private object RequestAccessToken(IServiceBase authService, IAuthSession session, string code,
IAuthTokens tokens)
{
try
{
var appDirectory = GetDirectoryNameFromUsername(session.UserName);
var appRegistry = authService.TryResolve <IApplicationRegistryService>();
if (appRegistry == null)
{
throw new InvalidOperationException(
$"No {nameof(IApplicationRegistryService)} found registered in AppHost.");
}
var registration = appRegistry.GetApplicationByDirectoryName(appDirectory);
if (registration == null)
{
throw new UnauthorizedAccessException($"Authorization for directory @{appDirectory} failed.");
}
try
{
var now = DateTimeOffset.UtcNow;
var tokenResponse = _graphService.RequestAuthToken(new AuthTokenRequest
{
CallbackUrl = CallbackUrl,
Registration = registration,
RequestCode = code,
Scopes = Scopes
});
tokens.AccessTokenSecret = tokenResponse.AccessToken;
tokens.RefreshToken = tokenResponse.RefreshToken;
var tokenCache = authService.TryResolve <ITokenCache>();
tokenCache.UpdateTokenCache(new UserAuthTokenCache
{
AccessToken = tokenResponse.AccessToken,
RefreshToken = tokenResponse.RefreshToken,
AccessTokenExpiration = now.AddSeconds(int.Parse(tokenResponse.TokenExpirationSeconds)),
RefreshTokenExpiration = now.AddSeconds(TimeSpan.FromDays(14).TotalSeconds - 1),
IdToken = tokenResponse.IdToken,
UserName = session.UserName
});
return(OnAuthenticated(authService, session, tokens, tokenResponse.AuthData.ToDictionary())
??
authService.Redirect(SuccessRedirectUrlFilter(this, session.ReferrerUrl.SetParam("s", "1"))));
}
catch (AzureServiceException ase)
{
return(RedirectDueToFailure(authService, session, ase.ErrorData));
}
// var postData =
// $"grant_type=authorization_code&redirect_uri={CallbackUrl.UrlEncode()}&code={code}&client_id={registration.ClientId}&client_secret={registration.ClientSecret.UrlEncode()}&scope={BuildScopesFragment()}";
// var result = MsGraph.TokenUrl.PostToUrl(postData);
//
// var authInfo = JsonObject.Parse(result);
// var authInfoNvc = authInfo.ToNameValueCollection();
// if (HasError(authInfoNvc))
// return RedirectDueToFailure(authService, session, authInfoNvc);
// tokens.AccessTokenSecret = authInfo["access_token"];
// tokens.RefreshToken = authInfo["refresh_token"];
// return OnAuthenticated(authService, session, tokens, authInfo.ToDictionary())
// ?? authService.Redirect(SuccessRedirectUrlFilter(this, session.ReferrerUrl.SetParam("s", "1")));
}
catch (WebException webException)
{
if (webException.Response == null)
{
return(RedirectDueToFailure(authService, session, new NameValueCollection
{
{ "error", webException.GetType().ToString() },
{ "error_description", webException.Message }
}));
}
Log.Error("Auth Failure", webException);
var response = ((HttpWebResponse)webException.Response);
var responseText = Encoding.UTF8.GetString(
response.GetResponseStream().ReadFully());
var errorInfo = JsonObject.Parse(responseText).ToNameValueCollection();
return(RedirectDueToFailure(authService, session, errorInfo));
}
}
private object RequestAccessToken(IServiceBase authService, IAuthSession session, string code,
IAuthTokens tokens, Authenticate request)
{
try
{
var appRegistry = authService.TryResolve <IApplicationRegistryService>();
if (appRegistry == null)
{
throw new InvalidOperationException(
$"No {nameof(IApplicationRegistryService)} found registered in AppHost.");
}
var registration = ApplicationDirectoryResolver(authService, appRegistry, session);
if (registration == null)
{
throw new UnauthorizedAccessException($"Authorization for directory failed.");
}
try
{
var tokenResponse = _graphService.RequestAuthToken(new AuthTokenRequest
{
CallbackUrl = CallbackUrl,
Registration = registration,
RequestCode = code,
Scopes = Scopes
});
tokens.AccessTokenSecret = tokenResponse.AccessToken;
tokens.RefreshToken = tokenResponse.RefreshToken;
var res = OnAuthenticated(authService, session, tokens, tokenResponse.AuthData.ToDictionary());
if (res == null)
{
return(authService.Redirect(SuccessRedirectUrlFilter(this, session.ReferrerUrl.SetParam("s", "1"))));
}
if (!registration.AllowAllWindowsAuthUsers)
{
if (!tokens.Items.ContainsKey("security-groups"))
{
throw HttpError.Unauthorized(ErrorMessages.WindowsAuthFailed);
}
var groups = JsonSerializer.DeserializeFromString <string[]>(tokens.Items["security-groups"]);
foreach (var requiredRole in registration.LimitAccessToRoles)
{
if (groups.Contains(requiredRole))
{
return(res);
}
}
throw HttpError.Unauthorized(ErrorMessages.WindowsAuthFailed);
}
return(res);
}
catch (AzureServiceException ase)
{
return(RedirectDueToFailure(authService, session, ase.ErrorData));
}
}
catch (WebException webException)
{
if (webException.Response == null)
{
return(RedirectDueToFailure(authService, session, new NameValueCollection
{
{ "error", webException.GetType().ToString() },
{ "error_description", webException.Message }
}));
}
Log.Error("Auth Failure", webException);
var response = (HttpWebResponse)webException.Response;
var responseText = Encoding.UTF8.GetString(
response.GetResponseStream().ReadFully());
var errorInfo = JsonObject.Parse(responseText).ToNameValueCollection();
return(RedirectDueToFailure(authService, session, errorInfo));
}
}
