public async override Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context) { var formData = await context.Request.ReadFormAsync(); if (!formData.Any()) { context.Response.RenderEmbeddedResource("WispCloud.Templates.Files.OAuth2AuthorizationForm.html"); context.RequestCompleted(); return; } var login = formData["login"]; var password = formData["password"]; var user = context.GetWispContext().Data.Accounts.FirstOrDefault(x => x.Login == login && x.Active); Try.Condition(user != null && user.ComparePasword(password), "The user name or password is incorrect;"); var authentication = context.OwinContext.Authentication; authentication.SignOut(DefaultAuthenticationTypes.ExternalCookie); authentication.SignIn(GetBearerIdentity(user)); context.RequestCompleted(); return; }
/// <summary> /// /// </summary> /// <returns></returns> private void HandleImplicitGrant(OAuthAuthorizeEndpointContext context, OauClient client, string redirectUri) { var oAuthIdentity = new ClaimsIdentity("Bearer"); context.OwinContext.Authentication.SignIn(oAuthIdentity); context.RequestCompleted(); }
/// <summary> /// 生成授权码 /// 生成 authorization_code(authorization code 授权方式)、生成 access_token (implicit 授权模式) /// </summary> /// <param name="context"></param> /// <returns></returns> public override async Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context) { if (context.AuthorizeRequest.IsImplicitGrantType) { //implicit 授权方式(简化模式) var identity = new ClaimsIdentity("Bearer"); context.OwinContext.Authentication.SignIn(identity); context.RequestCompleted(); } else if (context.AuthorizeRequest.IsAuthorizationCodeGrantType) { //authorization code 授权方式(授权码) var redirectUri = context.Request.Query["redirect_uri"]; var clientId = context.Request.Query["client_id"]; var identity = new ClaimsIdentity(new GenericIdentity(clientId, OAuthDefaults.AuthenticationType)); var authorizeCodeContext = new AuthenticationTokenCreateContext( context.OwinContext, context.Options.AuthorizationCodeFormat, new AuthenticationTicket( identity, new AuthenticationProperties(new Dictionary <string, string> { { "client_id", clientId }, { "redirect_uri", redirectUri } }) { IssuedUtc = DateTimeOffset.UtcNow, ExpiresUtc = DateTimeOffset.UtcNow.Add(context.Options.AuthorizationCodeExpireTimeSpan) })); await context.Options.AuthorizationCodeProvider.CreateAsync(authorizeCodeContext); context.Response.Redirect(redirectUri + "?Code=" + Uri.EscapeDataString(authorizeCodeContext.Token)); context.RequestCompleted(); } }
public override Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context) { context.RequestCompleted(); return(Task.FromResult(0)); //return base.AuthorizeEndpoint(context); }
// /oauth/authorize public override async Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context) { if (context.Request.User != null && context.Request.User.Identity.IsAuthenticated) { // si l'utilisateur est loggé, // on crée un ticket d'authent, on crée un authorization code et on fait le redirect var redirectUri = context.Request.Query["redirect_uri"]; var clientId = context.Request.Query["client_id"]; var authorizeCodeContext = new Microsoft.Owin.Security.Infrastructure.AuthenticationTokenCreateContext(context.OwinContext, context.Options.AuthorizationCodeFormat, new Microsoft.Owin.Security.AuthenticationTicket((ClaimsIdentity)context.Request.User.Identity, new Microsoft.Owin.Security.AuthenticationProperties(new Dictionary <string, string> { { "client_id", clientId }, { "redirect_uri", redirectUri } }) { IssuedUtc = DateTimeOffset.UtcNow, ExpiresUtc = DateTimeOffset.UtcNow.Add(context.Options.AuthorizationCodeExpireTimeSpan) })); await context.Options.AuthorizationCodeProvider.CreateAsync(authorizeCodeContext); // clear cookies var cookies = context.Request.Cookies.ToList(); foreach (var c in cookies) { context.Response.Cookies.Delete(c.Key, new Microsoft.Owin.CookieOptions()); } context.Response.Redirect(redirectUri + "?code=" + Uri.EscapeDataString(authorizeCodeContext.Token)); } else { // si on n'est pas loggé, on redirige vers la page de login context.Response.Redirect("/account/login?returnUrl=" + Uri.EscapeDataString(context.Request.Uri.ToString())); } context.RequestCompleted(); }
