public static ListedCapabilityStatement AddProxyOAuthSecurityService(this ListedCapabilityStatement statement, IUrlResolver urlResolver, string authorizeRouteName, string tokenRouteName)
{
EnsureArg.IsNotNull(statement, nameof(statement));
EnsureArg.IsNotNull(urlResolver, nameof(urlResolver));
EnsureArg.IsNotNullOrWhiteSpace(authorizeRouteName, nameof(authorizeRouteName));
EnsureArg.IsNotNullOrWhiteSpace(tokenRouteName, nameof(tokenRouteName));
var restComponent = statement.GetListedRestComponent();
var security = restComponent.Security ?? new CapabilityStatement.SecurityComponent();
security.Service.Add(Constants.RestfulSecurityServiceOAuth);
var tokenEndpoint = urlResolver.ResolveRouteNameUrl(tokenRouteName, null);
var authorizationEndpoint = urlResolver.ResolveRouteNameUrl(authorizeRouteName, null);
var smartExtension = new Extension()
{
Url = Constants.SmartOAuthUriExtension,
Extension = new List <Extension>
{
new Extension(Constants.SmartOAuthUriExtensionToken, new FhirUri(tokenEndpoint)),
new Extension(Constants.SmartOAuthUriExtensionAuthorize, new FhirUri(authorizationEndpoint)),
},
};
security.Extension.Add(smartExtension);
restComponent.Security = security;
return(statement);
}
private void AddProxyOAuthSecurityService(ListedCapabilityStatement statement, string authorizeRouteName, string tokenRouteName)
{
EnsureArg.IsNotNull(statement, nameof(statement));
EnsureArg.IsNotNullOrWhiteSpace(authorizeRouteName, nameof(authorizeRouteName));
EnsureArg.IsNotNullOrWhiteSpace(tokenRouteName, nameof(tokenRouteName));
ListedRestComponent restComponent = statement.Rest.Server();
SecurityComponent security = restComponent.Security ?? new SecurityComponent();
var codableConceptInfo = new CodableConceptInfo();
security.Service.Add(codableConceptInfo);
codableConceptInfo.Coding.Add(_modelInfoProvider.Version == FhirSpecification.Stu3
? Constants.RestfulSecurityServiceStu3OAuth
: Constants.RestfulSecurityServiceOAuth);
Uri tokenEndpoint = _urlResolver.ResolveRouteNameUrl(tokenRouteName, null);
Uri authorizationEndpoint = _urlResolver.ResolveRouteNameUrl(authorizeRouteName, null);
var smartExtension = new
{
url = Constants.SmartOAuthUriExtension,
extension = new[]
{
new
{
url = Constants.SmartOAuthUriExtensionToken,
valueUri = tokenEndpoint,
},
new
{
url = Constants.SmartOAuthUriExtensionAuthorize,
valueUri = authorizationEndpoint,
},
},
};
security.Extension.Add(JObject.FromObject(smartExtension));
restComponent.Security = security;
}
public void GivenIncompleteQueryParams_WhenAuthorizeRequestAction_ThenRedirectResultReturned(
string responseType, string clientId, string redirectUri, string launch, string scope, string state, string aud)
{
Uri redirect = null;
if (!string.IsNullOrEmpty(redirectUri))
{
redirect = new Uri(redirectUri);
}
_urlResolver.ResolveRouteNameUrl(Arg.Any <string>(), Arg.Any <IDictionary <string, object> >()).Returns(redirect);
var result = _controller.Authorize(responseType, clientId, redirect, launch, scope, state, aud);
var redirectResult = result as RedirectResult;
Assert.NotNull(redirectResult);
var uri = new Uri(redirectResult.Url);
var queryParams = HttpUtility.ParseQueryString(uri.Query);
Assert.Equal(responseType, queryParams["response_type"]);
Assert.Equal(clientId, queryParams["client_id"]);
if (!string.IsNullOrEmpty(redirectUri))
{
Assert.Contains(redirect.Host, uri.AbsoluteUri);
}
if (!string.IsNullOrEmpty(scope))
{
Assert.NotNull(queryParams["scope"]);
}
if (!string.IsNullOrEmpty(state))
{
Assert.NotNull(queryParams["state"]);
}
}
public ActionResult AvailableVersions()
{
_logger.LogInformation("Attempting to get available schemas");
var availableSchemas = new List <object>();
var currentVersion = _schemaInformation.Current ?? 0;
foreach (var version in Enum.GetValues(typeof(SchemaVersion)).Cast <SchemaVersion>().Where(sv => sv >= currentVersion))
{
var routeValues = new Dictionary <string, object> {
{ "id", (int)version }
};
Uri scriptUri = _urlResolver.ResolveRouteNameUrl(RouteNames.Script, routeValues);
availableSchemas.Add(new { id = version, script = scriptUri });
}
return(new JsonResult(availableSchemas));
}
public ActionResult Authorize(
[FromQuery(Name = "response_type")] string responseType,
[FromQuery(Name = "client_id")] string clientId,
[FromQuery(Name = "redirect_uri")] Uri redirectUri,
[FromQuery(Name = "launch")] string launch,
[FromQuery(Name = "scope")] string scope,
[FromQuery(Name = "state")] string state,
[FromQuery(Name = "aud")] string aud)
{
if (string.IsNullOrEmpty(launch))
{
launch = Base64UrlEncoder.Encode("{}");
}
var newStateObj = new JObject
{
{ "s", state },
{ "l", launch },
};
var queryBuilder = new QueryBuilder();
if (!string.IsNullOrEmpty(responseType))
{
queryBuilder.Add("response_type", responseType);
}
if (!string.IsNullOrEmpty(clientId))
{
queryBuilder.Add("client_id", clientId);
}
try
{
var callbackUrl = _urlResolver.ResolveRouteNameUrl(RouteNames.AadSmartOnFhirProxyCallback, new RouteValueDictionary {
{ "encodedRedirect", Base64UrlEncoder.Encode(redirectUri.ToString()) }
});
queryBuilder.Add("redirect_uri", callbackUrl.AbsoluteUri);
}
catch (Exception ex)
{
_logger.LogDebug(ex, "Redirect URL passed to Authorize failed to resolve.");
}
if (!_isAadV2 && !string.IsNullOrEmpty(aud))
{
queryBuilder.Add("resource", aud);
}
else if (!string.IsNullOrEmpty(scope))
{
// Azure AD v2.0 uses fully qualified scopes and does not allow '/' (slash)
// We add qualification to scopes and replace '/' -> '$'
var scopes = scope.Split(' ');
var scopesBuilder = new StringBuilder();
string[] wellKnownScopes = { "profile", "openid", "email", "offline_access" };
foreach (var s in scopes)
{
if (wellKnownScopes.Contains(s))
{
scopesBuilder.Append($"{s} ");
}
else
{
scopesBuilder.Append($"{aud}/{s.Replace('/', '$')} ");
}
}
var newScopes = scopesBuilder.ToString().TrimEnd(' ');
queryBuilder.Add("scope", Uri.EscapeDataString(newScopes));
}
if (!string.IsNullOrEmpty(state))
{
string newState = Base64UrlEncoder.Encode(newStateObj.ToString());
queryBuilder.Add("state", newState);
}
return(Redirect($"{_aadAuthorizeEndpoint}{queryBuilder}"));
}
