protected virtual string BuildChallengeUrl(AuthenticationProperties properties, string redirectUrl)
{
var bytes = new byte[16];
RandomNumberGenerator.Fill(bytes);
var nonce = Base64UrlTextEncoder.Encode(bytes);
properties.Items.Add("nonce", nonce);
string payload = Convert.ToBase64String(Encoding.UTF8.GetBytes($"nonce={nonce}&return_sso_url={redirectUrl}?returnUrl={properties.RedirectUri}"));
using var sha256mac = new HMACSHA256(Encoding.UTF8.GetBytes(Options.AuthenticationSecret));
var challengeBytes = sha256mac.ComputeHash(Encoding.UTF8.GetBytes(payload));
var codeChallenge = BitConverter.ToString(challengeBytes).Replace("-", "").ToLower();
var parameters = new Dictionary <string, string>
{
{ "sso", Uri.EscapeUriString(payload) },
{ "sig", codeChallenge },
};
Response.Cookies.Append("StateCookie", Options.StateDataFormat.Protect(properties));
return(QueryHelpers.AddQueryString(Options.AuthorizationEndpoint, parameters));
}
public void DataOfVariousLengthRoundTripCorrectly()
{
for (int length = 0; length != 256; ++length)
{
var data = new byte[length];
for (int index = 0; index != length; ++index)
{
data[index] = (byte)(5 + length + (index * 23));
}
string text = Base64UrlTextEncoder.Encode(data);
byte[] result = Base64UrlTextEncoder.Decode(text);
for (int index = 0; index != length; ++index)
{
Assert.Equal(data[index], result[index]);
}
}
}