private async Task <ProcessConsentResultPM> ProcessConsentAsync(ConsentInputVM model)
{
var result = new ProcessConsentResultPM();
ConsentResponseSM grantedConsent = null;
// user clicked 'no' - send back the standard 'access_denied' response
if (model.Button == "no")
{
grantedConsent = ConsentResponseSM.Denied;
}
// user clicked 'yes' - validate the data
else if (model.Button == "yes" && model != null)
{
// if the user consented to some scope, build the response model
if (model.ScopesConsented != null && model.ScopesConsented.Any())
{
var scopes = model.ScopesConsented;
if (ConsentOptionsOM.EnableOfflineAccess == false)
{
scopes = scopes.Where(x => x != _securableService.GetOfflineAccessScopeName()); // IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess);
}
grantedConsent = new ConsentResponseSM
{
RememberConsent = model.RememberConsent,
ScopesConsented = scopes.ToArray()
};
}
else
{
result.ValidationError = ConsentOptionsOM.MustChooseOneErrorMessage;
}
}
else
{
result.ValidationError = ConsentOptionsOM.InvalidSelectionErrorMessage;
}
if (grantedConsent != null)
{
// communicate outcome of consent back to identityserver
var granted = await _securableService.GrantConsentAsync(model.ReturnUrl, grantedConsent);
if (!granted)
{
return(result);
}
// indicate that's it ok to redirect back to authorization endpoint
result.RedirectUri = model.ReturnUrl;
}
else
{
// we need to redisplay the consent UI
result.ViewModel = await ConsentVMFactory.BuildConsentVMAsync(_securableService, _logger, model.ReturnUrl, model);
}
return(result);
}
public async Task <IActionResult> Index(ConsentInputVM model)
{
var result = await ProcessConsentAsync(model);
if (result.IsRedirect)
{
return(Redirect(result.RedirectUri));
}
if (result.HasValidationError)
{
ModelState.AddModelError("", result.ValidationError);
}
if (result.ShowView)
{
return(View("Index", result.ViewModel));
}
return(View("Error"));
}
private static ConsentVM CreateConsentViewModel(ISecurableService securableService, ConsentInputVM model, string returnUrl, AuthorisationRequestSM request,
ClientSM client, SecurableResourcesSM resources)
{
var vm = new ConsentVM
{
RememberConsent = model?.RememberConsent ?? true,
ScopesConsented = model?.ScopesConsented ?? Enumerable.Empty <string>(),
ReturnUrl = returnUrl,
ClientName = client.ClientName ?? client.ClientId,
ClientUrl = client.ClientUri,
ClientLogoUrl = client.LogoUri,
AllowRememberConsent = client.AllowRememberConsent
};
vm.IdentityScopes = resources.IdentityResources.Select(x => CreateScopeViewModel(x, vm.ScopesConsented.Contains(x.Name) || model == null)).ToArray();
vm.ResourceScopes = resources.ApiResources.SelectMany(x => x.Scopes).Select(x => CreateScopeViewModel(x, vm.ScopesConsented.Contains(x.Name) || model == null)).ToArray();
if (ConsentOptionsOM.EnableOfflineAccess && resources.OfflineAccess)
{
vm.ResourceScopes = vm.ResourceScopes.Union(new ScopeVM[] {
GetOfflineAccessScope(securableService, vm.ScopesConsented.Contains(IdentityServer4.IdentityServerConstants.StandardScopes.OfflineAccess) || model == null)
});
}
return(vm);
}
public static async Task <ConsentVM> BuildConsentVMAsync(ISecurableService securableService, ILogger logger, string returnUrl, ConsentInputVM model = null)
{
AuthorisationRequestSM request = await securableService.GetAuthorizationContextAsync(returnUrl);
if (request != null)
{
var client = await securableService.FindEnabledClientByIdAsync(request.ClientId);
if (client != null)
{
var resources = await securableService.FindEnabledResourcesByScopeAsync(request.ScopesRequested);
if (resources != null && (resources.IdentityResources.Any() || resources.ApiResources.Any()))
{
return(CreateConsentViewModel(securableService, model, returnUrl, request, client, resources));
}
else
{
logger.LogError("No scopes matching: {0}", request.ScopesRequested.Aggregate((x, y) => x + ", " + y));
}
}
else
{
logger.LogError("Invalid client id: {0}", request.ClientId);
}
}
else
{
logger.LogError("No consent request matching request: {0}", returnUrl);
}
return(null);
}
