//--- Methods ---
protected override async Task OnInitializedAsync()
{
// remove any previous authentication tokens
await LocalStorage.RemoveItemAsync("Tokens");
// check if page is loaded with a authorization grant code (i.e. ?code=XYZ)
var queryParameters = HttpUtility.ParseQueryString(new Uri(NavigationManager.Uri).Query);
var code = queryParameters["code"];
if (!string.IsNullOrEmpty(code))
{
// ensure the replay guard matches
var state = queryParameters["state"];
if (!await VerifyReplayGuardAsync(state))
{
// TODO: report login error to user
throw new NotImplementedException("replay guard failed");
}
// fetch the authorization token from Cognito
Console.WriteLine($"Fetching authentication tokens for code grant: {code}");
var oauth2TokenResponse = await HttpClient.PostAsync($"{CognitoSettings.UserPoolUri}/oauth2/token", new FormUrlEncodedContent(new[] {
new KeyValuePair <string, string>("grant_type", "authorization_code"),
new KeyValuePair <string, string>("code", code),
new KeyValuePair <string, string>("client_id", CognitoSettings.ClientId),
new KeyValuePair <string, string>("redirect_uri", CognitoSettings.RedirectUri)
}));
if (oauth2TokenResponse.IsSuccessStatusCode)
{
// store authentication tokens in local storage
var json = await oauth2TokenResponse.Content.ReadAsStringAsync();
Console.WriteLine($"Storing authentication tokens: {json}");
var authenticationTokens = AuthenticationTokens.FromJson(json);
await LocalStorage.SetItemAsync("Tokens", authenticationTokens);
}
else
{
// TODO: report login error to user
throw new NotImplementedException("unable to retreive authentication tokens");
}
// navigate back to main page to connect to the websocket
NavigationManager.NavigateTo("/");
}
else
{
Console.WriteLine("No code grant to fetch!");
LoginUrl = CognitoSettings.GetLoginUrl("TBD");
}
}
private async Task <AuthenticationTokens> GetAuthenticationTokens()
{
// check if any authentication tokens are stored
var authenticationTokens = await LoadTokensAsync();
if (authenticationTokens == null)
{
LogInfo($"No authentication tokens found");
return(null);
}
// check if tokens will expire in 5 minutes or less
var authenticationTokenExpiration = DateTimeOffset.FromUnixTimeSeconds(authenticationTokens.Expiration);
var authenticationTokenTtl = authenticationTokenExpiration - DateTimeOffset.UtcNow;
if (authenticationTokenTtl < TimeSpan.FromSeconds(TOKEN_EXPIRATION_LIMIT_SECONDS))
{
LogInfo($"Current authentication tokens has expired or expires soon: {authenticationTokenExpiration}");
// refresh authentication tokens
LogInfo($"Refreshing authentication tokens for code grant: {authenticationTokens.IdToken}");
var oauth2TokenResponse = await HttpClient.PostAsync($"{CognitoSettings.UserPoolUri}/oauth2/token", new FormUrlEncodedContent(new[] {
new KeyValuePair <string, string>("grant_type", "refresh_token"),
new KeyValuePair <string, string>("client_id", CognitoSettings.ClientId),
new KeyValuePair <string, string>("refresh_token", authenticationTokens.RefreshToken)
}));
if (!oauth2TokenResponse.IsSuccessStatusCode)
{
LogInfo("Authentication tokens refresh failed");
await ClearAuthenticationTokens();
return(null);
}
// store authentication tokens in local storage
var json = await oauth2TokenResponse.Content.ReadAsStringAsync();
LogInfo($"Storing authentication tokens: {json}");
var refreshAuthenticationTokens = AuthenticationTokens.FromJson(json);
authenticationTokens.IdToken = refreshAuthenticationTokens.IdToken;
authenticationTokens.AccessToken = refreshAuthenticationTokens.AccessToken;
authenticationTokens.Expiration = refreshAuthenticationTokens.Expiration;
await SaveTokensAsync(authenticationTokens);
}
else
{
LogInfo($"Current authentication tokens valid until: {authenticationTokenExpiration}");
}
return(authenticationTokens);
}
