public async Task <Microsoft.AspNetCore.Mvc.ActionResult> Get()
{
var query = Request.Query;
if (query == null)
{
throw new IdentityServerException(
ErrorCodes.InvalidRequestCode,
ErrorDescriptions.RequestIsNotValid);
}
var serializer = new ParamSerializer();
var authorizationRequest = serializer.Deserialize <AuthorizationRequest>(query);
authorizationRequest = await ResolveAuthorizationRequest(authorizationRequest);
var authenticatedUser = await this.GetAuthenticatedUser(_authenticateOptions.CookieName);
var parameter = authorizationRequest.ToParameter();
var actionResult = await _authorizationActions.GetAuthorization(parameter, authenticatedUser);
if (actionResult.Type == TypeActionResult.RedirectToCallBackUrl)
{
var redirectUrl = new Uri(authorizationRequest.RedirectUri);
return(this.CreateRedirectHttpTokenResponse(redirectUrl,
_actionResultParser.GetRedirectionParameters(actionResult),
actionResult.RedirectInstruction.ResponseMode));
}
if (actionResult.Type == TypeActionResult.RedirectToAction)
{
if (actionResult.RedirectInstruction.Action == IdentityServerEndPoints.AuthenticateIndex ||
actionResult.RedirectInstruction.Action == IdentityServerEndPoints.ConsentIndex)
{
// Force the resource owner to be reauthenticated
if (actionResult.RedirectInstruction.Action == IdentityServerEndPoints.AuthenticateIndex)
{
authorizationRequest.Prompt = Enum.GetName(typeof(PromptParameter), PromptParameter.login);
}
// Set the process id into the request.
if (!string.IsNullOrWhiteSpace(actionResult.ProcessId))
{
authorizationRequest.ProcessId = actionResult.ProcessId;
}
// Add the encoded request into the query string
var encryptedRequest = _dataProtector.Protect(authorizationRequest);
actionResult.RedirectInstruction.AddParameter(Core.Constants.StandardAuthorizationResponseNames.AuthorizationCodeName,
encryptedRequest);
}
var url = GetRedirectionUrl(this.Request, actionResult.RedirectInstruction.Action);
var uri = new Uri(url);
var redirectionUrl = uri.AddParametersInQuery(_actionResultParser.GetRedirectionParameters(actionResult));
return(new RedirectResult(redirectionUrl.AbsoluteUri));
}
return(null);
}
public async Task <IActionResult> Get()
{
var query = Request.Query;
if (query == null)
{
return(BuildError(ErrorCodes.InvalidRequestCode, "no parameter in body request", HttpStatusCode.BadRequest));
}
var originUrl = this.GetOriginUrl();
var sessionId = GetSessionId();
var serializer = new ParamSerializer();
var authorizationRequest = serializer.Deserialize <AuthorizationRequest>(query);
authorizationRequest = await ResolveAuthorizationRequest(authorizationRequest).ConfigureAwait(false);
authorizationRequest.OriginUrl = originUrl;
authorizationRequest.SessionId = sessionId;
var authenticatedUser = await _authenticationService.GetAuthenticatedUser(this, Constants.CookieNames.CookieName);
var parameter = authorizationRequest.ToParameter();
var issuerName = Request.GetAbsoluteUriWithVirtualPath();
string authenticatedSubject = null;
double?authInstant = null;
if (authenticatedUser != null)
{
authenticatedSubject = authenticatedUser.GetSubject();
var authInstantClaim = authenticatedUser.Claims.FirstOrDefault(c => c.Type == Core.Common.StandardClaimNames.AuthenticationTime || c.Type == ClaimTypes.AuthenticationInstant);
if (authInstantClaim != null)
{
authInstant = double.Parse(authInstantClaim.Value);
}
}
var actionResult = await _authorizationActions.GetAuthorization(parameter, issuerName, authenticatedSubject, authInstant);
if (actionResult.Type == TypeActionResult.RedirectToCallBackUrl)
{
var redirectUrl = new Uri(authorizationRequest.RedirectUri);
return(this.CreateRedirectHttpTokenResponse(redirectUrl,
_actionResultParser.GetRedirectionParameters(actionResult),
actionResult.RedirectInstruction.ResponseMode));
}
if (actionResult.Type == TypeActionResult.RedirectToAction)
{
if (actionResult.RedirectInstruction.Action == IdentityServerEndPoints.AuthenticateIndex ||
actionResult.RedirectInstruction.Action == IdentityServerEndPoints.ConsentIndex)
{
// Force the resource owner to be reauthenticated
if (actionResult.RedirectInstruction.Action == IdentityServerEndPoints.AuthenticateIndex)
{
authorizationRequest.Prompt = Enum.GetName(typeof(PromptParameter), PromptParameter.login);
}
// Set the process id into the request.
if (!string.IsNullOrWhiteSpace(actionResult.ProcessId))
{
authorizationRequest.ProcessId = actionResult.ProcessId;
}
// Add the encoded request into the query string
if (actionResult.AmrLst != null)
{
authorizationRequest.AmrValues = string.Join(" ", actionResult.AmrLst);
}
var encryptedRequest = _dataProtector.Protect(authorizationRequest);
actionResult.RedirectInstruction.AddParameter(Core.Constants.StandardAuthorizationResponseNames.AuthorizationCodeName, encryptedRequest);
}
var url = GetRedirectionUrl(Request, actionResult.AmrLst == null || !actionResult.AmrLst.Any() ? null : actionResult.AmrLst.First(), actionResult.RedirectInstruction.Action);
var uri = new Uri(url);
var redirectionUrl = uri.AddParametersInQuery(_actionResultParser.GetRedirectionParameters(actionResult));
return(new RedirectResult(redirectionUrl.AbsoluteUri));
}
return(null);
}