public void Should_Spport_Third_Party_Initiated_Login() { rpid = "rp-support_3rd_party_init_login"; // given OIDCThirdPartyLoginRequest thirdPartyRequest = new OIDCThirdPartyLoginRequest(); thirdPartyRequest.Iss = GetBaseUrl("/"); WebRequest webRequest = WebRequest.Create(clientInformation.InitiateLoginUri + "?" + thirdPartyRequest.SerializeToQueryString()); OIDCAuthorizationRequestMessage requestMessage = new OIDCAuthorizationRequestMessage(); requestMessage.ClientId = clientInformation.ClientId; requestMessage.Scope = new List<MessageScope>{ MessageScope.Openid }; requestMessage.ResponseType = new List<ResponseType>() { ResponseType.Code }; requestMessage.RedirectUri = clientInformation.RedirectUris[0]; requestMessage.Validate(); request = requestMessage.SerializeToQueryString(); param = providerMetadata.AuthorizationEndpoint; OpenIdRelyingParty rp = new OpenIdRelyingParty(); // when WebOperations.GetUrlContent(webRequest); semaphore.WaitOne(); OIDCAuthCodeResponseMessage response = rp.ParseAuthCodeResponse(result); // then response.Validate(); }
public void Should_Authenticate_Client_With_Client_Secret_Basic() { rpid = "rp-token_endpoint-client_secret_basic"; // given OIDCAuthCodeResponseMessage response = (OIDCAuthCodeResponseMessage) GetAuthResponse(ResponseType.Code); OIDCTokenRequestMessage tokenRequestMessage = new OIDCTokenRequestMessage(); tokenRequestMessage.Scope = response.Scope; tokenRequestMessage.State = response.State; tokenRequestMessage.Code = response.Code; tokenRequestMessage.ClientId = clientInformation.ClientId; tokenRequestMessage.ClientSecret = clientInformation.ClientSecret; tokenRequestMessage.GrantType = "authorization_code"; tokenRequestMessage.RedirectUri = clientInformation.RedirectUris[0]; // when OpenIdRelyingParty rp = new OpenIdRelyingParty(); clientInformation.TokenEndpointAuthMethod = "client_secret_basic"; OIDCTokenResponseMessage tokenResponse = rp.SubmitTokenRequest(GetBaseUrl("/token"), tokenRequestMessage, clientInformation); // then Assert.NotNull(tokenResponse.IdToken); OIDCIdToken idToken = tokenResponse.GetIdToken(providerMetadata.Keys); idToken.Validate(); }
public void Should_Nonce_Be_Present_In_Implicit() { rpid = "rp-nonce-unless_code_flow"; // given OIDCAuthorizationRequestMessage requestMessage = new OIDCAuthorizationRequestMessage(); requestMessage.ClientId = clientInformation.ClientId; OIDClaims requestClaims = new OIDClaims(); requestClaims.Userinfo = new Dictionary<string, OIDClaimData>(); requestClaims.Userinfo.Add("name", new OIDClaimData()); requestMessage.Scope = new List<MessageScope>() { MessageScope.Openid }; requestMessage.ResponseType = new List<ResponseType>() { ResponseType.IdToken, ResponseType.Token }; requestMessage.RedirectUri = clientInformation.RedirectUris[0]; requestMessage.Nonce = WebOperations.RandomString(); requestMessage.State = WebOperations.RandomString(); requestMessage.Claims = requestClaims; requestMessage.Validate(); OpenIdRelyingParty rp = new OpenIdRelyingParty(); rp.Authenticate(GetBaseUrl("/authorization"), requestMessage); semaphore.WaitOne(); OIDCAuthImplicitResponseMessage response = rp.ParseAuthImplicitResponse(result, requestMessage.Scope, requestMessage.State); OIDCIdToken idToken = response.GetIdToken(providerMetadata.Keys, clientInformation.ClientSecret); // then idToken.Validate(); }
