public async Task <IActionResult> Manage(CancellationToken cancellationToken) { var nameIdentifier = GetNameIdentifier(); var user = await _oauthUserRepository.FindOAuthUserByLogin(nameIdentifier, cancellationToken); var result = new List <ConsentViewModel>(); var oauthClients = await _oauthClientRepository.FindOAuthClientByIds(user.Consents.Select(c => c.ClientId), cancellationToken); foreach (var consent in user.Consents) { var oauthClient = oauthClients.Single(c => c.ClientId == consent.ClientId); result.Add(new ConsentViewModel( consent.Id, _translationHelper.Translate(oauthClient.ClientNames, oauthClient.ClientId), consent.Scopes.Select(s => s.Name), consent.Claims)); } return(View(result)); }
private async Task <IActionResult> Common(JObject content, CancellationToken cancellationToken) { try { var accessToken = ExtractAccessToken(content); var jwsPayload = await Extract(accessToken, cancellationToken); if (jwsPayload == null) { throw new OAuthException(ErrorCodes.INVALID_TOKEN, OAuth.ErrorMessages.BAD_TOKEN); } var subject = jwsPayload.GetSub(); var scopes = jwsPayload.GetScopes(); var audiences = jwsPayload.GetAudiences(); var claims = jwsPayload.GetClaimsFromAccessToken(AuthorizationRequestClaimTypes.UserInfo); var authTime = jwsPayload.GetAuthTime(); var user = await _oauthUserRepository.FindOAuthUserByLogin(subject, cancellationToken); if (user == null) { return(new UnauthorizedResult()); } var filteredClients = await _oauthClientRepository.FindOAuthClientByIds(audiences, cancellationToken); if (!filteredClients.Any()) { throw new OAuthException(ErrorCodes.INVALID_CLIENT, ErrorMessages.INVALID_AUDIENCE); } var oauthClient = (OpenIdClient)filteredClients.First(); if (!user.HasOpenIDConsent(oauthClient.ClientId, scopes, claims, AuthorizationRequestClaimTypes.UserInfo)) { throw new OAuthException(ErrorCodes.INVALID_REQUEST, ErrorMessages.NO_CONSENT); } var token = await _tokenRepository.Get(accessToken, cancellationToken); if (token == null) { _logger.LogError("Cannot get user information because access token has been rejected"); throw new OAuthException(ErrorCodes.INVALID_TOKEN, OAuth.ErrorMessages.ACCESS_TOKEN_REJECTED); } var oauthScopes = await _oauthScopeRepository.FindOAuthScopesByNames(scopes, cancellationToken); var payload = new JwsPayload(); IdTokenBuilder.EnrichWithScopeParameter(payload, oauthScopes, user, subject); _claimsJwsPayloadEnricher.EnrichWithClaimsParameter(payload, claims, user, authTime, AuthorizationRequestClaimTypes.UserInfo); foreach (var claimsSource in _claimsSources) { await claimsSource.Enrich(payload, oauthClient, cancellationToken); } string contentType = "application/json"; var result = JsonConvert.SerializeObject(payload).ToString(); if (!string.IsNullOrWhiteSpace(oauthClient.UserInfoSignedResponseAlg)) { payload.Add(Jwt.Constants.OAuthClaims.Issuer, Request.GetAbsoluteUriWithVirtualPath()); payload.Add(Jwt.Constants.OAuthClaims.Audiences, new string[] { token.ClientId }); result = await _jwtBuilder.BuildClientToken(oauthClient, payload, oauthClient.UserInfoSignedResponseAlg, oauthClient.UserInfoEncryptedResponseAlg, oauthClient.UserInfoEncryptedResponseEnc, cancellationToken); contentType = "application/jwt"; } return(new ContentResult { Content = result, ContentType = contentType }); } catch (OAuthException ex) { var jObj = new JObject { { ErrorResponseParameters.Error, ex.Code }, { ErrorResponseParameters.ErrorDescription, ex.Message } }; return(new ContentResult { Content = jObj.ToString(), ContentType = "application/json", StatusCode = (int)HttpStatusCode.BadRequest }); } }