예제 #1
0
        /// <summary>
        /// Requests a new token as specified in
        /// https://developers.google.com/accounts/docs/OAuth2ServiceAccount#makingrequest.
        /// </summary>
        /// <param name="taskCancellationToken">Cancellation token to cancel operation.</param>
        /// <returns><c>true</c> if a new token was received successfully.</returns>
        public override async Task <bool> RequestAccessTokenAsync(CancellationToken taskCancellationToken)
        {
            string serializedHeader  = CreateSerializedHeader();
            string serializedPayload = GetSerializedPayload();

            StringBuilder assertion = new StringBuilder();

            assertion.Append(UrlSafeBase64Encode(serializedHeader))
            .Append(".")
            .Append(UrlSafeBase64Encode(serializedPayload));

            // Sign the header and the payload.
            var hashAlg = new SHA256CryptoServiceProvider();

            byte[] assertionHash = hashAlg.ComputeHash(Encoding.ASCII.GetBytes(assertion.ToString()));

            var signature = UrlSafeBase64Encode(key.SignHash(assertionHash, "2.16.840.1.101.3.4.2.1" /* SHA256 OIG */));

            assertion.Append(".").Append(signature);

            // Create the request.
            var request = new GoogleAssertionTokenRequest()
            {
                Assertion = assertion.ToString()
            };

            Logger.Debug("Request a new access token. Assertion data is: " + request.Assertion);

            var newToken = await request.ExecuteAsync(HttpClient, TokenServerUrl, taskCancellationToken, Clock)
                           .ConfigureAwait(false);

            Token = newToken;
            return(true);
        }
        /// <summary>
        /// Requests a new token as specified in
        /// https://developers.google.com/accounts/docs/OAuth2ServiceAccount#makingrequest.
        /// </summary>
        /// <param name="taskCancellationToken">Cancellation token to cancel operation.</param>
        /// <returns><c>true</c> if a new token was received successfully.</returns>
        public async Task <bool> RequestAccessTokenAsync(CancellationToken taskCancellationToken)
        {
            string serializedHeader  = CreateSerializedHeader();
            string serializedPayload = GetSerializedPayload();

            StringBuilder assertion = new StringBuilder();

            assertion.Append(UrlSafeBase64Encode(serializedHeader))
            .Append(".")
            .Append(UrlSafeBase64Encode(serializedPayload));

            // Sign the header and the payload.
            var signature = UrlSafeBase64Encode(key.SignData(Encoding.ASCII.GetBytes(assertion.ToString()), "SHA256"));

            assertion.Append(".").Append(signature);

            // Create the request.
            var request = new GoogleAssertionTokenRequest()
            {
                Assertion = assertion.ToString()
            };

            Logger.Debug("Request a new access token. Assertion data is: " + request.Assertion);

            var newToken = await request.ExecuteAsync(httpClient, tokenServerUrl, taskCancellationToken, Clock)
                           .ConfigureAwait(false);

            Token = newToken;
            return(true);
        }
        private async Task <bool> RefreshOidcTokenAsync(TokenRefreshManager caller, OidcTokenOptions options, CancellationToken cancellationToken)
        {
            var    now        = Clock.UtcNow;
            var    jwtExpiry  = now + JwtLifetime;
            string jwtForOidc = CreateJwtAccessTokenForOidc(options, now, jwtExpiry);

            var req = new GoogleAssertionTokenRequest()
            {
                Assertion = jwtForOidc
            };

            caller.Token = await req.ExecuteAsync(HttpClient, TokenServerUrl, cancellationToken, Clock).ConfigureAwait(false);

            return(true);
        }
예제 #4
0
        /// <summary>
        /// Requests a new token as specified in
        /// https://developers.google.com/accounts/docs/OAuth2ServiceAccount#makingrequest.
        /// </summary>
        /// <param name="taskCancellationToken">Cancellation token to cancel operation.</param>
        /// <returns><c>true</c> if a new token was received successfully.</returns>
        public override async Task <bool> RequestAccessTokenAsync(CancellationToken taskCancellationToken)
        {
            // Create the request.
            var request = new GoogleAssertionTokenRequest()
            {
                Assertion = CreateAssertionFromPayload(CreatePayload())
            };

            Logger.Debug("Request a new access token. Assertion data is: " + request.Assertion);

            var newToken = await request.ExecuteAsync(HttpClient, TokenServerUrl, taskCancellationToken, Clock)
                           .ConfigureAwait(false);

            Token = newToken;
            return(true);
        }
        /// <summary>
        /// Authenticates using the client id and credentials, then fetches
        /// the uri.
        /// </summary>
        /// <param name="iapClientId">The client id observed on
        /// https://console.cloud.google.com/apis/credentials.</param>
        /// <param name="credentialsFilePath">Path to the credentials .json file
        /// download from https://console.cloud.google.com/apis/credentials.
        /// </param>
        /// <param name="uri">HTTP uri to fetch.</param>
        /// <returns>The http response body as a string.</returns>
        public static string InvokeRequest(string iapClientId,
                                           string credentialsFilePath, string uri)
        {
            // Read credentials from the credentials .json file.
            ServiceAccountCredential saCredential;

            using (var fs = new FileStream(credentialsFilePath,
                                           FileMode.Open, FileAccess.Read))
            {
                saCredential = ServiceAccountCredential
                               .FromServiceAccountData(fs);
            }

            // Generate a JWT signed with the service account's private key
            // containing a special "target_audience" claim.
            var jwtBasedAccessToken =
                CreateAccessToken(saCredential, iapClientId);

            // Request an OIDC token for the Cloud IAP-secured client ID.
            var req = new GoogleAssertionTokenRequest()
            {
                Assertion = jwtBasedAccessToken
            };
            var result = req.ExecuteAsync(saCredential.HttpClient,
                                          saCredential.TokenServerUrl, CancellationToken.None,
                                          saCredential.Clock).Result;
            string token = result.IdToken;

            // Include the OIDC token in an Authorization: Bearer header to
            // IAP-secured resource
            var httpClient = new HttpClient();

            httpClient.DefaultRequestHeaders.Authorization =
                new AuthenticationHeaderValue("Bearer", token);
            string response = httpClient.GetStringAsync(uri).Result;

            return(response);
        }