/// <summary>
/// Returns an action resultKind to the controller's action.
/// 1). Redirect to the consent screen if the user is authenticated AND the request doesn't contain a login prompt.
/// 2). Do nothing
/// </summary>
/// <param name="authorizationParameter">The parameter</param>
/// <param name="resourceOwnerPrincipal">Resource owner principal</param>
/// <param name="code">Encrypted parameter</param>
/// <param name="issuerName"></param>
/// <param name="cancellationToken">The <see cref="CancellationToken"/> for the async operation.</param>
/// <returns>Action resultKind to the controller's action</returns>
public async Task <EndpointResult> Execute(
AuthorizationParameter authorizationParameter,
ClaimsPrincipal?resourceOwnerPrincipal,
string?code,
string?issuerName,
CancellationToken cancellationToken)
{
var resourceOwnerIsAuthenticated = resourceOwnerPrincipal.IsAuthenticated();
var promptParameters = authorizationParameter.Prompt.ParsePrompts();
// 1).
if (resourceOwnerIsAuthenticated &&
!promptParameters.Contains(PromptParameters.Login))
{
var subject = resourceOwnerPrincipal.GetSubject() !;
var claims = resourceOwnerPrincipal !.Claims.ToArray();
return(await _authenticateHelper.ProcessRedirection(
authorizationParameter,
code,
subject,
claims,
issuerName,
cancellationToken)
.ConfigureAwait(false));
}
// 2).
return(EndpointResult.CreateAnEmptyActionResultWithNoEffect());
}
public static ActionResult?CreateRedirectionFromActionResult(
this EndpointResult endpointResult,
AuthorizationRequest authorizationRequest,
ILogger logger)
{
if (endpointResult.Type == ActionResultType.RedirectToCallBackUrl)
{
var parameters = endpointResult.GetRedirectionParameters();
var redirectUrl = CreateRedirectHttp(
authorizationRequest.redirect_uri !,
parameters,
endpointResult.RedirectInstruction !.ResponseMode !).ToString();
logger.LogInformation("Redirection uri: {redirectUrl}", redirectUrl);
return(new RedirectResult(redirectUrl));
}
var actionInformation = endpointResult.GetControllerAndActionFromRedirectionActionResult();
if (actionInformation != null)
{
var routeValueDic = actionInformation.RouteValueDictionary;
routeValueDic.Add("controller", actionInformation.ControllerName);
routeValueDic.Add("action", actionInformation.ActionName);
routeValueDic.Add("area", actionInformation.Area);
return(new RedirectToRouteResult(routeValueDic));
}
return(null);
}
public EndpointResult Set(string questionId, OutputDto output)
{
var id = new QuestionId(questionId);
TrySaveAnswer(output, id);
return(EndpointResult.Success());
}
public async Task <EndpointResult> Process(
AuthorizationParameter authorizationParameter,
ClaimsPrincipal claimsPrincipal,
Client client,
string issuerName,
CancellationToken cancellationToken = default)
{
var endUserIsAuthenticated = IsAuthenticated(claimsPrincipal);
Consent?confirmedConsent = null;
if (endUserIsAuthenticated)
{
confirmedConsent =
await GetResourceOwnerConsent(claimsPrincipal, authorizationParameter, cancellationToken)
.ConfigureAwait(false);
}
EndpointResult?result = null;
var prompts = authorizationParameter.Prompt.ParsePrompts();
