public OAuthBearerAuthenticationProvider(OAuthSiteInfo site)
{
OnRequestToken = context => HandleOnRequestToken(context, site);
OnApplyChallenge = context => HandleOnApplyChallenge(context, site);
OnValidateIdentity = HandleOnValidateIdentity;
_identityHelper = new IdentityHelper();
if (!_isHttpClientInitialized)
{
lock (_httpClientLock)
{
if (!_isHttpClientInitialized)
{
HttpClient.BaseAddress = new Uri(site.AuthorityUri.WithPostfix('/'));
HttpClient.DefaultRequestHeaders.Clear();
HttpClient.DefaultRequestHeaders.Accept.Clear();
HttpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
Type thisType = GetType();
HttpClient.DefaultRequestHeaders.UserAgent.Clear();
HttpClient.DefaultRequestHeaders.UserAgent.Add(
new ProductInfoHeaderValue(
thisType.FullName,
thisType.Assembly.GetName().Version.ToString()));
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
_isHttpClientInitialized = true;
}
}
}
}
public RefreshTokenResult RefreshToken(OAuthSiteInfo site)
{
RefreshTokenResult result = null;
ClaimsPrincipal claimsPrincipal = _identityHelper.GetCurrentClaimsPrincipal();
string refreshToken = claimsPrincipal?.Claims?.FirstOrDefault(c => c.Type == OAuthRefreshTokenClaimType)
?.Value;
if (!string.IsNullOrWhiteSpace(refreshToken))
{
HttpResponseMessage response;
using (HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, "token"))
{
request.Content = new FormUrlEncodedContent(new OAuthRefreshTokenRequest(site, refreshToken).ToDictionary());
response = HttpClient.SendAsync(request).Result;
}
if (response.IsSuccessStatusCode)
{
OAuthToken token = response.Content.ReadAsAsync <OAuthToken>().Result;
_identityHelper.UpdateClaim(new Claim(OAuthAccessTokenClaimType, token.Access_Token));
_identityHelper.UpdateClaim(new Claim(OAuthExpiresInClaimType, token.Expires_In));
_identityHelper.UpdateClaim(new Claim(OAuthRefreshTokenClaimType, token.Refresh_Token));
result = new RefreshTokenResult {
AccessToken = token.Access_Token, ExpiresIn = token.Expires_In
};
}
else
{
Log.Error($"OAuth Authority responded with an error code: {response.Content.ReadAsStringAsync().Result}", this);
}
}
return(result);
}
internal OAuthBearerAuthenticationProvider(OAuthSiteInfo site, IIdentityHelper helper, HttpClient client)
{
OnRequestToken = context => HandleOnRequestToken(context, site);
OnApplyChallenge = context => HandleOnApplyChallenge(context, site);
OnValidateIdentity = HandleOnValidateIdentity;
_identityHelper = helper;
_httpClient = client;
}
public OAuthRefreshTokenRequest(OAuthSiteInfo site, string refreshToken)
{
Client_Id = site.ClientId;
Client_Secret = site.ClientSecret;
Redirect_Uri = site.RedirectUri;
Grant_Type = "refresh_token";
Refresh_Token = refreshToken;
}
public OAuthAuthorizationTokenRequest(OAuthSiteInfo site, string code)
{
Client_Id = site.ClientId;
Client_Secret = site.ClientSecret;
Redirect_Uri = site.RedirectUri;
Grant_Type = "authorization_code";
Code = code;
}
private static OAuthBearerAuthenticationOptions CreateOptionsFromSiteInfo(OAuthSiteInfo site)
{
OAuthBearerAuthenticationOptions result = new OAuthBearerAuthenticationOptions();
result.AccessTokenProvider = new OAuthBearerAuthenticationTokenProvider();
result.Provider = new OAuthBearerAuthenticationProvider(site);
return(result);
}
private static Task HandleOnApplyChallenge(
OAuthChallengeContext context,
OAuthSiteInfo site)
{
UriBuilder authorizeUri = new UriBuilder(new Uri(new Uri(site.AuthorityUri.WithPostfix('/')), "authorize"));
NameValueCollection query =
new NameValueCollection(5)
{
{ "client_id", site.ClientId },
{ "redirect_uri", site.RedirectUri },
{ "response_type", "code" },
{ "scope", site.Scope },
{ "locale", Context.Language.CultureInfo.Name }
};
authorizeUri.Query = query.ToQueryString();
context.Response.Redirect(authorizeUri.ToString());
return(Task.CompletedTask);
}
private Task HandleOnRequestToken(
OAuthRequestTokenContext context,
OAuthSiteInfo site)
{
string authcode = context.Request.Query.Get("code");
ClaimsIdentity identity = _identityHelper.GetCurrentClaimsPrincipal()?.Identity as ClaimsIdentity;
if (identity?.IsAuthenticated ?? false)
{
context.Token = identity.Claims.FirstOrDefault(c => c.Type == OAuthAccessTokenClaimType)?.Value;
}
else if (context.Request.Path.ToString().Contains("/login") && !string.IsNullOrWhiteSpace(authcode))
{
OAuthToken token = ExchangeAuthorizationCode(new OAuthAuthorizationTokenRequest(site, authcode));
context.Token = token?.Access_Token;
context.OwinContext.Set(OAuthAuthentication.OAuthOwinContextKey, token?.ToClaimsIdentity());
}
else
{
// No method to retrieve token, either anonymous request or challenge will be thrown
}
return(Task.CompletedTask);
}