public void Should_Discover_OpenID_Providers_Using_URI_Syntax() { rpid = "rp-discovery-webfinger_acct"; // given string userid = rpid + "@" + opBaseurl.Host; OpenIdRelyingParty rp = new OpenIdRelyingParty(); // when string issuer = rp.ObtainIssuerFromEmail(userid, opBaseurl.ToString()); // then Assert.AreEqual(issuer.TrimEnd('/'), GetBaseUrl("/").TrimEnd('/')); }
public void Should_Discover_OpenID_Providers_Using_URL_Syntax() { rpid = "rp-discovery-webfinger_url"; // given string userid = "https://" + opBaseurl.Host + ":" + opBaseurl.Port + "/" + rpid; OpenIdRelyingParty rp = new OpenIdRelyingParty(); // when string issuer = rp.ObtainIssuerFromURL(userid, opBaseurl.ToString()); // then Assert.AreEqual(issuer.TrimEnd('/'), GetBaseUrl("/").TrimEnd('/')); }
public OIDCProviderMetadata(dynamic o) { deserializeFromDynamic(o); if (JwksUri != null) { Keys = new List <OIDCKey>(); Dictionary <string, object> jwks = OpenIdRelyingParty.GetUrlContent(WebRequest.Create(JwksUri)); ArrayList keys = (ArrayList)jwks["keys"]; foreach (Dictionary <string, object> key in keys) { OIDCKey newKey = new OIDCKey(key); Keys.Add(newKey); } } }
public void Should_Reject_Id_Token_Without_Kid_If_Multiple_JWK() { rpid = "rp-id_token-kid_absent_multiple_jwks"; // given // when OIDCAuthImplicitResponseMessage response = (OIDCAuthImplicitResponseMessage)GetAuthResponse(ResponseType.IdToken); // then OpenIdRelyingParty rp = new OpenIdRelyingParty(); // then Assert.NotNull(response.IdToken); OIDCIdToken idToken = response.GetIdToken(providerMetadata.Keys); idToken.Validate(); }
public void Should_Authenticate_With_Claims_In_Scope_Basic() { rpid = "rp-scope-userinfo_claims"; // given OIDCAuthorizationRequestMessage requestMessage = new OIDCAuthorizationRequestMessage(); requestMessage.ClientId = clientInformation.ClientId; OIDClaims requestClaims = new OIDClaims(); requestClaims.Userinfo = new Dictionary<string, OIDClaimData>(); requestClaims.Userinfo.Add("name", new OIDClaimData()); requestMessage.Scope = new List<MessageScope>() { MessageScope.Openid, MessageScope.Profile, MessageScope.Email, MessageScope.Address, MessageScope.Phone }; requestMessage.ResponseType = new List<ResponseType>() { ResponseType.IdToken, ResponseType.Token }; requestMessage.RedirectUri = clientInformation.RedirectUris[0]; requestMessage.Nonce = WebOperations.RandomString(); requestMessage.State = WebOperations.RandomString(); requestMessage.Claims = requestClaims; requestMessage.Validate(); OpenIdRelyingParty rp = new OpenIdRelyingParty(); rp.Authenticate(GetBaseUrl("/authorization"), requestMessage); semaphore.WaitOne(); OIDCAuthImplicitResponseMessage authResponse = rp.ParseAuthImplicitResponse(result, requestMessage.Scope, requestMessage.State); OIDCUserInfoRequestMessage userInfoRequestMessage = new OIDCUserInfoRequestMessage(); userInfoRequestMessage.Scope = authResponse.Scope; userInfoRequestMessage.State = authResponse.State; // when OIDCUserInfoResponseMessage response = rp.GetUserInfo(GetBaseUrl("/userinfo"), userInfoRequestMessage, authResponse.AccessToken); // then response.Validate(); Assert.IsNotNullOrEmpty(response.Name); Assert.IsNotNullOrEmpty(response.GivenName); Assert.IsNotNullOrEmpty(response.FamilyName); Assert.IsNotNullOrEmpty(response.Email); Assert.IsNotNull(response.Address); Assert.IsNotNullOrEmpty(response.Address.StreetAddress); Assert.IsNotNullOrEmpty(response.Address.PostalCode); Assert.IsNotNullOrEmpty(response.Address.Locality); Assert.IsNotNullOrEmpty(response.Address.Country); Assert.IsNotNullOrEmpty(response.PhoneNumber); }