if (prompts.Count == 0)
{
prompts = new List <string>();
if (!endUserIsAuthenticated)
{
prompts.Add(PromptParameters.Login);
}
else
{
prompts.Add(confirmedConsent == null ? PromptParameters.Consent : PromptParameters.None);
}
}
if (authorizationParameter.RedirectUrl == null ||
client.GetRedirectionUrls(authorizationParameter.RedirectUrl).Length == 0)
{
var message = string.Format(Strings.RedirectUrlIsNotValid, authorizationParameter.RedirectUrl);
_logger.LogError(message);
return(EndpointResult.CreateBadRequestResult(new ErrorDetails
{
Title = ErrorCodes.InvalidRequest,
Detail = message,
Status = HttpStatusCode.BadRequest
}));
}
var scopeValidationResult = authorizationParameter.Scope.Check(client);
if (!scopeValidationResult.IsValid)
{
_logger.LogError(scopeValidationResult.ErrorMessage !);
return(EndpointResult.CreateBadRequestResult(new ErrorDetails
{
Title = ErrorCodes.InvalidScope,
Detail = scopeValidationResult.ErrorMessage !,
Status = HttpStatusCode.BadRequest
}));
public Task <IEndpointResult> HandleAsync(int id, CancellationToken cancellationToken)
{
var person = peopleService.AllPeople().SingleOrDefault(p => p.Id == id);
if (person is null)
{
return(Task.FromResult(EndpointResult.NotFound()));
}
return(Task.FromResult(EndpointResult.Ok(person)));
}
public static ActionInformation?GetControllerAndActionFromRedirectionActionResult(
this EndpointResult endpointResult)
{
if (endpointResult.Type != ActionResultType.RedirectToAction || endpointResult.RedirectInstruction == null)
{
return(null);
}
return(endpointResult.RedirectInstruction.GetActionInformation());
}
public async Task When_No_Resource_Owner_Is_Passed_Then_Redirect_To_Index_Page()
{
var authorizationParameter = new AuthorizationParameter();
var result = await _authenticateResourceOwnerOpenIdAction.Execute(authorizationParameter, null, null, null, CancellationToken.None)
.ConfigureAwait(false);
Assert.Equal(
JsonConvert.SerializeObject(EndpointResult.CreateAnEmptyActionResultWithNoEffect()),
JsonConvert.SerializeObject(result));
}
public static RouteValueDictionary GetRedirectionParameters(this EndpointResult endpointResult)
{
if (endpointResult.Type != ActionResultType.RedirectToAction &&
endpointResult.Type != ActionResultType.RedirectToCallBackUrl ||
endpointResult.RedirectInstruction == null)
{
return(new RouteValueDictionary());
}
return(endpointResult.RedirectInstruction.GetRouteValueDictionary());
}
public DisplayContentResult(
Client client,
ICollection <Scope> scopes,
ICollection <string> allowedClaims,
EndpointResult endpointResult)
: this(endpointResult)
{
Client = client;
Scopes = scopes;
AllowedClaims = allowedClaims;
}
public async Task <EndpointResult> Execute(
AuthorizationParameter authorizationParameter,
ClaimsPrincipal principal,
Client client,
string issuerName,
CancellationToken cancellationToken)
{
var result = await _processAuthorizationRequest.Process(
authorizationParameter,
principal,
client,
issuerName,
cancellationToken)
.ConfigureAwait(false);
if (result.Type == ActionResultType.BadRequest)
{
return(result);
}
// 1. Check the client is authorized to use the authorization_code flow.
