private string createAccessToken(CTWhoami whoami, List <string> scopes, FunctionContext <dynamic> fc)
{
RsaSecurityKey rsaKey = new RsaSecurityKey(this.privateRSAKey);
rsaKey.KeyId = this.keyId;
var signingCredentials = new SigningCredentials(rsaKey, SecurityAlgorithms.RsaSha256)
{
CryptoProviderFactory = new CryptoProviderFactory {
CacheSignatureProviders = false
}
};
var now = DateTime.Now;
var unixTimeSeconds = new DateTimeOffset(now).ToUnixTimeSeconds();
var claims = BuildClaims(whoami, unixTimeSeconds.ToString(), scopes);
var jwt = new JwtSecurityToken(
audience: "ct.test.",
issuer: "CT_IDP",
claims: claims,
notBefore: now,
expires: now.AddSeconds(JWTService.Expires_In_AccessToken),
signingCredentials: signingCredentials
);
return(new JwtSecurityTokenHandler().WriteToken(jwt));
}
public async Task <Tokens> BuildJWTToken(CTWhoami whoami, List <string> scopes, FunctionContext <dynamic> fc)
{
await checkKeys(fc);
string idToken = createIDToken(whoami, scopes, fc);
string accessToken = createAccessToken(whoami, scopes, fc);
string refreshToken = createRefreshToken(fc, accessToken);
return(Tokens.BuildTokens(idToken, accessToken, refreshToken, JWTService.Expires_In_AccessToken));
}
public Task <Tokens> CreateNewTokenFromAccessToken(FunctionContext <dynamic> fc, string accessToken)
{
JwtSecurityTokenHandler jsth = new JwtSecurityTokenHandler();
JwtSecurityToken token = jsth.ReadJwtToken(accessToken);
CTWhoami cTWhoami = new CTWhoami();
cTWhoami.firstName = token.Claims.First(claim => claim.Type == "firstname").Value;
cTWhoami.lastName = token.Claims.First(claim => claim.Type == "lastname").Value;
cTWhoami.email = token.Claims.First(claim => claim.Type == "email").Value;
List <string> scopes = token.Claims.Where(claim => claim.Type == "scopes").Select(fclaim => fclaim.Value).ToList();
return(this.BuildJWTToken(cTWhoami, scopes, fc));
}
private Claim[] BuildClaims(CTWhoami whoami, string timeStamp, List <string> scopes)
{
List <Claim> claims = new List <Claim>();
claims.Add(new Claim(JwtRegisteredClaimNames.Iat, timeStamp, ClaimValueTypes.Integer64));
claims.Add(new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()));
claims.Add(new Claim("firstname", whoami.firstName));
claims.Add(new Claim("lastname", whoami.lastName));
claims.Add(new Claim("email", whoami.email));
if (scopes.Count() > 0)
{
claims.AddRange(scopes.Select(val => new Claim("scopes", val)));
}
return(claims.ToArray());
}
public static async Task <IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = null)] HttpRequest req, [Table("PublicKeys")] CloudTable cloudTable,
ILogger log)
{
log.LogInformation("Login requestes");
FunctionContext <dynamic> fc = new FunctionContext <dynamic>(log, req, cloudTable);
string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
dynamic data = JsonConvert.DeserializeObject(requestBody);
if (data == null)
{
return(new BadRequestObjectResult("No Payload available"));
}
fc.PayLoad = data;
string username = data.username;
string password = data.password;
if (String.IsNullOrEmpty(username) || String.IsNullOrEmpty(password))
{
return(new BadRequestObjectResult("Nix username or password"));
}
string ctURL = System.Environment.GetEnvironmentVariable("CT_URL");
CTLoginService service = new CTLoginService(ctURL);
LoginResult lr = await service.DoLogin(username, password, httpClient);
log.LogInformation("Result: " + lr.Error);
if (!lr.Error)
{
CTWhoami cTWhoami = await service.GetWhoAmi(lr.SetCookieHeader, httpClient);
List <CTGroupContainer> groups = await service.GetGroups(lr.SetCookieHeader, cTWhoami.id, httpClient);
List <string> scopes = groups.Select(gc => "ct_group_" + gc.group.domainIdentifier).ToList();
Tokens tokens = await jwtService.BuildJWTToken(cTWhoami, scopes, fc);
return(new OkObjectResult(tokens));
}
return(new UnauthorizedResult());
}