/// <summary> /// 第四步:完成认证,跳转到重定向URI /// </summary> /// <param name="context"></param> /// <returns></returns> public override async Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context) { var redirectUri = context.AuthorizeRequest.RedirectUri; var clientId = context.AuthorizeRequest.ClientId; var identity = new ClaimsIdentity(new GenericIdentity(clientId, OAuthDefaults.AuthenticationType)); var authorizeCodeContext = new AuthenticationTokenCreateContext( context.OwinContext, context.Options.AuthorizationCodeFormat, new AuthenticationTicket(identity, new AuthenticationProperties(new Dictionary <string, string> { { "client_id", clientId }, { "redirect_uri", redirectUri } }) { IssuedUtc = DateTimeOffset.UtcNow, ExpiresUtc = DateTimeOffset.UtcNow.Add(context.Options.AuthorizationCodeExpireTimeSpan) }) ); await context.Options.AuthorizationCodeProvider.CreateAsync(authorizeCodeContext); //为了测试方便,直接打印出code context.Response.Write(Uri.EscapeDataString(authorizeCodeContext.Token)); //正常使用时是把code加在重定向网址后面 //context.Response.Redirect(redirectUri + "?code=" + Uri.EscapeDataString(authorizeCodeContext.Token)); context.RequestCompleted(); }
public override Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context) { if (context.AuthorizeRequest.IsImplicitGrantType) { //implicit 授權方式 var identity = new ClaimsIdentity("Bearer"); context.OwinContext.Authentication.SignIn(identity); context.RequestCompleted(); } return(Task.FromResult <object>(null)); }
/// <summary> /// Called at the final stage of an incoming Authorize endpoint request before the execution continues on to the web application component /// responsible for producing the html response. Anything present in the OWIN pipeline following the Authorization Server may produce the /// response for the Authorize page. If running on IIS any ASP.NET technology running on the server may produce the response for the /// Authorize page. If the web application wishes to produce the response directly in the AuthorizeEndpoint call it may write to the /// context.Response directly and should call context.RequestCompleted to stop other handlers from executing. If the web application wishes /// to grant the authorization directly in the AuthorizeEndpoint call it cay call context.OwinContext.Authentication.SignIn with the /// appropriate ClaimsIdentity and should call context.RequestCompleted to stop other handlers from executing. /// </summary> /// <param name="context">The context of the event carries information in and results out.</param> /// <returns>Task to enable asynchronous execution</returns> public override async Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context) { //string uri = context.Request.Uri.ToString(); //string rawJwt = await TryGetRawJwtTokenAsync(context); //if (string.IsNullOrWhiteSpace(rawJwt)) //{ // context.OwinContext.Authentication.Challenge(new AuthenticationProperties { RedirectUri = uri }); // return; //} //var tokenValidator = new TokenValidator(); //ClaimsPrincipal principal = tokenValidator.Validate(rawJwt, _options.JwtOptions); //if (!principal.Identity.IsAuthenticated) //{ // Error(context, OAuthImplicitFlowError.AccessDenied, "unauthorized user, unauthenticated"); // return; //} //ClaimsIdentity claimsIdentity = await _options.TransformPrincipal(principal); //if (!claimsIdentity.Claims.Any()) //{ // Error(context, OAuthImplicitFlowError.AccessDenied, "unauthorized user"); // return; //} //ConsentAnswer consentAnswer = await TryGetConsentAnswerAsync(context.Request); //if (consentAnswer == ConsentAnswer.Rejected) //{ // Error(context, OAuthImplicitFlowError.AccessDenied, "resource owner denied request"); // return; //} //if (consentAnswer == ConsentAnswer.Missing) //{ // Error(context, OAuthImplicitFlowError.ServerError, // "missing consent answer"); // return; //} //if (!(consentAnswer == ConsentAnswer.Accepted || consentAnswer == ConsentAnswer.Implicit)) //{ // Error(context, OAuthImplicitFlowError.ServerError, // string.Format("invalid consent answer '{0}'", consentAnswer.Display)); // return; //} await base.AuthorizeEndpoint(context); }
public override async Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context) { var authentication = context.OwinContext.Authentication; var ticket = authentication.AuthenticateAsync("Application").Result; ClaimsIdentity identity = ticket != null ? ticket.Identity : null; if (identity == null) { authentication.Challenge("Application"); //return Task.FromResult(0); } if (context.AuthorizeRequest.IsImplicitGrantType) { var identity1 = new ClaimsIdentity(context.Options.AuthenticationType); context.OwinContext.Authentication.SignIn(identity1); context.RequestCompleted(); } else if (context.AuthorizeRequest.IsAuthorizationCodeGrantType) { var redirectUri = context.Request.Query["redirect_uri"]; var clientId = context.Request.Query["client_id"]; var identity3 = new ClaimsIdentity(new GenericIdentity( clientId, OAuthDefaults.AuthenticationType)); var authorizeCodeContext = new AuthenticationTokenCreateContext( context.OwinContext, context.Options.AuthorizationCodeFormat, new AuthenticationTicket( identity, new AuthenticationProperties(new Dictionary <string, string> { { "client_id", clientId }, { "redirect_uri", redirectUri } }) { IssuedUtc = DateTimeOffset.UtcNow, ExpiresUtc = DateTimeOffset.UtcNow.Add(context.Options.AuthorizationCodeExpireTimeSpan) })); await context.Options.AuthorizationCodeProvider.CreateAsync(authorizeCodeContext); context.Response.Redirect(redirectUri + "?code=" + "Uri.EscapeDataString(authorizeCodeContext.Token)"); context.RequestCompleted(); } //return Task.FromResult<object>(null); }
/// <summary> /// AuthorizationCode and ImplicitGrantType /// </summary> /// <param name="context"></param> /// <returns></returns> public override async Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context) { var owinContext = context.OwinContext; context.OwinContext.Set(_asResponseType, context.AuthorizeRequest.ResponseType); if (context.Request.User?.Identity != null && context.Request.User.Identity.IsAuthenticated) { var userService = EngineContext.Current.Resolve <UserService>(); var user = userService.GetUserByName((context.Request.User.Identity.Name)); if (user == null) { return; } var clientID = context.AuthorizeRequest.ClientId; var isTemporaryAuthorization = TicketStore.Remove("TemporaryAuthorization" + clientID + "$" + user.UserID.ToString()); //可信应用不需要用户授权 if (!isTemporaryAuthorization && !context.OwinContext.Get <App>(_asClientData).IsCredible) { return; } ClaimsIdentity oAuthIdentity = ClaimsIdentityCreate.GenerateUserIdentity(user, OAuthDefaults.AuthenticationType); if (context.AuthorizeRequest.Scope.Any(t => t.Equals(_scopeAll, StringComparison.OrdinalIgnoreCase))) { oAuthIdentity.AddRole(RoleConfig.AppUserAllRole); } else { oAuthIdentity.AddRole(RoleConfig.AppUserBaseRole); } context.OwinContext.Set(_asClientID, clientID); context.OwinContext.Set(_asUserID, user.UserID.ToString()); context.OwinContext.Set(_asUserName, user.Name); AuthenticationProperties properties = CreateProperties(user.Name); properties.RedirectUri = context.AuthorizeRequest.RedirectUri; AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); owinContext.Authentication.SignIn(oAuthIdentity); context.RequestCompleted(); } await base.AuthorizeEndpoint(context); }
