예제 #1
0
        public async Task <ValidationResult> ValidateAsync(NameValueCollection parameters, ClaimsPrincipal subject)
        {
            _validatedRequest.Raw     = parameters;
            _validatedRequest.Subject = subject;

            if (!subject.Identity.IsAuthenticated)
            {
                return(Invalid());
            }

            var idTokenHint = parameters.Get(Constants.EndSessionRequest.IdTokenHint);

            if (idTokenHint.IsPresent())
            {
                // validate id_token
                var tokenValidationResult = await _tokenValidator.ValidateIdentityTokenAsync(idTokenHint);

                if (tokenValidationResult.IsError)
                {
                    return(Invalid());
                }

                _validatedRequest.Client = tokenValidationResult.Client;

                // validate sub claim against currently logged on user
                var subClaim = tokenValidationResult.Claims.FirstOrDefault(c => c.Type == Constants.ClaimTypes.Subject);
                if (subClaim != null)
                {
                    if (subject.GetSubjectId() != subClaim.Value)
                    {
                        return(Invalid());
                    }
                }

                var redirectUri = parameters.Get(Constants.EndSessionRequest.PostLogoutRedirectUri);
                if (redirectUri.IsPresent())
                {
                    Uri uri;
                    if (Uri.TryCreate(redirectUri, UriKind.Absolute, out uri))
                    {
                        if (_validatedRequest.Client.PostLogoutRedirectUris.Contains(uri))
                        {
                            _validatedRequest.PostLogOutUri = uri;
                        }
                        else
                        {
                            return(Invalid());
                        }
                    }

                    var state = parameters.Get(Constants.EndSessionRequest.State);
                    if (state.IsPresent())
                    {
                        _validatedRequest.State = state;
                    }
                }
            }

            return(Valid());
        }
예제 #2
0
        public async Task <IHttpActionResult> Get()
        {
            Logger.Info("Start identity token validation request");

            if (!_options.IdentityTokenValidationEndpoint.IsEnabled)
            {
                Logger.Warn("Endpoint is disabled. Aborting");
                return(NotFound());
            }

            var parameters = Request.RequestUri.ParseQueryString();

            var token = parameters.Get("token");

            if (token.IsMissing())
            {
                Logger.Error("token is missing.");
                return(BadRequest("token is missing."));
            }

            var clientId = parameters.Get("client_id");

            if (clientId.IsMissing())
            {
                Logger.Error("client_id is missing.");
                return(BadRequest("client_id is missing."));
            }

            var result = await _validator.ValidateIdentityTokenAsync(token, clientId);

            if (result.IsError)
            {
                Logger.Info("Returning error: " + result.Error);
                return(BadRequest(result.Error));
            }

            var response = result.Claims.ToClaimsDictionary();

            Logger.Debug(JsonConvert.SerializeObject(response, Formatting.Indented));

            Logger.Info("Returning identity token claims");
            return(Json(response));
        }