if (!client.CheckGrantTypes(GrantTypes.AuthorizationCode))
{
_logger.LogError(
string.Format(
Strings.TheClientDoesntSupportTheGrantType,
authorizationParameter.ClientId,
AuthorizationCode));
return(EndpointResult.CreateBadRequestResult(
new ErrorDetails
{
Title = ErrorCodes.InvalidRequest,
Detail = string.Format(
Strings.TheClientDoesntSupportTheGrantType,
authorizationParameter.ClientId,
AuthorizationCode),
Status = HttpStatusCode.BadRequest
}));
}
if (result.Type == ActionResultType.RedirectToCallBackUrl)
{
result = await _generateAuthorizationResponse.Generate(
result,
authorizationParameter,
principal,
client,
issuerName,
CancellationToken.None)
.ConfigureAwait(false);
}
return(result);
}
public EndpointResult Completed(Guid questionaireId, int slideIndex)
{
var questionaire = Context.QuestionnaireGateway.Get(questionaireId);
var slide = questionaire.Slides[slideIndex];
slide.Validate();
slide.IsCompleted = true;
Context.QuestionnaireGateway.Set(questionaire);
return(EndpointResult.Success());
}
public async Task <EndpointResult> GetAuthorization(
AuthorizationParameter parameter,
ClaimsPrincipal claimsPrincipal,
string issuerName,
CancellationToken cancellationToken)
{
var processId = Id.Create();
var result = await _authorizationCodeGrantTypeParameterValidator.Validate(parameter, cancellationToken)
.ConfigureAwait(false);
Client client = null !;
switch (result)
{
case Option <Client> .Error error:
return(EndpointResult.CreateBadRequestResult(error.Details));
case Option <Client> .Result r:
client = r.Item;
break;
}
EndpointResult?endpointResult = null;
if (client.RequirePkce &&
(string.IsNullOrWhiteSpace(parameter.CodeChallenge) || parameter.CodeChallengeMethod == null))
{
_logger.LogError(string.Format(Strings.TheClientRequiresPkce, parameter.ClientId));
return(EndpointResult.CreateBadRequestResult(
new ErrorDetails
{
Title = ErrorCodes.InvalidRequest,
Detail = string.Format(Strings.TheClientRequiresPkce, parameter.ClientId),
Status = HttpStatusCode.BadRequest
}));
}
var responseTypes = parameter.ResponseType.ParseResponseTypes();
var authorizationFlow = responseTypes.GetAuthorizationFlow(parameter.State);
endpointResult = authorizationFlow switch
{
Option <AuthorizationFlow> .Error e => EndpointResult.CreateBadRequestResult(e.Details),
Option <AuthorizationFlow> .Result
{
Item : AuthorizationFlow.AuthorizationCodeFlow
} => await _getAuthorizationCodeOperation
public async Task When_There_Is_No_Logged_User_Then_Exception_Is_Throw()
{
var redirectInstruction = new EndpointResult {
RedirectInstruction = new RedirectInstruction()
};
await Assert.ThrowsAsync <ArgumentNullException>(
() => _generateAuthorizationResponse.Generate(
redirectInstruction,
new AuthorizationParameter(),
new ClaimsPrincipal(),
new Client(),
"",
CancellationToken.None))
.ConfigureAwait(false);
}
public EndpointResult AddItems(string id, IEnumerable <string> items)
{
RequiresAuthentication();
var result = Context.SelectionGateway.Get(id);
foreach (var item in items)
{
result.Items.Add(new Item {
Id = item
});
}
Context.SelectionGateway.Set(result);
return(EndpointResult.Success());
}
public async Task When_No_Client_Is_Passed_Then_Exception_Is_Thrown()
{
var redirectInstruction = new EndpointResult {
RedirectInstruction = new RedirectInstruction()
};
var claimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity("fake"));
await Assert.ThrowsAsync <NullReferenceException>(
() => _generateAuthorizationResponse.Generate(
redirectInstruction,
new AuthorizationParameter(),
claimsPrincipal,
null,
null,
CancellationToken.None))
.ConfigureAwait(false);
}
public EndpointResult <string> Unmount(Partition partition)
{
try
{
var result = new EndpointResult <string>();
var kebabDisplayName = partition.DisplayName.ToKebabCase();
_mount.Unmount(kebabDisplayName);
result.Succeed = true;
return(result);
}
catch (Exception) // details are logged in OSCommander's ILogger
{
return(new EndpointResult <string>()
{
Succeed = false,
ErrorMessage = "http.unmountError",
StatusCode = 461
});
}
}
public EndpointResult <string> DisableAutoMount(string uuid, Partition partition)
{
try
{
var result = new EndpointResult <string>();
var kebabDisplayName = partition.DisplayName.ToKebabCase();
_cron.Remove($"sudo mount -t auto /dev/disk/by-uuid/{uuid} /mnt/armnas/{kebabDisplayName}");
result.Succeed = true;
result.Result = "Partition auto mount disabled.";
return(result);
}
catch (Exception) // details are logged in OSCommander's ILogger
{
return(new EndpointResult <string>()
{
Succeed = false,
ErrorMessage = "http.autoMountDisableError",
StatusCode = 461
});
}
}
private void OnCompleteCreateEndPoint(EndpointResult result)
{
if (result.Status == Status.Success)
{
// Set the newly created endpoint available in result as active(my) endpoint.
