public async Task<InteractionResponse> ProcessInteractionAsync(ValidatedAuthorizeRequest request, ConsentResponse consent = null) { var result = await ProcessLoginAsync(request); if (result.IsLogin || result.IsError) { return result; } return await ProcessConsentAsync(request, consent); }
public ConsentResult(string requestId, ConsentResponse response) { _requestId = requestId; _response = response; }
async Task CreateConsentResponse(HttpContext ctx) { if (ConsentResponse != null) { var interaction = ctx.RequestServices.GetRequiredService<ConsentInteraction>(); await interaction.ProcessResponseAsync(ctx.Request.Query["id"].First(), ConsentResponse); ConsentResponse = null; } }
public async Task ProcessConsentAsync_AllowConsentSelected_SavesConsent() { RequiresConsent(true); var client = new Client { AllowRememberConsent = true }; var user = new ClaimsPrincipal(); var request = new ValidatedAuthorizeRequest() { ResponseMode = OidcConstants.ResponseModes.Fragment, State = "12345", RedirectUri = "https://client.com/callback", ValidatedScopes = new ScopeValidator(new InMemoryScopeStore(GetScopes()), new FakeLoggerFactory()), Client = client, Subject = user }; await request.ValidatedScopes.AreScopesValidAsync(new string[] { "read", "write" }); var consent = new ConsentResponse { RememberConsent = true, ScopesConsented = new string[] { "read" } }; var result = _subject.ProcessConsentAsync(request, consent).Result; AssertUpdateConsentCalled(client, user, "read"); }
public async Task ProcessConsentAsync_PromptModeConsent_ConsentGranted_ScopesSelected_ReturnsConsentResult() { RequiresConsent(true); var request = new ValidatedAuthorizeRequest() { ResponseMode = OidcConstants.ResponseModes.Fragment, State = "12345", RedirectUri = "https://client.com/callback", ValidatedScopes = new ScopeValidator(new InMemoryScopeStore(GetScopes()), new FakeLoggerFactory()), Client = new Client { AllowRememberConsent = false } }; await request.ValidatedScopes.AreScopesValidAsync(new string[] { "read", "write" }); var consent = new ConsentResponse { RememberConsent = false, ScopesConsented = new string[] { "read" } }; var result = _subject.ProcessConsentAsync(request, consent).Result; request.ValidatedScopes.GrantedScopes.Count.Should().Be(1); "read".Should().Be(request.ValidatedScopes.GrantedScopes.First().Name); request.WasConsentShown.Should().BeTrue(); result.IsConsent.Should().BeFalse(); AssertUpdateConsentNotCalled(); }
public void ProcessConsentAsync_NoPromptMode_ConsentServiceRequiresConsent_ConsentGrantedButMissingRequiredScopes_ReturnsErrorResult() { RequiresConsent(true); var client = new Client {}; var scopeValidator = new ScopeValidator(new InMemoryScopeStore(GetScopes()), new FakeLoggerFactory()); var request = new ValidatedAuthorizeRequest() { ResponseMode = OidcConstants.ResponseModes.Fragment, State = "12345", RedirectUri = "https://client.com/callback", RequestedScopes = new List<string> { "openid", "read" }, ValidatedScopes = scopeValidator, Client = client }; var valid = scopeValidator.AreScopesValidAsync(request.RequestedScopes).Result; var consent = new ConsentResponse { RememberConsent = false, ScopesConsented = new string[] { "read" } }; var result = _subject.ProcessConsentAsync(request, consent).Result; result.IsError.Should().BeTrue(); result.Error.ErrorType.Should().Be(ErrorTypes.Client); result.Error.Error.Should().Be(OidcConstants.AuthorizeErrors.AccessDenied); AssertErrorReturnsRequestValues(result.Error, request); AssertUpdateConsentNotCalled(); }
public void ProcessConsentAsync_NoPromptMode_ConsentServiceRequiresConsent_ConsentNotGranted_ReturnsErrorResult() { RequiresConsent(true); var request = new ValidatedAuthorizeRequest() { ResponseMode = OidcConstants.ResponseModes.Fragment, State = "12345", RedirectUri = "https://client.com/callback", }; var consent = new ConsentResponse { RememberConsent = false, ScopesConsented = new string[] {} }; var result = _subject.ProcessConsentAsync(request, consent).Result; request.WasConsentShown.Should().BeTrue(); result.IsError.Should().BeTrue(); result.Error.ErrorType.Should().Be(ErrorTypes.Client); result.Error.Error.Should().Be(OidcConstants.AuthorizeErrors.AccessDenied); AssertErrorReturnsRequestValues(result.Error, request); AssertUpdateConsentNotCalled(); }
