public MessageStructures(SVX.Entity idpPrincipal) { authorizationRequest = new SVX.MessageStructure <AuthorizationRequest> { BrowserOnly = true }; authorizationRequest.AddSecret(nameof(AuthorizationRequest.state), (msg) => new SVX.Principal[] { GenericAuth.GenericAuthStandards.GetUrlTargetPrincipal(msg.redirect_uri) }); authorizationResponse = new SVX.MessageStructure <AuthorizationResponse> { BrowserOnly = true }; authorizationResponse.AddSecret(nameof(AuthorizationResponse.state), (msg) => new SVX.Principal[] { }); authorizationResponse.AddSecret(nameof(AuthorizationResponse.code), (msg) => new SVX.Principal[] { idpPrincipal }); accessTokenRequest = new SVX.MessageStructure <AccessTokenRequest>(); accessTokenRequest.AddSecret(nameof(AccessTokenRequest.code), (msg) => new SVX.Principal[] { }); accessTokenResponse = new SVX.MessageStructure <AccessTokenResponse>(); userProfileRequest = new SVX.MessageStructure <UserProfileRequest>(); userProfileResponse = new SVX.MessageStructure <UserProfileResponse>(); }
public Weibo_RP(SVX.Entity rpPrincipal, string client_id1 = null, string redierct_uri1 = null, string client_secret1 = null, string AuthorizationEndpointUrl1 = null, string TokenEndpointUrl1 = null, string UserProfileUrl1 = null, string stateKey = null) : base(rpPrincipal, client_id1, redierct_uri1, client_secret1, AuthorizationEndpointUrl1, TokenEndpointUrl1, stateKey) { UserProfileUrl = UserProfileUrl1; }
// This will automatically set an agent cookie if the client did not // pass one. Call it only once on a given HttpContext, because it // isn't smart enough to check if there's already a Set-Cookie. public SVAuthRequestContext(SVX.Entity serverPrincipal, HttpContext httpContext) { http = httpContext; string sessionId; if (!httpContext.Request.Cookies.TryGetValue(cookieName, out sessionId)) { sessionId = SVX.Utils.RandomIdString(); httpContext.Response.Headers.Add("Set-Cookie", $"{cookieName}={sessionId}; path=/"); } // Arguably it would be better design to start with the public // session ID and compute the session cookie as an HMAC, but // this is a little easier. string publicSessionId = Utils.Digest(sessionId); channel = SVX.Channel.Of(serverPrincipal, publicSessionId); }
// Why are the parameters optional? I don't see how this class can work without them. ~ REDACTED 2016-05-31 public Client(SVX.Entity rpPrincipal, string client_id1 = null, string redierct_uri1 = null, string client_secret1 = null, string AuthorizationEndpointUrl1 = null, string TokenEndpointUrl1 = null, string stateKey = null) : base(rpPrincipal) { // Give this a valid value in the vProgram. FIXME: Doing observably // different things in the vProgram is unsound if we aren't careful // and poor practice in general. Once SVX supports passing // configuration other than just a principal, use that instead. if (redierct_uri1 == null) { redierct_uri1 = $"https://{rpPrincipal.name}/dummy"; } // Ditto for client_id. if (client_id1 == null) { client_id1 = "dummy:" + rpPrincipal.name; } client_id = client_id1; redirect_uri = redierct_uri1; client_secret = client_secret1; AuthorizationEndpointUrl = AuthorizationEndpointUrl1; TokenEndpointUrl = TokenEndpointUrl1; // This will allow the state to be exported in prod and will be // reached in the vProgram to know that the redirect_uri principal // is a trusted server. SVX.VProgram_API.AssumeActsFor(GenericAuth.GenericAuthStandards.GetUrlTargetPrincipal(redirect_uri), rpPrincipal); SVX.VProgram_API.AssumeActsFor(OAuth20Standards.OAuthClientIDPrincipal(idpParticipantId.principal, client_id), rpPrincipal); stateGenerator = new StateGenerator(rpPrincipal, stateKey); }
public Weibo_IdP(SVX.Entity idpPrincipal) : base(idpPrincipal) { Contract.Assert(idpPrincipal == WeiboPrincipal); }
public MicrosoftAzureAD_RP(SVX.Entity rpPrincipal, string client_id1 = null, string redierct_uri1 = null, string client_secret1 = null, string AuthorizationEndpointUrl1 = null, string TokenEndpointUrl1 = null, string stateKey = null) : base(rpPrincipal, client_id1, redierct_uri1, client_secret1, AuthorizationEndpointUrl1, TokenEndpointUrl1, stateKey) { }
public Facebook_IdP(SVX.Entity idpPrincipal) : base(idpPrincipal) { // We only support facebookPrincipal. Contract.Assert(idpPrincipal == facebookPrincipal); }
public RP(SVX.Entity rpPrincipal) : base(rpPrincipal) { }
public bool Ghost_CheckSignedIn(SVX.Entity browser, string userID) => BrowserOwnedBy.Check(browser, userID);
public AS(SVX.Entity asPrincipal) : base(asPrincipal) { }
// We need this several places (model IdPs and secret generators that // the vProgram instantiates independently), so see how long we can get // away with just standardizing it rather than finding a way to call the // correct implementation in each place. public static SVX.Entity GetIdPUserPrincipal(SVX.Entity idpPrincipal, string userID) => SVX.Entity.Of(idpPrincipal.name + ":" + userID);
public ModelAuthorizationServer(SVX.Entity idpPrincipal) : base(idpPrincipal) { // Initialization order restriction authorizationCodeGenerator = new AuthorizationCodeGenerator(SVX_Principal); }
// Since this isn't a MessagePayloadSecretGenerator used with "verify on // import", we don't have to worry about it having a default constructor // for the time being, so we can do this, which leaves a little less // boilerplate in concrete model IdPs than subclassing // AuthorizationCodeGenerator and overriding a propertly. public AuthorizationCodeGenerator(SVX.Entity idpPrincipal) { this.idpPrincipal = idpPrincipal; }
public static SVX.Entity OAuthClientIDPrincipal(SVX.Entity idpPrincipal, string clientID) => SVX.Entity.Of(idpPrincipal.name + ":" + clientID);
// TODO: Get the key lazily once SVX supports the "prod context". internal StateGenerator(SVX.Entity rpPrincipal, string key) { this.rpPrincipal = rpPrincipal; this.key = key; }