public void Should_Accept_Encrypted_UserInfo() { rpid = "rp-user_info-enc"; // given OpenIdRelyingParty rp = new OpenIdRelyingParty(); string registrationEndopoint = GetBaseUrl("/registration"); OIDCClientInformation clientMetadata = new OIDCClientInformation(); clientMetadata.ApplicationType = "web"; clientMetadata.ResponseTypes = new List<ResponseType>() { ResponseType.IdToken }; clientMetadata.RedirectUris = new List<string>() { myBaseUrl + "id_token_flow_callback" }; clientMetadata.UserinfoEncryptedResponseAlg = "RSA1_5"; clientMetadata.UserinfoEncryptedResponseEnc = "A128CBC-HS256"; clientMetadata.JwksUri = myBaseUrl + "my_public_keys.jwks"; OIDCClientInformation clientInformation = rp.RegisterClient(registrationEndopoint, clientMetadata); OIDClaims requestClaims = new OIDClaims(); requestClaims.IdToken = new Dictionary<string, OIDClaimData>(); requestClaims.IdToken.Add("name", new OIDClaimData()); OIDCAuthorizationRequestMessage requestMessage = new OIDCAuthorizationRequestMessage(); requestMessage.ClientId = clientInformation.ClientId; requestMessage.Scope = new List<MessageScope>() { MessageScope.Openid, MessageScope.Profile, MessageScope.Address, MessageScope.Phone, MessageScope.Email }; requestMessage.ResponseType = new List<ResponseType>() { ResponseType.IdToken, ResponseType.Token }; requestMessage.RedirectUri = clientInformation.RedirectUris[0]; requestMessage.Nonce = WebOperations.RandomString(); requestMessage.State = WebOperations.RandomString(); requestMessage.Claims = requestClaims; requestMessage.Validate(); rp.Authenticate(GetBaseUrl("/authorization"), requestMessage); semaphore.WaitOne(); OIDCAuthImplicitResponseMessage authResponse = rp.ParseAuthImplicitResponse(result, requestMessage.Scope, requestMessage.State); X509Certificate2 encCert = new X509Certificate2("server.pfx", "", X509KeyStorageFlags.Exportable); List<OIDCKey> myKeys = KeyManager.GetKeysJwkList(null, encCert); // when OIDCUserInfoResponseMessage response = GetUserInfo(authResponse.Scope, authResponse.State, authResponse.AccessToken, null, true, null, myKeys); // then response.Validate(); Assert.IsNotNullOrEmpty(response.Name); }
public void Should_Client_Be_Able_To_Register() { rpid = "rp-registration-dynamic"; // given string registrationEndopoint = GetBaseUrl("/registration"); OIDCClientInformation clientMetadata = new OIDCClientInformation(); clientMetadata.ApplicationType = "web"; clientMetadata.RedirectUris = new List<string>() { myBaseUrl + "code_flow_callback" }; clientMetadata.ResponseTypes = new List<ResponseType>() { ResponseType.Code }; OpenIdRelyingParty rp = new OpenIdRelyingParty(); // when OIDCClientInformation response = rp.RegisterClient(registrationEndopoint, clientMetadata); // then response.Validate(); }
public OIDClientSerializableMessage GetAuthResponse(ResponseType RespType, string Nonce = null, bool Profile = false, OIDClaims Claims = null) { OIDCAuthorizationRequestMessage requestMessage = new OIDCAuthorizationRequestMessage(); requestMessage.ClientId = clientInformation.ClientId; requestMessage.Scope = new List<MessageScope>() { MessageScope.Openid }; requestMessage.RedirectUri = clientInformation.RedirectUris[0]; requestMessage.Nonce = (Nonce == null) ? WebOperations.RandomString() : Nonce; requestMessage.State = WebOperations.RandomString(); requestMessage.Claims = Claims; if (Profile) { requestMessage.Scope.Add(MessageScope.Profile); requestMessage.Scope.Add(MessageScope.Address); requestMessage.Scope.Add(MessageScope.Phone); requestMessage.Scope.Add(MessageScope.Email); } if (ResponseType.Code == RespType) { requestMessage.ResponseType = new List<ResponseType>() { ResponseType.Code }; } else if (ResponseType.IdToken == RespType) { requestMessage.ResponseType = new List<ResponseType>() { ResponseType.IdToken, ResponseType.Token }; } requestMessage.Validate(); OpenIdRelyingParty rp = new OpenIdRelyingParty(); rp.Authenticate(GetBaseUrl("/authorization"), requestMessage); semaphore.WaitOne(); if (ResponseType.Code == RespType) { return rp.ParseAuthCodeResponse(result, requestMessage.Scope, requestMessage.State); } else if (ResponseType.IdToken == RespType) { return rp.ParseAuthImplicitResponse(result, requestMessage.Scope, requestMessage.State); } throw new Exception("Error in parameter passed"); }
public void Should_Client_Only_Use_Https_Endpoints() { rpid = "rp-registration-uses_https_endpoints"; // given string registrationEndopoint = GetBaseUrl("/registration"); OIDCClientInformation clientMetadata = new OIDCClientInformation(); clientMetadata.ApplicationType = "web"; clientMetadata.RedirectUris = new List<string>() { myBaseUrl + "code_flow_callback" }; clientMetadata.ResponseTypes = new List<ResponseType>() { ResponseType.Code }; clientMetadata.JwksUri = myBaseUrl + "my_public_keys.jwks"; OpenIdRelyingParty rp = new OpenIdRelyingParty(); // when OIDCClientInformation response = rp.RegisterClient(registrationEndopoint, clientMetadata); response.JwksUri = clientMetadata.JwksUri.Replace("https", "http"); // then response.Validate(); }
public void Should_Use_Distributed_Claims() { rpid = "rp-claims-distributed"; claims = "distributed"; // given OpenIdRelyingParty rp = new OpenIdRelyingParty(); string hostname = GetBaseUrl("/"); providerMetadata = rp.ObtainProviderInformation(hostname); OIDCAuthCodeResponseMessage authResponse = GetAuthResponse(ResponseType.Code, null, true) as OIDCAuthCodeResponseMessage; OIDCTokenResponseMessage tokenResponse = GetToken(authResponse); OIDCUserInfoRequestMessage userInfoRequestMessage = new OIDCUserInfoRequestMessage(); // when OIDCUserInfoResponseMessage userInfoResponse = GetUserInfo(authResponse.Scope, authResponse.State, tokenResponse.AccessToken); // then Assert.NotNull(userInfoResponse); Assert.AreEqual(userInfoResponse.CustomClaims["age"], 30); }
public void Should_Use_Request_Uri_Parameter_Signed() { rpid = "rp-request_uri-sig"; // given OIDCAuthorizationRequestMessage requestMessage = generateRequestMessage(); OIDCAuthorizationRequestMessage requestObject = generateRequestObject(requestMessage.State, requestMessage.Nonce); RSACryptoServiceProvider signKey = getSignKey(); request = JWT.Encode(requestObject.SerializeToJsonString(), signKey, JwsAlgorithm.RS256); OpenIdRelyingParty rp = new OpenIdRelyingParty(); // when rp.Authenticate(GetBaseUrl("/authorization"), requestMessage); semaphore.WaitOne(); OIDCAuthCodeResponseMessage response = rp.ParseAuthCodeResponse(result, requestMessage.Scope); // then response.Validate(); }
public void Should_Authenticate_With_Code_Response_Type() { rpid = "rp-response_type-code"; // given OIDCAuthorizationRequestMessage requestMessage = new OIDCAuthorizationRequestMessage(); requestMessage.ClientId = clientInformation.ClientId; requestMessage.Scope = new List<MessageScope>() { MessageScope.Openid }; requestMessage.ResponseType = new List<ResponseType>() { ResponseType.Code }; requestMessage.RedirectUri = clientInformation.RedirectUris[0]; requestMessage.Validate(); OpenIdRelyingParty rp = new OpenIdRelyingParty(); // when rp.Authenticate(GetBaseUrl("/authorization"), requestMessage); semaphore.WaitOne(); OIDCAuthCodeResponseMessage response = rp.ParseAuthCodeResponse(result, requestMessage.Scope); // then response.Validate(); }