this.RelayContext.Endpoint = result.EndPoint;
this.Dispatcher.BeginInvoke(
delegate
{
string name = UsernameTextBox.Text;
RendezvousService.RegisterNameAsync(HawaiiClient.HawaiiApplicationId, name, this.OnCompleteRegisterName);
});
NameRegistration nameRegistration = (NameRegistration)result.StateObject;
}
else
{
// Display a message box, in case of any error creating a new endpoint.
DisplayMessage("Error creating endpoint.", "Error");
error();
}
}
public EndpointResult <bool> CheckAutoMount(string uuid, Partition partition)
{
try
{
var result = new EndpointResult <bool>();
var kebabDisplayName = partition.DisplayName.ToKebabCase();
var res = _cron.Check("@reboot", $"sudo mount -t auto /dev/disk/by-uuid/{uuid} /mnt/armnas/{kebabDisplayName}");
result.Succeed = true;
result.Result = res;
return(result);
}
catch (Exception) // details are logged in OSCommander's ILogger
{
return(new EndpointResult <bool>()
{
Succeed = false,
ErrorMessage = "http.autoMountCheckError",
StatusCode = 461
});
}
}
public EndpointResult DeleteItems(string id, IEnumerable <string> items)
{
RequiresAuthentication();
var result = Context.SelectionGateway.Get(id);
foreach (var item in items)
{
var itemToDelete = result.Items.FirstOrDefault(i => i.Id == item);
if (itemToDelete == null)
{
continue;
}
result.Items.Remove(itemToDelete);
}
Context.SelectionGateway.Set(result);
return(EndpointResult.Success());
}
public async Task When_Prompt_Parameter_Contains_Login_Value_Then_Redirect_To_Index_Page()
{
var authorizationParameter = new AuthorizationParameter
{
Prompt = "login",
ClientId = "client",
Scope = "scope"
};
var claimsIdentity = new ClaimsIdentity("authServer");
var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
var result = await _authenticateResourceOwnerOpenIdAction.Execute(
authorizationParameter,
claimsPrincipal,
null,
null,
CancellationToken.None)
.ConfigureAwait(false);
Assert.Equal(
JsonConvert.SerializeObject(EndpointResult.CreateAnEmptyActionResultWithNoEffect()),
JsonConvert.SerializeObject(result));
}
public async Task When_Generating_AuthorizationResponse_With_IdToken_Then_IdToken_Is_Added_To_The_Parameters()
{
var claimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity("fake"));
// const string idToken = "idToken";
var clientId = "client";
var authorizationParameter =
new AuthorizationParameter {
ResponseType = ResponseTypeNames.IdToken, ClientId = clientId
};
var actionResult = new EndpointResult {
RedirectInstruction = new RedirectInstruction()
};
var client = new Client
{
ClientId = clientId,
JsonWebKeys =
TestKeys.SecretKey.CreateJwk(JsonWebKeyUseNames.Sig, KeyOperations.Sign, KeyOperations.Verify)
.ToSet(),
IdTokenSignedResponseAlg = SecurityAlgorithms.HmacSha256
};
_clientStore.Setup(x => x.GetById(It.IsAny <string>(), It.IsAny <CancellationToken>())).ReturnsAsync(client);
actionResult = await _generateAuthorizationResponse.Generate(
actionResult,
authorizationParameter,
claimsPrincipal,
client,
null,
CancellationToken.None)
.ConfigureAwait(false);
Assert.Contains(
actionResult.RedirectInstruction !.Parameters,
p => p.Name == StandardAuthorizationResponseNames.IdTokenName);
}
public Task <IEndpointResult> HandleAsync(int id)
{
return(Task.FromResult(EndpointResult.Json(new Book {
Id = id, Name = id.ToString()
}, id)));
}
public async Task <EndpointResult> ProcessRedirection(
AuthorizationParameter authorizationParameter,
string?code,
string subject,
Claim[] claims,
string?issuerName,
CancellationToken cancellationToken)
{
var client = authorizationParameter.ClientId == null
? null
: await _clientRepository.GetById(authorizationParameter.ClientId, cancellationToken)
.ConfigureAwait(false);
if (client == null)
{
throw new InvalidOperationException(SharedStrings.TheClientDoesntExist);
