims, sequenceData.Scope?.ToSpaceList(), algorithm); } if (responseTypes.Where(rt => rt.Contains(IdentityConstants.ResponseTypes.IdToken)).Any()) { authenticationResponse.IdToken = await jwtDownLogic.CreateIdTokenAsync(party.Client as TClient, claims, sequenceData.Scope?.ToSpaceList(), sequenceData.Nonce, responseTypes, authenticationResponse.Code, authenticationResponse.AccessToken, algorithm); } logger.ScopeTrace(() => $"Authentication response '{authenticationResponse.ToJsonIndented()}'.", traceType: TraceTypes.Message); var nameValueCollection = authenticationResponse.ToDictionary(); if (!sessionResponse.SessionState.IsNullOrWhiteSpace()) { logger.ScopeTrace(() => $"Session response '{sessionResponse.ToJsonIndented()}'.", traceType: TraceTypes.Message); nameValueCollection = nameValueCollection.AddToDictionary(sessionResponse); } logger.ScopeTrace(() => $"Redirect Uri '{sequenceData.RedirectUri}'."); logger.ScopeTrace(() => "Down, OIDC Authentication response.", triggerEvent: true); return(nameValueCollection); } catch (KeyException kex) { var errorAuthenticationResponse = new AuthenticationResponse { State = sequenceData.State, Error = IdentityConstants.ResponseErrors.ServerError, ErrorDescription = kex.Message }; return(errorAuthenticationResponse.ToDictionary()); } }
private async Task <IActionResult> AuthenticationResponseErrorAsync(string redirectUri, string state, string error, string errorDescription) { var authenticationResponse = new AuthenticationResponse { State = state, Error = error, ErrorDescription = errorDescription, }; logger.ScopeTrace($"Authentication error response '{authenticationResponse.ToJsonIndented()}'."); var nameValueCollection = authenticationResponse.ToDictionary(); logger.ScopeTrace($"Redirect Uri '{redirectUri}'."); return(await nameValueCollection.ToRedirectResultAsync(redirectUri)); }
private async Task <IActionResult> AuthenticationResponseErrorAsync(bool restrictFormAction, string redirectUri, string state, string error, string errorDescription) { var authenticationResponse = new AuthenticationResponse { State = state, Error = error, ErrorDescription = errorDescription, }; logger.ScopeTrace(() => $"Authentication error response '{authenticationResponse.ToJsonIndented()}'.", traceType: TraceTypes.Message); var nameValueCollection = authenticationResponse.ToDictionary(); logger.ScopeTrace(() => $"Redirect Uri '{redirectUri}'."); if (restrictFormAction) { securityHeaderLogic.AddFormAction(redirectUri); } else { securityHeaderLogic.AddFormActionAllowAll(); } return(await nameValueCollection.ToRedirectResultAsync(redirectUri)); }
public async Task <IActionResult> AuthenticationResponseAsync(string partyId, List <Claim> claims) { logger.ScopeTrace("Down, OIDC Authentication response."); logger.SetScopeProperty("downPartyId", partyId); var party = await tenantRepository.GetAsync <TParty>(partyId); if (party.Client == null) { throw new NotSupportedException($"Party Client not configured."); } var sequenceData = await sequenceLogic.GetSequenceDataAsync <OidcDownSequenceData>(false); claims = await claimTransformationsLogic.Transform(party.ClaimTransformations?.ConvertAll(t => (ClaimTransformation)t), claims); var authenticationResponse = new AuthenticationResponse { TokenType = IdentityConstants.TokenTypes.Bearer, State = sequenceData.State, ExpiresIn = party.Client.AccessTokenLifetime, }; var sessionResponse = new SessionResponse { SessionState = claims.FindFirstValue(c => c.Type == JwtClaimTypes.SessionId) }; logger.ScopeTrace($"Response type '{sequenceData.ResponseType}'."); var responseTypes = sequenceData.ResponseType.ToSpaceList(); if (responseTypes.Contains(IdentityConstants.ResponseTypes.Code)) { authenticationResponse.Code = await oauthAuthCodeGrantLogic.CreateAuthCodeGrantAsync(party.Client as TClient, claims, sequenceData.RedirectUri, sequenceData.Scope, sequenceData.Nonce, sequenceData.CodeChallenge, sequenceData.CodeChallengeMethod); } string algorithm = IdentityConstants.Algorithms.Asymmetric.RS256; if (responseTypes.Contains(IdentityConstants.ResponseTypes.Token)) { authenticationResponse.AccessToken = await jwtLogic.CreateAccessTokenAsync(party.Client as TClient, claims, sequenceData.Scope?.ToSpaceList(), algorithm); } if (responseTypes.Contains(IdentityConstants.ResponseTypes.IdToken)) { authenticationResponse.IdToken = await jwtLogic.CreateIdTokenAsync(party.Client as TClient, claims, sequenceData.Scope?.ToSpaceList(), sequenceData.Nonce, responseTypes, authenticationResponse.Code, authenticationResponse.AccessToken, algorithm); } logger.ScopeTrace($"Authentication response '{authenticationResponse.ToJsonIndented()}'."); var nameValueCollection = authenticationResponse.ToDictionary(); if (!sessionResponse.SessionState.IsNullOrWhiteSpace()) { logger.ScopeTrace($"Session response '{sessionResponse.ToJsonIndented()}'."); nameValueCollection = nameValueCollection.AddToDictionary(sessionResponse); } logger.ScopeTrace($"Redirect Uri '{sequenceData.RedirectUri}'."); logger.ScopeTrace("Down, OIDC Authentication response.", triggerEvent: true); var responseMode = GetResponseMode(sequenceData.ResponseMode, sequenceData.ResponseType); await sequenceLogic.RemoveSequenceDataAsync <OidcDownSequenceData>(); await formActionLogic.RemoveFormActionSequenceDataAsync(); switch (responseMode) { case IdentityConstants.ResponseModes.FormPost: return(await nameValueCollection.ToHtmlPostContentResultAsync(sequenceData.RedirectUri)); case IdentityConstants.ResponseModes.Query: return(await nameValueCollection.ToRedirectResultAsync(sequenceData.RedirectUri)); case IdentityConstants.ResponseModes.Fragment: return(await nameValueCollection.ToFragmentResultAsync(sequenceData.RedirectUri)); default: throw new NotSupportedException(); } }