static void InitializeMessageStructures() { // In all cases, we only bother declaring the secret readers we // actually need for the protocol flow. Maybe this is a bad habit. authorizationCodeRequestStructure = new MessageStructure <AuthorizationCodeRequest>() { BrowserOnly = true }; authorizationCodeRequestStructure.AddSecret(nameof(AuthorizationCodeRequest.state), // The sender (the client) gets implicitly added. (msg) => new Principal[] { msg.rpPrincipal }); authorizationCodeResponseStructure = new MessageStructure <AuthorizationCodeResponse>() { BrowserOnly = true }; authorizationCodeResponseStructure.AddSecret(nameof(AuthorizationCodeRequest.state), (msg) => new Principal[] { }); authorizationCodeResponseStructure.AddSecret(nameof(AuthorizationCodeResponse.authorizationCode), (msg) => new Principal[] { googlePrincipal }); validationRequestStructure = new MessageStructure <ValidationRequest>(); validationRequestStructure.AddSecret(nameof(AuthorizationCodeResponse.authorizationCode), (msg) => new Principal[] { }); // Nothing interesting here. validationResponseStructure = new MessageStructure <ValidationResponse>(); }
static void InitializeMessageStructures() { idTokenRequestStructure = new MessageStructure <IdTokenRequest>() { BrowserOnly = true }; idTokenRequestStructure.AddSecret(nameof(IdTokenRequest.state), // The sender (the client) gets implicitly added. // It doesn't matter whether we add the IdP here. Convention? (msg) => new Principal[] { msg.rpPrincipal }); idTokenResponseStructure = new MessageStructure <IdTokenResponse>() { BrowserOnly = true }; idTokenResponseStructure.AddSecret(nameof(IdTokenRequest.state), // We're not passing the state along further, so we don't have to declare any readers. (msg) => new Principal[] { }); idTokenResponseStructure.AddMessagePayloadSecret(nameof(IdTokenResponse.idToken), (msg) => new Principal[] { }, new GoogleIdTokenVerifier(), true); }