}
// Redirect to the consent page if the prompt parameter contains "consent"
EndpointResult result;
var prompts = authorizationParameter.Prompt.ParsePrompts();
if (prompts.Contains(PromptParameters.Consent) && code != null)
{
return(EndpointResult.CreateAnEmptyActionResultWithRedirection(
SimpleAuthEndPoints.ConsentIndex,
new Parameter("code", code)));
}
var assignedConsent = await _consentRepository
.GetConfirmedConsents(subject, authorizationParameter, cancellationToken)
.ConfigureAwait(false);
// If there's already one consent then redirect to the callback
if (assignedConsent != null)
{
var claimsIdentity = new ClaimsIdentity(claims, "SimpleAuth");
var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
result = await _generateAuthorizationResponse.Generate(
EndpointResult.CreateAnEmptyActionResultWithRedirectionToCallBackUrl(),
authorizationParameter,
claimsPrincipal,
client,
issuerName,
cancellationToken)
.ConfigureAwait(false);
var responseMode = authorizationParameter.ResponseMode;
if (responseMode != ResponseModes.None)
{
return(result with
{
RedirectInstruction = result.RedirectInstruction !with {
ResponseMode = responseMode
}
});
}
var responseTypes = authorizationParameter.ResponseType.ParseResponseTypes();
var authorizationFlow = GetAuthorizationFlow(authorizationParameter.State, responseTypes);
switch (authorizationFlow)
{
case Option <AuthorizationFlow> .Error e:
return(EndpointResult.CreateBadRequestResult(e.Details));
case Option <AuthorizationFlow> .Result r:
responseMode = GetResponseMode(r.Item);
break;
}
return(result with
{
RedirectInstruction = result.RedirectInstruction !with {
ResponseMode = responseMode
}
});
}
// If there's no consent & there's no consent prompt then redirect to the consent screen.
return(EndpointResult.CreateAnEmptyActionResultWithRedirection(
SimpleAuthEndPoints.ConsentIndex,
new Parameter("code", code ?? "")));
}
public Task <IEndpointResult> HandleAsync(int id)
{
return(Task.FromResult <IEndpointResult>(EndpointResult.StatusCode(id)));
}
public async Task <EndpointResult> Execute(
AuthorizationParameter authorizationParameter,
IPrincipal principal,
Client client,
string issuerName,
CancellationToken cancellationToken)
{
if (string.IsNullOrWhiteSpace(authorizationParameter.Nonce))
{
_logger.LogError(
string.Format(
Strings.MissingParameter,
CoreConstants.StandardAuthorizationRequestParameterNames.NonceName));
return(EndpointResult.CreateBadRequestResult(
new ErrorDetails
{
Title = ErrorCodes.InvalidRequest,
Detail = string.Format(
Strings.MissingParameter,
CoreConstants.StandardAuthorizationRequestParameterNames.NonceName),
Status = HttpStatusCode.BadRequest
}));
}
if (!client.CheckGrantTypes(GrantTypes.Implicit))
{
_logger.LogError(
string.Format(
Strings.TheClientDoesntSupportTheGrantType,
authorizationParameter.ClientId,
"implicit"));
return(EndpointResult.CreateBadRequestResult(
new ErrorDetails
{
Title = ErrorCodes.InvalidRequest,
Detail = string.Format(
Strings.TheClientDoesntSupportTheGrantType,
authorizationParameter.ClientId,
"implicit"),
Status = HttpStatusCode.BadRequest
}));
}
var claimsPrincipal = (ClaimsPrincipal)principal;
var result = await _processAuthorizationRequest.Process(
authorizationParameter,
claimsPrincipal,
client,
issuerName,
cancellationToken)
.ConfigureAwait(false);
if (result.Type == ActionResultType.RedirectToCallBackUrl)
{
result = await _generateAuthorizationResponse.Generate(
result,
authorizationParameter,
claimsPrincipal,
client,
issuerName,
cancellationToken)
.ConfigureAwait(false);
}
return(result);
}
/// <summary>
/// Fetch the scopes and client name from the ClientRepository and the parameter
/// Those information are used to create the consent screen.
