/// <summary> /// Get user information from the OP after user authentication /// </summary> /// <param name="url">The url to be used to retrieve user information</param> /// <param name="userInfoRequestMessage">The user info request message</param> /// <param name="accessToken">The access token obtain during authentication</param> /// <returns>The response message containing user information</returns> public OIDCUserInfoResponseMessage GetUserInfo(string url, OIDCUserInfoRequestMessage userInfoRequestMessage, string accessToken, string idTokenSub = null, bool bearer = true, string ClientSecret = null, List<OIDCKey> RPKeys = null) { WebRequest request; if (bearer) { request = WebRequest.Create(url); request.Headers.Add("Authorization", "Bearer " + accessToken); } else { request = WebRequest.Create(url + "?access_token=" + accessToken); } string returnedString = WebOperations.PostUrlContent(request, userInfoRequestMessage); string jsonToken = userInfoRequestMessage.CheckSignatureAndDecryptJWT(returnedString, null, ClientSecret, RPKeys); Dictionary<string, object> returnedJson = Deserializer.DeserializeFromJson<Dictionary<string, object>>(jsonToken); if (returnedJson.Keys.Contains("error")) { OIDCResponseError error = new OIDCResponseError(); error.DeserializeFromDictionary(returnedJson); throw new OIDCException("Error while asking for user info: " + error.Error + "\n" + error.ErrorDescription); } OIDCUserInfoResponseMessage userInfoResponse = new OIDCUserInfoResponseMessage(); userInfoResponse.DeserializeFromDictionary(returnedJson); if (idTokenSub != null && userInfoResponse.Sub != idTokenSub) { throw new OIDCException("Wrong sub in UserInfo, it does not match idToken's."); } return userInfoResponse; }
/// <summary> /// Method that performs a dynamic client registration with the OP server. /// </summary> /// <param name="RegistrationEndpoint">The URL of the OP describing the registration endpoint.</param> /// <param name="clientMetadata">The OIDCClientInformation object describing the client information to /// be submitted to the OP for registration.</param> /// <param name="TokenEndpointAuthMethod">(optional) the endpoint authentication method used to /// authenticate the client with the OP sever (if not specified using "client_secret_basic".</param> /// <returns>An oject describing all client information as returned by the OP server after /// registration.</returns> /// <exception cref="OpenIDClient.OIDCException">Thrown when an error occurs while registering /// the client with the OP.</exception> public OIDCClientInformation RegisterClient(string RegistrationEndpoint, OIDCClientInformation clientMetadata, string TokenEndpointAuthMethod = "client_secret_basic") { // Make registration request Dictionary<string, object> data = clientMetadata.SerializeToDictionary(); OIDCClientRegistrationRequest registrationRequest = new OIDCClientRegistrationRequest(); registrationRequest.DeserializeFromDictionary(data); // Check error and store client information from OP WebRequest request = WebRequest.Create(RegistrationEndpoint); string returnedString = WebOperations.PostUrlContent(request, registrationRequest, true); Dictionary<string, object> returnedJson = Deserializer.DeserializeFromJson<Dictionary<string, object>>(returnedString); if (returnedJson.Keys.Contains("error")) { OIDCResponseError error = new OIDCResponseError(); throw new OIDCException("Error while registering client: " + error.Error + "\n" + error.ErrorDescription); } OIDCClientInformation clientInformation = new OIDCClientInformation(); clientInformation.DeserializeFromDictionary(returnedJson); return clientInformation; }
/// <summary> /// Method that submits a tokn request to the OP. /// </summary> /// <param name="url">The URL to be used where to send the request</param> /// <param name="tokenRequestMessage">The token request message</param> /// <param name="clientInformation">The client information obtained from the OP</param> /// <returns>Returns the token response obtained from the OP</returns> public OIDCTokenResponseMessage SubmitTokenRequest(string url, OIDCTokenRequestMessage tokenRequestMessage, OIDCClientInformation clientInformation, byte[] privateKey = null) { WebRequest request = WebRequest.Create(url); OIDCAuthenticatedMessage message = tokenRequestMessage as OIDCAuthenticatedMessage; string grantType = clientInformation.TokenEndpointAuthMethod; AddClientAuthenticatedToRequest(ref request, ref message, grantType, clientInformation, privateKey); string returnedString = WebOperations.PostUrlContent(request, message); Dictionary<string, object> returnedJson = Deserializer.DeserializeFromJson<Dictionary<string, object>>(returnedString); if (returnedJson.Keys.Contains("error")) { OIDCResponseError error = new OIDCResponseError(); error.DeserializeFromDictionary(returnedJson); throw new OIDCException("Error while registering client: " + error.Error + "\n" + error.ErrorDescription); } OIDCTokenResponseMessage tokenResponse = new OIDCTokenResponseMessage(); tokenResponse.DeserializeFromDictionary(returnedJson); return tokenResponse; }
/// <summary> /// Method called toparse an authentication implicit response from OP. /// </summary> /// <param name="queryString">The string reprsenting the authentication response provided /// by the OP.</param> /// <param name="scope">(optional) Eventual scope used for the call to be used for verification.</param> /// <param name="state">(optional) Eventual state used for the call to be used for verification.</param> /// <returns>A validated message containing answer frop OP.</returns> public OIDCAuthImplicitResponseMessage ParseAuthImplicitResponse(string queryString, List<MessageScope> scope = null, string state = null) { OIDCAuthImplicitResponseMessage responseMessage = new OIDCAuthImplicitResponseMessage(); try { responseMessage.DeserializeFromQueryString(queryString); } catch (OIDCException) { OIDCResponseError error = new OIDCResponseError(); error.DeserializeFromQueryString(queryString); throw new OIDCException("Error while parsing authorization response: " + error.Error + "\n" + error.ErrorDescription); } if (state != null && responseMessage.State != state) { throw new OIDCException("Error with authentication answer, wrong state."); } return responseMessage; }