public async Task <List <TokenExchangeResponse> > ProcessExchangeAsync(TokenExchangeRequest tokenExchangeRequest) { if (tokenExchangeRequest.Extras == null || tokenExchangeRequest.Extras.Count == 0) { throw new Exception($"{Name}: We require that extras be populated!"); } List <ValidatedToken> validatedIdentityTokens = new List <ValidatedToken>(); foreach (var item in tokenExchangeRequest.Tokens) { var prince = await _tokenValidator.ValidateTokenAsync(new TokenDescriptor { TokenScheme = item.TokenScheme, Token = item.Token }); var sub = prince.GetSubjectFromPincipal(); if (string.IsNullOrEmpty(sub)) { _summaryLogger.Add("subject", "A subject was not found in the ClaimsPrincipal object!"); throw new Exception("A subject was not found in the ClaimsPrincipal object!"); } validatedIdentityTokens.Add(new ValidatedToken { Token = item.Token, TokenScheme = item.TokenScheme, Principal = prince }); } // for this demo, lets assume all the extras are roles. var roles = tokenExchangeRequest.Extras; roles.Add("user"); ResourceOwnerTokenRequest resourceOwnerTokenRequest = new ResourceOwnerTokenRequest() { AccessTokenLifetime = 3600, ArbitraryClaims = new Dictionary <string, List <string> >() { { "role", roles } }, Scope = "offline_access graphQLPlay", Subject = validatedIdentityTokens[0].Principal.GetSubjectFromPincipal(), ClientId = "arbitrary-resource-owner-client" }; var response = await _tokenMintingService.MintResourceOwnerTokenAsync(resourceOwnerTokenRequest); if (response.IsError) { throw new Exception(response.Error); } var tokenExchangeResponse = new TokenExchangeResponse() { accessToken = new AccessTokenResponse() { access_token = response.AccessToken, refresh_token = response.RefreshToken, expires_in = response.ExpiresIn, token_type = response.TokenType, authority = $"{_httpContextAssessor.HttpContext.Request.Scheme}://{_httpContextAssessor.HttpContext.Request.Host}", HttpHeaders = new List <HttpHeader> { new HttpHeader() { Name = "x-authScheme", Value = response.Scheme } } } }; return(new List <TokenExchangeResponse> { tokenExchangeResponse }); }
public async Task <List <TokenExchangeResponse> > ProcessExchangeAsync( TokenExchangeRequest tokenExchangeRequest, Dictionary <string, List <KeyValuePair <string, string> > > mapOpaqueKeyValuePairs) { var access_token = await GetTokenAsync(); if (string.IsNullOrEmpty(access_token)) { throw new Exception("Unable to fetch client_credentials access_token"); } var headers = new List <HttpHeader>(_externalExchangeRecord.oAuth2_client_credentials.AdditionalHeaders) { new HttpHeader() { Name = "Authorization", Value = $"Bearer {access_token}" }, new HttpHeader() { Name = "Accept", Value = $"application/json" } }; var passThrough = _externalExchangeRecord.MintType == "passThroughHandler"; var externalUrl = passThrough ? _externalExchangeRecord.PassThroughHandler.Url : _externalExchangeRecord.ExternalFinalExchangeHandler.Url; (string content, HttpStatusCode statusCode)responseBag; using (var httpClient = _defaultHttpClientFactory.HttpClient) { responseBag = await Utils.EfficientApiCalls.HttpClientHelpers.PostStreamAsync( _defaultHttpClientFactory.HttpClient, externalUrl, headers, new TokenExchangeRequestPackage(tokenExchangeRequest) { MapOpaqueKeyValuePairs = mapOpaqueKeyValuePairs }, CancellationToken.None); } if (responseBag.statusCode == HttpStatusCode.OK) { if (passThrough) { var passThroughResult = JsonConvert.DeserializeObject <List <TokenExchangeResponse> >(responseBag.content); return(passThroughResult); } else { var tokenExchangeResponses = new List <TokenExchangeResponse>(); var externalExchangeTokenRequests = JsonConvert.DeserializeObject <List <ExternalExchangeTokenResponse> >(responseBag.content); foreach (var externalExchangeResourceOwnerTokenRequest in externalExchangeTokenRequests) { if (externalExchangeResourceOwnerTokenRequest.CustomTokenResponse != null) { var tokenExchangeResponse = new TokenExchangeResponse() { customToken = externalExchangeResourceOwnerTokenRequest.CustomTokenResponse }; tokenExchangeResponses.Add(tokenExchangeResponse); } if (externalExchangeResourceOwnerTokenRequest.ArbitraryIdentityTokenRequest != null) { var arbitraryIdentityTokenRequest = externalExchangeResourceOwnerTokenRequest .ArbitraryIdentityTokenRequest; IdentityTokenRequest tokenRequest = new IdentityTokenRequest() { IdentityTokenLifetime = arbitraryIdentityTokenRequest.IdentityTokenLifetime, ArbitraryClaims = arbitraryIdentityTokenRequest.ArbitraryClaims, Scope = arbitraryIdentityTokenRequest.Scope, Subject = arbitraryIdentityTokenRequest.Subject, ClientId = _externalExchangeRecord.ExternalFinalExchangeHandler.ClientId // configured value }; var response = await _tokenMintingService.MintIdentityTokenAsync(tokenRequest); if (response.IsError) { throw new Exception(response.Error); } var tokenExchangeResponse = new TokenExchangeResponse() { IdentityToken = new IdentityTokenResponse() { hint = arbitraryIdentityTokenRequest.Hint, id_token = response.IdentityToken, expires_in = response.ExpiresIn, authority = $"{_httpContextAssessor.HttpContext.Request.Scheme}://{_httpContextAssessor.HttpContext.Request.Host}", HttpHeaders = arbitraryIdentityTokenRequest.HttpHeaders } }; tokenExchangeResponses.Add(tokenExchangeResponse); } if (externalExchangeResourceOwnerTokenRequest.ArbitraryResourceOwnerTokenRequest != null) { var arbitraryResourceOwnerTokenRequest = externalExchangeResourceOwnerTokenRequest .ArbitraryResourceOwnerTokenRequest; ResourceOwnerTokenRequest resourceOwnerTokenRequest = new ResourceOwnerTokenRequest() { AccessTokenLifetime = arbitraryResourceOwnerTokenRequest.AccessTokenLifetime, ArbitraryClaims = arbitraryResourceOwnerTokenRequest.ArbitraryClaims, Scope = arbitraryResourceOwnerTokenRequest.Scope, Subject = arbitraryResourceOwnerTokenRequest.Subject, ClientId = _externalExchangeRecord.ExternalFinalExchangeHandler.ClientId // configured value }; var response = await _tokenMintingService.MintResourceOwnerTokenAsync(resourceOwnerTokenRequest); if (response.IsError) { throw new Exception(response.Error); } var tokenExchangeResponse = new TokenExchangeResponse() { accessToken = new AccessTokenResponse() { hint = arbitraryResourceOwnerTokenRequest.Hint, access_token = response.AccessToken, refresh_token = response.RefreshToken, expires_in = response.ExpiresIn, token_type = response.TokenType, authority = $"{_httpContextAssessor.HttpContext.Request.Scheme}://{_httpContextAssessor.HttpContext.Request.Host}", HttpHeaders = arbitraryResourceOwnerTokenRequest.HttpHeaders } }; tokenExchangeResponses.Add(tokenExchangeResponse); } } return(tokenExchangeResponses); } } return(null); }