public override void validate() { if (RedirectUris != null && ResponseTypes != null && RedirectUris.Count != ResponseTypes.Count) { throw new OIDCException("The redirect_uris do not match response_types."); } if (RedirectUris != null && SectorIdentifierUri != null) { List <string> siUris = new List <string>(); dynamic uris = OpenIdRelyingParty.GetUrlContent(WebRequest.Create(SectorIdentifierUri)); foreach (string uri in uris) { siUris.Add(uri); } foreach (string uri in RedirectUris) { if (!siUris.Contains(uri)) { throw new OIDCException("The sector_identifier_uri json must include URIs from the redirect_uri array."); } } } if (ResponseTypes != null && GrantTypes != null) { foreach (string responseType in ResponseTypes) { if ((responseType == "code" && !GrantTypes.Contains("authorization_code")) || (responseType == "id_token" && !GrantTypes.Contains("implicit")) || (responseType == "token" && !GrantTypes.Contains("implicit")) || (responseType == "id_token" && !GrantTypes.Contains("implicit"))) { throw new OIDCException("The response_types do not match grant_types."); } } } }
public void Should_Authenticate_With_IdToken_Response_Type() { rpid = "rp-response_type-id_token"; // given OIDCAuthorizationRequestMessage requestMessage = new OIDCAuthorizationRequestMessage(); requestMessage.ClientId = clientInformation.ClientId; requestMessage.Scope = new List<MessageScope>() { MessageScope.Openid }; requestMessage.ResponseType = new List<ResponseType>() { ResponseType.IdToken }; requestMessage.RedirectUri = clientInformation.RedirectUris[1]; requestMessage.Nonce = WebOperations.RandomString(); requestMessage.State = WebOperations.RandomString(); requestMessage.Validate(); OpenIdRelyingParty rp = new OpenIdRelyingParty(); // when rp.Authenticate(GetBaseUrl("/authorization"), requestMessage); semaphore.WaitOne(); OIDCAuthImplicitResponseMessage response = rp.ParseAuthImplicitResponse(result, requestMessage.Scope, requestMessage.State); // then response.Validate(); }
public void Should_Request_And_Use_Claims_Id_Token() { rpid = "rp-response_type-id_token+token"; signalg = "RS256"; GetProviderMetadata(); // given string Nonce = WebOperations.RandomString(); OIDClaims requestClaims = new OIDClaims(); requestClaims.IdToken = new Dictionary<string, OIDClaimData>(); requestClaims.IdToken.Add("name", new OIDClaimData()); // when OIDCAuthImplicitResponseMessage response = (OIDCAuthImplicitResponseMessage) GetAuthResponse(ResponseType.IdToken, Nonce, true, requestClaims); // then response.Validate(); Assert.NotNull(response.AccessToken); OpenIdRelyingParty rp = new OpenIdRelyingParty(); OIDCIdToken idToken = response.GetIdToken(providerMetadata.Keys, clientInformation.ClientSecret); rp.ValidateIdToken(idToken, clientInformation, providerMetadata.Issuer, Nonce); Assert.IsNotNullOrEmpty(idToken.Name); }