public Task<InteractionResponse> ProcessInteractionAsync(ValidatedAuthorizeRequest request, ConsentResponse consent = null) { return Task.FromResult(Response); }
internal async Task<IEndpointResult> ProcessAuthorizeRequestAsync(NameValueCollection parameters, ClaimsPrincipal user, ConsentResponse consent) { if (user != null) { _logger.LogTrace("User in authorize request: name:{0}, sub:{1}", user.GetName(), user.GetSubjectId()); } else { _logger.LogTrace("No user present in authorize request"); } // validate request var result = await _validator.ValidateAsync(parameters, user); if (result.IsError) { return await ErrorPageAsync( result.ErrorType, result.Error, result.ValidatedRequest); } var request = result.ValidatedRequest; // determine user interaction var interactionResult = await _interactionGenerator.ProcessInteractionAsync(request, consent); if (interactionResult.IsError) { return await ErrorPageAsync( interactionResult.Error.ErrorType, interactionResult.Error.Error, request); } if (interactionResult.IsLogin) { return await LoginPageAsync(request); } if (interactionResult.IsConsent) { return await ConsentPageAsync(request); } // issue response return await SuccessfulAuthorizationAsync(request); }
internal async Task<InteractionResponse> ProcessConsentAsync(ValidatedAuthorizeRequest request, ConsentResponse consent = null) { if (request == null) throw new ArgumentNullException("request"); if (request.PromptMode != null && request.PromptMode != OidcConstants.PromptModes.None && request.PromptMode != OidcConstants.PromptModes.Consent) { throw new ArgumentException("Invalid PromptMode"); } var consentRequired = await _consent.RequiresConsentAsync(request.Client, request.Subject, request.RequestedScopes); if (consentRequired && request.PromptMode == OidcConstants.PromptModes.None) { _logger.LogInformation("Prompt=none requested, but consent is required."); return new InteractionResponse { Error = new AuthorizeError { ErrorType = ErrorTypes.Client, Error = OidcConstants.AuthorizeErrors.ConsentRequired, ResponseMode = request.ResponseMode, ErrorUri = request.RedirectUri, State = request.State } }; } if (request.PromptMode == OidcConstants.PromptModes.Consent || consentRequired) { var response = new InteractionResponse(); // did user provide consent if (consent == null) { // user was not yet shown conset screen response.IsConsent = true; } else { request.WasConsentShown = true; // user was shown consent -- did they say yes or no if (consent.Granted == false) { // no need to show consent screen again // build access denied error to return to client response.Error = new AuthorizeError { ErrorType = ErrorTypes.Client, Error = OidcConstants.AuthorizeErrors.AccessDenied, ResponseMode = request.ResponseMode, ErrorUri = request.RedirectUri, State = request.State }; } else { // double check that required scopes are in the list of consented scopes var valid = request.ValidatedScopes.ValidateRequiredScopes(consent.ScopesConsented); if (valid == false) { response.Error = new AuthorizeError { ErrorType = ErrorTypes.Client, Error = OidcConstants.AuthorizeErrors.AccessDenied, ResponseMode = request.ResponseMode, ErrorUri = request.RedirectUri, State = request.State }; } else { // they said yes, set scopes they chose request.ValidatedScopes.SetConsentedScopes(consent.ScopesConsented); if (request.Client.AllowRememberConsent) { // remember consent var scopes = Enumerable.Empty<string>(); if (consent.RememberConsent) { // remember what user actually selected scopes = request.ValidatedScopes.GrantedScopes.Select(x => x.Name); } await _consent.UpdateConsentAsync(request.Client, request.Subject, scopes); } } } } return response; } return new InteractionResponse(); }