/// </summary>
/// <param name="authorizationParameter">Authorization code grant type parameter.</param>
/// <param name="claimsPrincipal"></param>
/// <param name="issuerName"></param>
/// <param name="cancellationToken">The <see cref="CancellationToken"/> for the async operation.</param>
/// <returns>Action resultKind.</returns>
public async Task <DisplayContentResult> Execute(
AuthorizationParameter authorizationParameter,
ClaimsPrincipal claimsPrincipal,
string issuerName,
CancellationToken cancellationToken)
{
var client = authorizationParameter.ClientId == null
? null
: await _clientRepository.GetById(authorizationParameter.ClientId, cancellationToken)
.ConfigureAwait(false);
if (client == null)
{
return(new DisplayContentResult(
EndpointResult.CreateBadRequestResult(
new ErrorDetails
{
Title = ErrorCodes.InvalidRequest,
Detail = string.Format(Strings.ClientIsNotValid, authorizationParameter.ClientId),
Status = HttpStatusCode.BadRequest
})));
}
EndpointResult endpointResult;
var subject = claimsPrincipal.GetSubject() !;
var assignedConsent = await _consentRepository
.GetConfirmedConsents(subject, authorizationParameter, cancellationToken)
.ConfigureAwait(false);
// If there's already a consent then redirect to the callback
if (assignedConsent != null)
{
endpointResult = await _generateAuthorizationResponse.Generate(
EndpointResult.CreateAnEmptyActionResultWithRedirectionToCallBackUrl(),
authorizationParameter,
claimsPrincipal,
client,
issuerName,
cancellationToken)
.ConfigureAwait(false);
var responseMode = authorizationParameter.ResponseMode;
if (responseMode == ResponseModes.None)
{
var responseTypes = authorizationParameter.ResponseType.ParseResponseTypes();
var authorizationFlow = GetAuthorizationFlow(responseTypes, authorizationParameter.State);
switch (authorizationFlow)
{
case Option <AuthorizationFlow> .Error e:
return(new DisplayContentResult(EndpointResult.CreateBadRequestResult(e.Details)));
case Option <AuthorizationFlow> .Result r:
responseMode = GetResponseMode(r.Item);
break;
}
}
endpointResult = endpointResult with {
RedirectInstruction = endpointResult.RedirectInstruction !with {
ResponseMode = responseMode
}
};
return(new DisplayContentResult(endpointResult));
}
ICollection <string> allowedClaims = Array.Empty <string>();
ICollection <Scope> allowedScopes = Array.Empty <Scope>();
var claimsParameter = authorizationParameter.Claims;
if (claimsParameter.IsAnyIdentityTokenClaimParameter() || claimsParameter.IsAnyUserInfoClaimParameter())
{
allowedClaims = claimsParameter.GetClaimNames();
}
else
{
allowedScopes =
(await GetScopes(authorizationParameter.Scope !, cancellationToken).ConfigureAwait(false))
.Where(s => s.IsDisplayedInConsent)
.ToList();
}
endpointResult = EndpointResult.CreateAnEmptyActionResultWithOutput();
return(new DisplayContentResult(client, allowedScopes, allowedClaims, endpointResult));
}
public Task <IEndpointResult> HandleAsync(CancellationToken cancellationToken)
{
authService.SignOut();
return(Task.FromResult(EndpointResult.NoContent()));
}
public async Task <EndpointResult> Generate(
EndpointResult endpointResult,
AuthorizationParameter authorizationParameter,
ClaimsPrincipal claimsPrincipal,
Client client,
string?issuerName,