public void Should_Support_Signing_Key_Rotation() { rpid = "rp-key_rotation-rp_sign_key"; // given RSACryptoServiceProvider signKey1 = getSignKey("server.pfx"); OIDCAuthorizationRequestMessage requestMessage1 = generateRequestMessage(true); OIDCAuthorizationRequestMessage requestObject1 = generateRequestMessage(false, requestMessage1.State, requestMessage1.Nonce); RSACryptoServiceProvider signKey2 = getSignKey("server2.pfx"); OIDCAuthorizationRequestMessage requestMessage2 = generateRequestMessage(true); OIDCAuthorizationRequestMessage requestObject2 = generateRequestMessage(false, requestMessage1.State, requestMessage1.Nonce); OpenIdRelyingParty rp = new OpenIdRelyingParty(); // when request = JWT.Encode(requestObject1.SerializeToJsonString(), signKey1, JwsAlgorithm.RS256); rp.Authenticate(GetBaseUrl("/authorization"), requestMessage1); semaphore.WaitOne(); OIDCAuthCodeResponseMessage response1 = rp.ParseAuthCodeResponse(result, requestMessage1.Scope, requestMessage1.State); request = JWT.Encode(requestObject2.SerializeToJsonString(), signKey1, JwsAlgorithm.RS256); rp.Authenticate(GetBaseUrl("/authorization"), requestMessage2); semaphore.WaitOne(); OIDCAuthCodeResponseMessage response2 = rp.ParseAuthCodeResponse(result, requestMessage2.Scope, requestMessage2.State); // then response1.Validate(); response2.Validate(); }
public void Should_Obtain_Provider_Information_With_JWKS_Json() { rpid = "rp-discovery-jwks_uri_keys"; // given string hostname = GetBaseUrl("/"); OpenIdRelyingParty rp = new OpenIdRelyingParty(); // when OIDCProviderMetadata response = rp.ObtainProviderInformation(hostname); // then response.Validate(); Assert.IsNotNull(response.Keys); Assert.Greater(response.Keys.Count, 0); }
public void Should_Keys_Be_Published_As_JWK() { rpid = "rp-registration-well_formed_jwk"; // given string registrationEndopoint = GetBaseUrl("/registration"); OIDCClientInformation clientMetadata = new OIDCClientInformation(); clientMetadata.ApplicationType = "web"; clientMetadata.RedirectUris = new List<string>() { myBaseUrl + "code_flow_callback" }; clientMetadata.ResponseTypes = new List<ResponseType>() { ResponseType.Code }; clientMetadata.JwksUri = myBaseUrl + "my_public_keys.jwks"; OpenIdRelyingParty rp = new OpenIdRelyingParty(); // when OIDCClientInformation response = rp.RegisterClient(registrationEndopoint, clientMetadata); // then response.Validate(); }
public void Should_Registration_Request_Has_RedirectUris() { rpid = "rp-registration-redirect_uris"; // given string registrationEndopoint = GetBaseUrl("/registration"); OIDCClientInformation clientMetadata = new OIDCClientInformation(); clientMetadata.ApplicationType = "web"; clientMetadata.RedirectUris = new List<string>() { myBaseUrl + "code_flow_callback" }; clientMetadata.ResponseTypes = new List<ResponseType>() { ResponseType.Code }; OpenIdRelyingParty rp = new OpenIdRelyingParty(); // when OIDCClientInformation response = rp.RegisterClient(registrationEndopoint, clientMetadata); // then response.Validate(); CollectionAssert.AreEquivalent(clientMetadata.RedirectUris, response.RedirectUris); }
public void Should_Wrong_Discovered_Issuer_Be_Rejected() { rpid = "rp-discovery-issuer_not_matching_config"; // given string hostname = GetBaseUrl("/"); string userid = "https://" + opBaseurl.Host + ":" + opBaseurl.Port + "/" + rpid; OpenIdRelyingParty rp = new OpenIdRelyingParty(); string issuer = rp.ObtainIssuerFromURL(userid, opBaseurl.ToString()); issuer = issuer.Replace("localhost", "wrong.hostname"); // when rp.ObtainProviderInformation(hostname, issuer); // then }