/// <summary> /// 生成 authorization_code(authorization code 授权方式)、生成 access_token (implicit 授权模式) /// </summary> public override async Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context) { if (context.AuthorizeRequest.IsImplicitGrantType) { //implicit 授权方式 var identity = new ClaimsIdentity("Bearer"); context.OwinContext.Authentication.SignIn(identity); context.RequestCompleted(); } else if (context.AuthorizeRequest.IsAuthorizationCodeGrantType) { //authorization code 授权方式 var state = context.Request.Query["state"] ?? string.Empty; var redirectUri = context.Request.Query["redirect_uri"] ?? "/code"; var clientId = context.Request.Query["client_id"]; var identity = new ClaimsIdentity(new GenericIdentity( clientId, OAuthDefaults.AuthenticationType)); var authorizeCodeContext = new AuthenticationTokenCreateContext( context.OwinContext, context.Options.AuthorizationCodeFormat, new AuthenticationTicket( identity, new AuthenticationProperties(new Dictionary <string, string> { { "client_id", clientId }, { "redirect_uri", redirectUri } }) { IssuedUtc = DateTimeOffset.UtcNow, ExpiresUtc = DateTimeOffset.UtcNow.Add(context.Options.AuthorizationCodeExpireTimeSpan) })); await context.Options.AuthorizationCodeProvider.CreateAsync(authorizeCodeContext); var url = redirectUri + "?code=" + authorizeCodeContext.Token; if (!string.IsNullOrWhiteSpace(state)) { url += $"&state={state}"; } context.Response.Redirect(url); context.RequestCompleted(); } }
public override async Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context) { if (context.AuthorizeRequest.IsAuthorizationCodeGrantType) { if (!HttpContext.Current.Request.IsAuthenticated) { context.OwinContext.Authentication.Challenge(DefaultAuthenticationTypes.ApplicationCookie); } else { var redirectUri = context.AuthorizeRequest.RedirectUri; var clientId = context.AuthorizeRequest.ClientId; var state = context.AuthorizeRequest.State; var sb = new StringBuilder(); foreach (var scope in context.AuthorizeRequest.Scope) { sb.Append($"{scope},"); } var scopes = sb.ToString().Trim(','); var identity = context.Request.User.Identity as ClaimsIdentity; var client = await _clientManager.FindClientByIdAsync(clientId).ConfigureAwait(false); var authorisationCodeContext = new AuthenticationTokenCreateContext(context.OwinContext, context.Options.AuthorizationCodeFormat, new AuthenticationTicket(identity, new AuthenticationProperties(new Dictionary <string, string> { { "client_id", clientId }, { "redirect_uri", redirectUri }, { "response_type", context.AuthorizeRequest.ResponseType }, { "state", state }, { "user_id", identity.GetUserId() }, { "scopes", scopes } }) { IssuedUtc = DateTimeOffset.Now, ExpiresUtc = DateTimeOffset.Now.Add(context.Options.AuthorizationCodeExpireTimeSpan) })); await context.Options.AuthorizationCodeProvider.CreateAsync(authorisationCodeContext); AuthenticateClient(context.OwinContext, identity, client); } } }
