private async Task <TokenData> GetTokens(string authCode, IdentityProviderClientSettings clientSettings, string redirectUri)
{
var httpClient = _httpClientFactory.CreateClient();
var discoveryResponse = await _discoveryCache.GetAsync();
if (discoveryResponse.IsError)
{
_discoveryCache.Refresh();
throw new Exception(discoveryResponse.Error);
}
var tokenResponse = await httpClient.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest
{
Address = discoveryResponse.TokenEndpoint,
Code = authCode,
ClientId = clientSettings.ClientId,
ClientSecret = clientSettings.ClientSecret,
RedirectUri = redirectUri
});
if (tokenResponse.IsError)
{
throw new Exception(tokenResponse.Error);
}
return(new TokenData(tokenResponse));
}
private async Task <IntrospectionResponse> IntrospectToken(HttpClient httpClient, string bearer)
{
var discoveryResponse = await _discoveryCache.GetAsync();
if (discoveryResponse.IsError)
{
_discoveryCache.Refresh();
throw new Exception(discoveryResponse.Error);
}
var introspectionResponse = await httpClient.IntrospectTokenAsync(new TokenIntrospectionRequest
{
Address = discoveryResponse.IntrospectionEndpoint,
ClientId = _ironcladSettings.IntrospectionClient.ClientId,
ClientSecret = _ironcladSettings.IntrospectionClient.ClientSecret,
Token = bearer
});
return(introspectionResponse);
}
private async Task <ActionResult> RedirectToExternalProvider(string query)
{
var discoveryResponse = await _discoveryCache.GetAsync();
if (discoveryResponse.IsError)
{
_discoveryCache.Refresh();
throw new Exception(discoveryResponse.Error);
}
var externalAuthorizeUrl = $"{discoveryResponse.AuthorizeEndpoint}{query}";
_log.Info(
$"Redirect URI substitued, trying to proxy to external provider on {externalAuthorizeUrl}");
return(Redirect(externalAuthorizeUrl));
}
public async Task <IActionResult> Login([FromRoute] string platform, [FromQuery] string returnUrl)
{
string clientId;
string signinCallback;
switch (platform)
{
case "android":
clientId = _ironcladSettings.AndroidClient.ClientId;
signinCallback = Url.AbsoluteAction("SigninCallbackAndroid", "Callback");
break;
case "ios":
clientId = _ironcladSettings.IosClient.ClientId;
signinCallback = Url.AbsoluteAction("SigninCallbackIos", "Callback");
break;
default:
return(BadRequest());
}
var discoveryResponse = await _discoveryCache.GetAsync();
if (discoveryResponse.IsError)
{
_discoveryCache.Refresh();
throw new Exception(discoveryResponse.Error);
}
var authorizeRequest = new Dictionary <string, string>
{
{ OidcConstants.AuthorizeRequest.ClientId, clientId },
{ OidcConstants.AuthorizeRequest.RedirectUri, signinCallback },
{ OidcConstants.AuthorizeRequest.Scope, "profile openid email lykke offline_access" },
{ OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code },
{ OidcConstants.AuthorizeRequest.Nonce, "mn4vcynp2tOEj7W9m88l" },
{ OidcConstants.AuthorizeRequest.State, "ttoY604BgSsliwgcnIt8" }
};
var query = QueryString.Create(authorizeRequest);
var externalAuthorizeUrl = $"{discoveryResponse.AuthorizeEndpoint}{query.ToUriComponent()}";
return(Redirect(externalAuthorizeUrl));
}