CancellationToken cancellationToken)
{
var allowedTokenScopes = string.Empty;
GrantedToken?grantedToken = null;
var responses = authorizationParameter.ResponseType.ParseResponseTypes();
var generateIdToken = await GenerateIdTokenPayload(
claimsPrincipal,
authorizationParameter,
issuerName,
cancellationToken)
.ConfigureAwait(false);
if (generateIdToken is Option <JwtPayload> .Result p)
{
var idTokenPayload = p.Item;
var payload = await GenerateUserInformationPayload(
claimsPrincipal,
authorizationParameter,
cancellationToken)
.ConfigureAwait(false);
if (payload is Option <JwtPayload> .Error er)
{
return(EndpointResult.CreateBadRequestResult(er.Details));
}
var userInformationPayload = (payload as Option <JwtPayload> .Result) !.Item;
if (responses.Contains(ResponseTypeNames.Token))
{
// 1. Generate an access token.
var tokenScopes = authorizationParameter.Scope.ParseScopes();
allowedTokenScopes = string.Join(' ', tokenScopes);
grantedToken = await _tokenStore.GetValidGrantedToken(
_jwksStore,
allowedTokenScopes,
client.ClientId,
cancellationToken,
idTokenJwsPayload : userInformationPayload,
userInfoJwsPayload : idTokenPayload)
.ConfigureAwait(false)
?? await client.GenerateToken(
_jwksStore,
tokenScopes,
issuerName,
userInformationPayload,
idTokenPayload,
cancellationToken : cancellationToken,
claimsPrincipal.Claims.Where(
c => client.UserClaimsToIncludeInAuthToken.Any(
r => r.IsMatch(c.Type)))
.ToArray())
.ConfigureAwait(false);
endpointResult = endpointResult with
{
RedirectInstruction = endpointResult.RedirectInstruction !.AddParameter(
StandardAuthorizationResponseNames.AccessTokenName,
grantedToken.AccessToken)
};
}
AuthorizationCode?authorizationCode = null;
var authorizationParameterClientId = authorizationParameter.ClientId;
if (responses.Contains(ResponseTypeNames.Code)) // 2. Generate an authorization code.
{
var subject = claimsPrincipal.GetSubject() !;
var assignedConsent = await _consentRepository
.GetConfirmedConsents(subject, authorizationParameter, cancellationToken)
.ConfigureAwait(false);
if (assignedConsent != null)
{
if (authorizationParameterClientId == null ||
authorizationParameter.RedirectUrl == null ||
authorizationParameter.Scope == null)
{
throw new ArgumentException(Strings.MissingValues, nameof(authorizationParameter));
}
// Insert a temporary authorization code
// It will be used later to retrieve tha id_token or an access token.
authorizationCode = new AuthorizationCode
{
Code = Id.Create(),
RedirectUri = authorizationParameter.RedirectUrl,
CreateDateTime = DateTimeOffset.UtcNow,
ClientId = authorizationParameterClientId,
Scopes = authorizationParameter.Scope,
IdTokenPayload = idTokenPayload,
UserInfoPayLoad = userInformationPayload
};
endpointResult = endpointResult with
{
RedirectInstruction = endpointResult.RedirectInstruction !.AddParameter(
StandardAuthorizationResponseNames.AuthorizationCodeName,
authorizationCode.Code)
};
}
}
_jwtGenerator.FillInOtherClaimsIdentityTokenPayload(
idTokenPayload,
authorizationCode == null ? string.Empty : authorizationCode.Code,
grantedToken == null ? string.Empty : grantedToken.AccessToken,
client);
if (grantedToken != null)
// 3. Insert the stateful access token into the DB OR insert the access token into the caching.