/// <summary> /// /// </summary> /// <param name="context"></param> /// <param name="client"></param> /// <param name="redirectUri"></param> /// <returns></returns> private async Task HandleAuthorizationCodeGrant(OAuthAuthorizeEndpointContext context , OauClient client, string redirectUri) { #region Settin Token context.OwinContext.Set(OAuthKeys.ClientId, client.AppId); context.OwinContext.Set(OAuthKeys.Prefix + "client_secret", client.AppSecret); var oAuthIdentity = new ClaimsIdentity(context.Options.AuthenticationType); oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, Guid.NewGuid().ToString("n"))); var oauthProps = new AuthenticationProperties(new Dictionary <string, string> { { OAuthKeys.AuthPropClientId, client.AppId } }) { // Gets or sets the time at which the authentication ticket was issued. IssuedUtc = DateTime.UtcNow, // Gets or sets the time at which the authentication ticket expires. ExpiresUtc = DateTime.UtcNow.AddMinutes(client.RefreshTokenLifeTime), // Gets or sets the full path or absolute URI to be used as an http redirect response RedirectUri = redirectUri }; //替换此上下文中的票据信息,并将其标记为已验证 var ticket = new AuthenticationTicket(oAuthIdentity, oauthProps); var authorizeCodeContext = new AuthenticationTokenCreateContext( context.OwinContext, context.Options.AuthorizationCodeFormat, ticket); await context.Options.AuthorizationCodeProvider.CreateAsync(authorizeCodeContext); #endregion Setting Token string token = authorizeCodeContext.Token ?? string.Empty; //由于获取的token与设置的token不一致 //string token = authorizeCodeContext.OwinContext.Get<string>(OAuthKeys.AuthorizeCodeToken) ?? string.Empty; var url = redirectUri + "?code=" + Uri.EscapeDataString(token); logger.Debug("AuthorizeEndpoint,authorization_code,url:" + url); context.Response.Redirect(url); context.RequestCompleted(); }
async Task <string> TryGetRawJwtTokenAsync(OAuthAuthorizeEndpointContext context) { string jwt; if (context.Request.IsPost()) { IFormCollection formCollection = await context.Request.ReadFormAsync(); jwt = formCollection.Get(_options.JwtOptions.JwtTokenParameterName); } else if (context.Request.IsGet()) { jwt = context.Request.Query.Get(_options.JwtOptions.JwtTokenParameterName); } else { jwt = ""; } return(jwt); }
private async Task AuthEndPoint(OAuthAuthorizeEndpointContext context) { var authentication = context.OwinContext.Authentication; var userManager = context.OwinContext.GetUserManager <ApplicationUserManager>(); //if (authentication.AuthenticateAsync(DefaultAuthenticationTypes.ApplicationCookie).Result?.Identity == null) if (!context.Request.User.Identity.IsAuthenticated) { authentication.Challenge(DefaultAuthenticationTypes.ApplicationCookie); context.RequestCompleted(); return; } //Since we also do OAuth, we have to sign in the OAuth Identification Type as well var user = userManager.FindByName(context.Request.User?.Identity?.Name); ClaimsIdentity oAuthIdentity = await userManager.CreateIdentityAsync(user, OAuthDefaults.AuthenticationType); authentication.SignIn(oAuthIdentity); context.RequestCompleted(); return; }
/// <summary> /// 生成 authorization_code(authorization code 授权方式)、生成 access_token (implicit 授权模式) /// </summary> public override async Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context) { string redirectUri = string.Empty, clientId = string.Empty, clientSecret = string.Empty; IFormCollection formColls = await context.Request.ReadFormAsync(); //form类型的参数 if (formColls != null && formColls.Count() > 0) { redirectUri = formColls["redirect_uri"]; clientId = formColls["client_id"]; clientSecret = formColls["client_secret"]; } else { //url类型的参数 redirectUri = context.Request.Query["redirect_uri"]; clientId = context.Request.Query["client_id"]; clientSecret = context.Request.Query["client_secret"]; } OauClient client = Clients.ApiClients.FirstOrDefault(a => a.AppId == clientId && a.AppSecret == clientSecret); if (context.AuthorizeRequest.IsImplicitGrantType) { logger.Debug("AuthorizeEndpoint,implicit"); //implicit 授权方式 HandleImplicitGrant(context, client, redirectUri); } else if (context.AuthorizeRequest.IsAuthorizationCodeGrantType) { //authorization code 授权方式 if (client != null) { await HandleAuthorizationCodeGrant(context, client, redirectUri); } } }
