protected async Task <IActionResult> Authenticate(string returnUrl, string currentAmr, OAuthUser user, CancellationToken token, bool rememberLogin = false) { var unprotectedUrl = Unprotect(returnUrl); var query = unprotectedUrl.GetQueries().ToJObj(); var acrValues = query.GetAcrValuesFromAuthorizationRequest(); var clientId = query.GetClientIdFromAuthorizationRequest(); var requestedClaims = query.GetClaimsFromAuthorizationRequest(); var client = (OpenIdClient)await _oauthClientRepository.FindOAuthClientById(clientId, token); var acr = await _amrHelper.FetchDefaultAcr(acrValues, requestedClaims, client, token); string amr; if (acr == null || string.IsNullOrWhiteSpace(amr = _amrHelper.FetchNextAmr(acr, currentAmr))) { var claims = user.ToClaims(); var claimsIdentity = new ClaimsIdentity(claims, currentAmr); var claimsPrincipal = new ClaimsPrincipal(claimsIdentity); user.AuthenticationTime = DateTime.UtcNow; await _oauthUserCommandRepository.Update(user, token); await _oauthUserCommandRepository.SaveChanges(token); await HttpContext.SignInAsync(claimsPrincipal, new AuthenticationProperties { IsPersistent = rememberLogin }); return(Redirect(unprotectedUrl)); } return(RedirectToAction("Index", "Authenticate", new { area = amr, ReturnUrl = returnUrl })); }
public async Task <IActionResult> Index(ConfirmConsentsViewModel confirmConsentsViewModel, CancellationToken token) { try { var unprotectedUrl = _dataProtector.Unprotect(confirmConsentsViewModel.ReturnUrl); var query = unprotectedUrl.GetQueries().ToJObj(); var claimName = User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier); var user = await _oauthUserRepository.FindOAuthUserByLogin(claimName.Value, token); var consent = _userConsentFetcher.FetchFromAuthorizationRequest(user, query); if (consent == null) { consent = _userConsentFetcher.BuildFromAuthorizationRequest(query); user.Consents.Add(consent); await _oAuthUserCommandRepository.Update(user, token); await _oAuthUserCommandRepository.SaveChanges(token); } return(Redirect(unprotectedUrl)); } catch (CryptographicException) { ModelState.AddModelError("invalid_request", "invalid_request"); return(View(confirmConsentsViewModel)); } }