{
if (authorizationParameterClientId == null || authorizationParameter.ResponseType == null)
{
throw new ArgumentException(Strings.MissingValues, nameof(authorizationParameter));
}
await _tokenStore.AddToken(grantedToken, cancellationToken).ConfigureAwait(false);
await _eventPublisher.Publish(
new TokenGranted(
Id.Create(),
claimsPrincipal.GetSubject(),
authorizationParameterClientId,
allowedTokenScopes,
authorizationParameter.ResponseType,
DateTimeOffset.UtcNow))
.ConfigureAwait(false);
}
if (authorizationCode != null) // 4. Insert the authorization code into the caching.
{
if (client.RequirePkce)
{
authorizationCode = authorizationCode with
{
CodeChallenge = authorizationParameter.CodeChallenge ?? string.Empty,
CodeChallengeMethod = authorizationParameter.CodeChallengeMethod ?? string.Empty
};
}
await _authorizationCodeStore.Add(authorizationCode, cancellationToken).ConfigureAwait(false);
await _eventPublisher.Publish(
new AuthorizationGranted(
Id.Create(),
claimsPrincipal.GetSubject(),
authorizationParameterClientId !,
DateTimeOffset.UtcNow))
.ConfigureAwait(false);
}
if (responses.Contains(ResponseTypeNames.IdToken))
{
var idToken = await _clientStore.GenerateIdToken(
authorizationParameterClientId !,
idTokenPayload,
_jwksStore,
cancellationToken)
.ConfigureAwait(false);
endpointResult = endpointResult with
{
RedirectInstruction = endpointResult.RedirectInstruction !.AddParameter(
StandardAuthorizationResponseNames.IdTokenName,
idToken)
};
}
if (!string.IsNullOrWhiteSpace(authorizationParameter.State))
{
endpointResult = endpointResult with
{
RedirectInstruction = endpointResult.RedirectInstruction !.AddParameter(
StandardAuthorizationResponseNames.StateName,
authorizationParameter.State)
};
}
var sessionState = GetSessionState(
authorizationParameterClientId,
authorizationParameter.OriginUrl,
authorizationParameter.SessionId);
if (sessionState != null)
{
endpointResult = endpointResult with
{
RedirectInstruction = endpointResult.RedirectInstruction !.AddParameter(
StandardAuthorizationResponseNames.SessionState,
sessionState)
};
}
if (authorizationParameter.ResponseMode == ResponseModes.FormPost)
{
endpointResult = endpointResult with
{
Type = ActionResultType.RedirectToAction,
RedirectInstruction = endpointResult.RedirectInstruction !.AddParameter(
"redirect_uri",
authorizationParameter.RedirectUrl?.AbsoluteUri) with
{
Action = SimpleAuthEndPoints.FormIndex
}
};
}
// Set the response mode
if (endpointResult.Type == ActionResultType.RedirectToCallBackUrl)
{
var responseMode = authorizationParameter.ResponseMode;
if (responseMode == ResponseModes.None)
{
var responseTypes = authorizationParameter.ResponseType.ParseResponseTypes();
var authorizationFlow = responseTypes.GetAuthorizationFlow(authorizationParameter.State);
switch (authorizationFlow)
{
case Option <AuthorizationFlow> .Error error:
return(EndpointResult.CreateBadRequestResult(error.Details));
case Option <AuthorizationFlow> .Result r:
responseMode = CoreConstants.MappingAuthorizationFlowAndResponseModes[r.Item];
break;
}
}
endpointResult = endpointResult with
{
RedirectInstruction = endpointResult.RedirectInstruction !with {
ResponseMode = responseMode
}
};
}
return(endpointResult);
}
var e = generateIdToken as Option <JwtPayload> .Error;
return(EndpointResult.CreateBadRequestResult(e !.Details));
}
public DisplayContentResult(EndpointResult endpointResult)
{
EndpointResult = endpointResult;
}