void Error(OAuthAuthorizeEndpointContext context, OAuthImplicitFlowError error, string errorDescription) { var builder = new UriBuilder(context.AuthorizeRequest.RedirectUri); var fragmentBuilder = new StringBuilder(); fragmentBuilder.AppendFormat("error={0}", Uri.EscapeDataString(error.InvariantName)); if (!string.IsNullOrWhiteSpace(errorDescription)) { fragmentBuilder.AppendFormat("&error_description={0}", Uri.EscapeDataString(errorDescription)); } if (!string.IsNullOrWhiteSpace(context.AuthorizeRequest.State)) { fragmentBuilder.AppendFormat("&state={0}", Uri.EscapeDataString(context.AuthorizeRequest.State)); } builder.Fragment = fragmentBuilder.ToString(); string redirectUriWithFragments = builder.Uri.ToString(); context.Response.Redirect(redirectUriWithFragments); context.RequestCompleted(); }
/// <summary> /// 生成 authorization_code(authorization code 授权方式)、生成 access_token (implicit 授权模式) /// </summary> public override async Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context) { if (context.AuthorizeRequest.IsImplicitGrantType) { //implicit 授权方式 var identity = new ClaimsIdentity("Bearer"); context.OwinContext.Authentication.SignIn(identity); context.RequestCompleted(); } else if (context.AuthorizeRequest.IsAuthorizationCodeGrantType) { //authorization code 授权方式 var redirectUri = context.Request.Query["redirect_uri"]; var clientId = context.Request.Query["client_id"]; string hostId = context.Request.Query["hostId"] + ""; /* * 这儿添加了对应的账号密码,sessionId等信息,额外保存起来. * 其他传递的参数自行处理 */ string account = context.Request.Query["account"] + ""; string pwd = context.Request.Query["pwd"] + ""; string sessionId = context.Request.Query["sessionId"] + ""; var identity = new ClaimsIdentity(new GenericIdentity( clientId, OAuthDefaults.AuthenticationType)); var authorizeCodeContext = new AuthenticationTokenCreateContext( context.OwinContext, context.Options.AuthorizationCodeFormat, new AuthenticationTicket( identity, new AuthenticationProperties(new Dictionary <string, string> { { "client_id", clientId }, { "redirect_uri", redirectUri } }) { IssuedUtc = DateTimeOffset.UtcNow, ExpiresUtc = DateTimeOffset.UtcNow.Add(context.Options.AuthorizationCodeExpireTimeSpan) })); await context.Options.AuthorizationCodeProvider.CreateAsync(authorizeCodeContext); var ResUrl = redirectUri; if (redirectUri.Contains("?")) { ResUrl += "&code=" + Uri.EscapeDataString(authorizeCodeContext.Token); } else { ResUrl += "?code=" + Uri.EscapeDataString(authorizeCodeContext.Token); } string code = authorizeCodeContext.Token; CacheData.SetFirstAuthCache(code, new Models.FirstAuthCacheModel() { AccountId = account, ClientId = clientId, Password = pwd, SessionId = sessionId, SessionCacheTime = DateTime.Now, HostId = hostId }); context.Response.Redirect(ResUrl); context.RequestCompleted(); } }
/// <summary> /// 3 /// </summary> /// <param name="context"></param> /// <returns></returns> public override Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context) { return(base.AuthorizeEndpoint(context)); //这一步后去生成授权码,并作缓存 }
public Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context) { throw new NotImplementedException(); }
public override async Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context) { string uri = context.Request.Uri.ToString(); }
