async Task <ConsentViewModel> BuildViewModelAsync(string returnUrl, ConsentInputModel model = null) { var request = await _interaction.GetAuthorizationContextAsync(returnUrl); if (request != null) { var client = await _clientStore.FindEnabledClientByIdAsync(request.ClientId); if (client != null) { var scopes = await _scopeStore.FindEnabledScopesAsync(request.ScopesRequested); if (scopes != null && scopes.Any()) { return(new ConsentViewModel(model, returnUrl, request, client, scopes)); } else { _logger.LogError("No scopes matching: {0}", request.ScopesRequested.Aggregate((x, y) => x + ", " + y)); } } else { _logger.LogError("Invalid client id: {0}", request.ClientId); } } else { _logger.LogError("No consent request matching request: {0}", returnUrl); } return(null); }
public async Task <ScopeSecretValidationResult> ValidateAsync(HttpContext context) { _logger.LogTrace("Start scope validation"); var fail = new ScopeSecretValidationResult { IsError = true }; var parsedSecret = await _parser.ParseAsync(context); if (parsedSecret == null) { await RaiseFailureEvent("unknown", "No scope id or secret found"); _logger.LogError("No scope secret found"); return(fail); } // load scope var scope = (await _scopes.FindEnabledScopesAsync(new[] { parsedSecret.Id })).FirstOrDefault(); if (scope == null) { await RaiseFailureEvent(parsedSecret.Id, "Unknown scope"); _logger.LogError("No scope with that name found. aborting"); return(fail); } var result = await _validator.ValidateAsync(parsedSecret, scope.ScopeSecrets); if (result.Success) { _logger.LogDebug("Scope validation success"); var success = new ScopeSecretValidationResult { IsError = false, Scope = scope }; await RaiseSuccessEvent(scope.Name); return(success); } await RaiseFailureEvent(scope.Name, "Invalid client secret"); _logger.LogError("Scope validation failed."); return(fail); }
public async Task <bool> AreScopesValidAsync(IEnumerable <string> requestedScopes) { var requestedScopesArray = requestedScopes as string[] ?? requestedScopes.ToArray(); var availableScopesArray = (await _store.FindEnabledScopesAsync(requestedScopesArray)).ToArray(); foreach (var requestedScope in requestedScopesArray) { var scopeDetail = availableScopesArray.FirstOrDefault(s => s.Name == requestedScope); if (scopeDetail == null) { _logger.LogError("Invalid scope: {requestedScope}", requestedScope); return(false); } if (scopeDetail.Enabled == false) { _logger.LogError("Scope disabled: {requestedScope}", requestedScope); return(false); } if (scopeDetail.Type == ScopeType.Identity) { ContainsOpenIdScopes = true; } else { ContainsResourceScopes = true; } GrantedScopes.Add(scopeDetail); } if (requestedScopesArray.Contains(Constants.StandardScopes.OfflineAccess)) { ContainsOfflineAccessScope = true; } RequestedScopes.AddRange(GrantedScopes); return(true); }
public async Task <RequestedClaimTypes> GetRequestedClaimTypesAsync(IEnumerable <string> scopes) { if (scopes == null || !scopes.Any()) { return(new RequestedClaimTypes()); } var scopeString = string.Join(" ", scopes); _logger.LogDebug("Scopes in access token: {scopes}", scopeString); var scopeDetails = await _scopes.FindEnabledScopesAsync(scopes); var scopeClaims = new List <string>(); foreach (var scope in scopes) { var scopeDetail = scopeDetails.FirstOrDefault(s => s.Name == scope); if (scopeDetail != null) { if (scopeDetail.Type == ScopeType.Identity) { if (scopeDetail.IncludeAllClaimsForUser) { return(new RequestedClaimTypes { IncludeAllClaims = true }); } scopeClaims.AddRange(scopeDetail.Claims.Select(c => c.Name)); } } } return(new RequestedClaimTypes(scopeClaims)); }
private async Task <TokenResponse> ProcessAuthorizationCodeRequestAsync(ValidatedTokenRequest request) { _logger.LogTrace("Processing authorization code request"); ////////////////////////// // access token ///////////////////////// var accessToken = await CreateAccessTokenAsync(request); var response = new TokenResponse { AccessToken = accessToken.Item1, AccessTokenLifetime = request.Client.AccessTokenLifetime }; ////////////////////////// // refresh token ///////////////////////// if (accessToken.Item2.IsPresent()) { response.RefreshToken = accessToken.Item2; } ////////////////////////// // id token ///////////////////////// if (request.AuthorizationCode.IsOpenId) { // load the client that belongs to the authorization code Client client = null; if (request.AuthorizationCode.ClientId != null) { client = await _clients.FindEnabledClientByIdAsync(request.AuthorizationCode.ClientId); } if (client == null) { throw new InvalidOperationException("Client does not exist anymore."); } var scopes = await _scopes.FindEnabledScopesAsync(request.AuthorizationCode.RequestedScopes); var tokenRequest = new TokenCreationRequest { Subject = request.AuthorizationCode.Subject, Client = client, Scopes = scopes, Nonce = request.AuthorizationCode.Nonce, ValidatedRequest = request }; var idToken = await _tokenService.CreateIdentityTokenAsync(tokenRequest); var jwt = await _tokenService.CreateSecurityTokenAsync(idToken); response.IdentityToken = jwt; } return(response); }