public string GetClientIdFromClientAssertion(AuthenticateInstruction instruction) { if (instruction.ClientAssertionType != "urn:ietf:params:oauth:client-assertion-type:jwt-bearer" || string.IsNullOrWhiteSpace(instruction.ClientAssertion)) { return(string.Empty); } var clientAssertion = instruction.ClientAssertion; var isJweToken = _jwtParser.IsJweToken(clientAssertion); var isJwsToken = _jwtParser.IsJwsToken(clientAssertion); if (isJweToken && isJwsToken) { return(string.Empty); } if (isJweToken) { return(instruction.ClientIdFromHttpRequestBody); } var payload = _jwsGenerator.ExtractPayload(clientAssertion); if (payload == null) { return(string.Empty); } return(payload.GetClaimValue("iss")); }
private string TryGettingClientId(AuthenticateInstruction instruction) { var clientId = GetClientIdFromClientAssertion(instruction); if (!string.IsNullOrWhiteSpace(clientId)) { return(clientId); } clientId = instruction.ClientIdFromAuthorizationHeader; if (!string.IsNullOrWhiteSpace(clientId)) { return(clientId); } return(instruction.ClientIdFromHttpRequestBody); }
public async Task <BaseClient> Authenticate(AuthenticateInstruction authenticateInstruction, string issuerName, CancellationToken cancellationToken, bool isAuthorizationCodeGrantType = false, string errorCode = ErrorCodes.INVALID_CLIENT) { if (authenticateInstruction == null) { throw new ArgumentNullException(nameof(authenticateInstruction)); } BaseClient client = null; var clientId = TryGettingClientId(authenticateInstruction); if (!string.IsNullOrWhiteSpace(clientId)) { client = await _oauthClientRepository.FindOAuthClientById(clientId, cancellationToken); } if (client == null) { throw new OAuthException(errorCode, string.Format(ErrorMessages.UNKNOWN_CLIENT, clientId)); } if (isAuthorizationCodeGrantType) { return(client); } var tokenEndPointAuthMethod = client.TokenEndPointAuthMethod; var handler = _handlers.FirstOrDefault(h => h.AuthMethod == tokenEndPointAuthMethod); if (handler == null) { throw new OAuthException(errorCode, string.Format(ErrorMessages.UNKNOWN_AUTH_METHOD, tokenEndPointAuthMethod)); } if (!await handler.Handle(authenticateInstruction, client, issuerName, cancellationToken, errorCode)) { throw new OAuthException(errorCode, ErrorMessages.BAD_CLIENT_CREDENTIAL); } return(client); }