public override async Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context) { string uri = context.Request.Uri.ToString(); if (string.IsNullOrWhiteSpace(_options.JwtOptions.SupportedScope)) { Error(context, OAuthImplicitFlowError.ServerError, "no supported scope defined"); return; } if (!HasSupportedScope(context, _options.JwtOptions.SupportedScope)) { string errorDescription = string.Format("only {0} scope is supported", _options.JwtOptions.SupportedScope); Error(context, OAuthImplicitFlowError.Scope, errorDescription); return; } string rawJwt = await TryGetRawJwtTokenAsync(context); if (string.IsNullOrWhiteSpace(rawJwt)) { context.OwinContext.Authentication.Challenge(new AuthenticationProperties { RedirectUri = uri }); return; } var tokenValidator = new TokenValidator(); ClaimsPrincipal principal = tokenValidator.Validate(rawJwt, _options.JwtOptions); if (!principal.Identity.IsAuthenticated) { Error(context, OAuthImplicitFlowError.AccessDenied, "unauthorized user, unauthenticated"); return; } ClaimsIdentity claimsIdentity = await _options.TransformPrincipal(principal); if (!claimsIdentity.Claims.Any()) { Error(context, OAuthImplicitFlowError.AccessDenied, "unauthorized user"); return; } ConsentAnswer consentAnswer = await TryGetConsentAnswerAsync(context.Request); if (consentAnswer == ConsentAnswer.Rejected) { Error(context, OAuthImplicitFlowError.AccessDenied, "resource owner denied request"); return; } if (consentAnswer == ConsentAnswer.Missing) { Error(context, OAuthImplicitFlowError.ServerError, "missing consent answer"); return; } if (!(consentAnswer == ConsentAnswer.Accepted || consentAnswer == ConsentAnswer.Implicit)) { Error(context, OAuthImplicitFlowError.ServerError, string.Format("invalid consent answer '{0}'", consentAnswer.Display)); return; } string appJwtTokenAsBase64 = JwtTokenHelper.CreateSecurityTokenDescriptor(claimsIdentity.Claims, _options.JwtOptions) .CreateTokenAsBase64(); var builder = new UriBuilder(context.AuthorizeRequest.RedirectUri); const string tokenType = "bearer"; var fragmentStringBuilder = new StringBuilder(); fragmentStringBuilder.AppendFormat("access_token={0}&token_type={1}&state={2}&scope={3}", Uri.EscapeDataString(appJwtTokenAsBase64), Uri.EscapeDataString(tokenType), Uri.EscapeDataString(context.AuthorizeRequest.State ?? ""), Uri.EscapeDataString(_options.JwtOptions.SupportedScope)); if (consentAnswer == ConsentAnswer.Implicit) { fragmentStringBuilder.AppendFormat("&consent_type={0}", Uri.EscapeDataString(consentAnswer.Invariant)); } builder.Fragment = fragmentStringBuilder.ToString(); string redirectUri = builder.Uri.ToString(); context.Response.Redirect(redirectUri); context.RequestCompleted(); }
bool HasSupportedScope(OAuthAuthorizeEndpointContext context, string supportedScope) { return(!context.AuthorizeRequest.Scope.Any() || context.AuthorizeRequest.Scope.Any(scope => scope.Equals(supportedScope))); }
private async Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context) { await Task.FromResult(0); }
public override Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context) {
public override Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context) { return(base.AuthorizeEndpoint(context)); }
/** * * 第一次请求授权服务(获取 authorization_code),请求地址/authorize * 需要的参数: * grant_type:必选,授权模式,值为 "authorization_code"。 * response_type:必选,授权类型,值固定为 "code"。 * client_id:必选,客户端 ID。 * redirect_uri:必选,重定向 URI,URL 中会包含 authorization_code。 (关联到client 配置到数据库中) * scope:可选,申请的权限范围,比如微博授权服务值为 follow_app_official_microblog。 * state:可选,客户端的当前状态,可以指定任意值,授权服务器会原封不动地返回这个值,比如微博授权服务值为 weibo。 * * 第二次请求授权服务(获取 access_token),需要的参数: * grant_type:必选,授权模式,值为 "authorization_code"。 * code:必选,授权码,值为上面请求返回的 authorization_code。 * redirect_uri:必选,重定向 URI,必须和上面请求的 redirect_uri 值一样。 * client_id:必选,客户端 ID。 * * 第二次请求授权服务(获取 access_token),返回的参数: * access_token:访问令牌. * token_type:令牌类型,值一般为 "bearer"。 * expires_in:过期时间,单位为秒。 * refresh_token:更新令牌,用来获取下一次的访问令牌。 * scope:权限范围。 * **/ /// <summary> /// 生成code /// 此处只处理登录授权 /// </summary> public override async Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context) { await base.AuthorizeEndpoint(context); }