public void Should_Authenticate_Client_With_Private_Key_Jwt() { rpid = "rp-token_endpoint-client_secret_jwt"; // given OIDCAuthCodeResponseMessage response = (OIDCAuthCodeResponseMessage)GetAuthResponse(ResponseType.Code); OIDCTokenRequestMessage tokenRequestMessage = new OIDCTokenRequestMessage(); tokenRequestMessage.Scope = response.Scope; tokenRequestMessage.State = response.State; tokenRequestMessage.Code = response.Code; tokenRequestMessage.ClientId = clientInformation.ClientId; tokenRequestMessage.ClientSecret = clientInformation.ClientSecret; tokenRequestMessage.GrantType = "authorization_code"; tokenRequestMessage.RedirectUri = clientInformation.RedirectUris[0]; RSACryptoServiceProvider privateKey = providerMetadata.Keys.Find( delegate(OIDCKey k) { return k.Use == "enc" && k.Kty == "RSA"; } ).GetRSA(); // when OpenIdRelyingParty rp = new OpenIdRelyingParty(); clientInformation.TokenEndpointAuthMethod = "private_key_jwt"; OIDCTokenResponseMessage tokenResponse = rp.SubmitTokenRequest(GetBaseUrl("/token"), tokenRequestMessage, clientInformation, privateKey.ExportCspBlob(false)); // then Assert.NotNull(tokenResponse.IdToken); OIDCIdToken idToken = tokenResponse.GetIdToken(providerMetadata.Keys); idToken.Validate(); }
public void Should_Obtain_Provider_Information() { rpid = "rp-discovery-openid_configuration"; // given string hostname = GetBaseUrl("/"); OpenIdRelyingParty rp = new OpenIdRelyingParty(); // when OIDCProviderMetadata response = rp.ObtainProviderInformation(hostname); // then response.Validate(); }
private OIDCTokenResponseMessage AuthenticateAndRetrieveIdToken() { OIDCAuthorizationRequestMessage requestMessage = generateRequestMessage(); OpenIdRelyingParty rp = new OpenIdRelyingParty(); rp.Authenticate(GetBaseUrl("/authorization"), requestMessage); semaphore.WaitOne(); OIDCAuthCodeResponseMessage response = rp.ParseAuthCodeResponse(result, requestMessage.Scope, requestMessage.State); OIDCTokenRequestMessage tokenRequestMessage = new OIDCTokenRequestMessage(); tokenRequestMessage.Scope = response.Scope; tokenRequestMessage.Code = response.Code; tokenRequestMessage.ClientId = clientInformation.ClientId; tokenRequestMessage.ClientSecret = clientInformation.ClientSecret; tokenRequestMessage.GrantType = "authorization_code"; tokenRequestMessage.RedirectUri = clientInformation.RedirectUris[0]; return rp.SubmitTokenRequest(GetBaseUrl("/token"), tokenRequestMessage, clientInformation); }
public void GetProviderMetadata() { string hostname = GetBaseUrl("/"); OpenIdRelyingParty rp = new OpenIdRelyingParty(); providerMetadata = rp.ObtainProviderInformation(hostname); }
private static void ThirdPartyInitiatedLoginCallback(IHttpContext context) { result = context.Request.Uri.Query; OIDCAuthorizationRequestMessage requestMessage = new OIDCAuthorizationRequestMessage(); requestMessage.DeserializeFromQueryString(request); OpenIdRelyingParty rp = new OpenIdRelyingParty(); rp.ThirdPartyInitiatedLogin(requestMessage, param); }
public void RegisterClient(ResponseType? RespType, bool JWKs = false, bool RequestUri = false, bool InitateLoginUri = false) { string registrationEndopoint = GetBaseUrl("/registration"); OIDCClientInformation clientMetadata = new OIDCClientInformation(); clientMetadata.ApplicationType = "web"; if (JWKs) { clientMetadata.JwksUri = myBaseUrl + "my_public_keys.jwks"; } if (RequestUri) { clientMetadata.RequestUris = new List<string>() { myBaseUrl + "request.jwt" }; } if (InitateLoginUri) { clientMetadata.InitiateLoginUri = myBaseUrl + "initiated_login"; } if (ResponseType.IdToken == RespType) { clientMetadata.ResponseTypes = new List<ResponseType>() { ResponseType.IdToken }; clientMetadata.RedirectUris = new List<string>() { myBaseUrl + "id_token_flow_callback" }; } else if(ResponseType.Code == RespType) { clientMetadata.ResponseTypes = new List<ResponseType>() { ResponseType.Code }; clientMetadata.RedirectUris = new List<string>() { myBaseUrl + "code_flow_callback" }; } else { clientMetadata.ResponseTypes = new List<ResponseType>() { ResponseType.Code, ResponseType.IdToken }; clientMetadata.RedirectUris = new List<string>() { myBaseUrl + "code_flow_callback", myBaseUrl + "id_token_flow_callback" }; } OpenIdRelyingParty rp = new OpenIdRelyingParty(); clientInformation = rp.RegisterClient(registrationEndopoint, clientMetadata); }
public OIDCUserInfoResponseMessage GetUserInfo(List<MessageScope> scope, string state, string accessToken, string idTokenSub = null, bool bearer = true, string ClientSecret = null, List<OIDCKey> RPKeys = null) { OIDCUserInfoRequestMessage userInfoRequestMessage = new OIDCUserInfoRequestMessage(); userInfoRequestMessage.Scope = scope; userInfoRequestMessage.State = state; OpenIdRelyingParty rp = new OpenIdRelyingParty(); var urlInfoUrl = providerMetadata.UserinfoEndpoint; return rp.GetUserInfo(urlInfoUrl, userInfoRequestMessage, accessToken, idTokenSub, bearer, ClientSecret, RPKeys); }
public OIDCTokenResponseMessage GetToken(OIDCAuthCodeResponseMessage authResponse) { OIDCTokenRequestMessage tokenRequestMessage = new OIDCTokenRequestMessage(); tokenRequestMessage.Scope = authResponse.Scope; tokenRequestMessage.State = authResponse.State; tokenRequestMessage.Code = authResponse.Code; tokenRequestMessage.ClientId = clientInformation.ClientId; tokenRequestMessage.ClientSecret = clientInformation.ClientSecret; tokenRequestMessage.RedirectUri = clientInformation.RedirectUris[0]; tokenRequestMessage.GrantType = "authorization_code"; OpenIdRelyingParty rp = new OpenIdRelyingParty(); OIDCTokenResponseMessage response = rp.SubmitTokenRequest(providerMetadata.TokenEndpoint, tokenRequestMessage, clientInformation); OIDCIdToken idToken = response.GetIdToken(providerMetadata.Keys, tokenRequestMessage.ClientSecret); rp.ValidateIdToken(idToken, clientInformation, providerMetadata.Issuer, null); return response; }
public void Should_Support_Provider_Crypt_Key_Rotation() { rpid = "rp-key_rotation-op_enc_key"; // given OIDCAuthorizationRequestMessage requestMessage1 = generateRequestMessage(true); OIDCAuthorizationRequestMessage requestObject1 = generateRequestMessage(false, requestMessage1.State, requestMessage1.Nonce); RSACryptoServiceProvider encKey1 = getEncKey(); OIDCAuthorizationRequestMessage requestMessage2 = generateRequestMessage(true); OIDCAuthorizationRequestMessage requestObject2 = generateRequestMessage(false, requestMessage2.State, requestMessage2.Nonce); RSACryptoServiceProvider encKey2 = getEncKey(); OpenIdRelyingParty rp = new OpenIdRelyingParty(); // when request = JWT.Encode(requestObject1.SerializeToJsonString(), encKey1, JweAlgorithm.RSA1_5, JweEncryption.A128CBC_HS256); rp.Authenticate(GetBaseUrl("/authorization"), requestMessage1); semaphore.WaitOne(); OIDCAuthCodeResponseMessage response1 = rp.ParseAuthCodeResponse(result, requestMessage1.Scope); request = JWT.Encode(requestObject2.SerializeToJsonString(), encKey2, JweAlgorithm.RSA1_5, JweEncryption.A128CBC_HS256); rp.Authenticate(GetBaseUrl("/authorization"), requestMessage2); semaphore.WaitOne(); OIDCAuthCodeResponseMessage response2 = rp.ParseAuthCodeResponse(result, requestMessage2.Scope); // then response1.Validate(); response2.Validate(); }