/*** implementing the methods for AuthenticationConclusion ***/
public override GenericAuth.AuthenticationConclusion createConclusionOidcImplicit(
OIDC10.AuthenticationResponse_with_id_token authenticationResponse)
{
var AuthConclusion = new GenericAuth.AuthenticationConclusion();
AuthConclusion.channel = authenticationResponse.SVX_sender;
OIDC10.JwtTokenBody jwtTokenBody = authenticationResponse.id_token.theParams;
if (jwtTokenBody.aud != this.client_id)
{
throw new Exception("client_id in the jwtToken is not of this relying party.");
}
var userProfile = new GGUserProfile();
userProfile.UserID = ((GGJwtToken)jwtTokenBody).sub;
userProfile.Email = ((GGJwtToken)jwtTokenBody).email;
userProfile.GG_ID = ((GGJwtToken)jwtTokenBody).sub;
userProfile.FullName = getFullName(authenticationResponse.access_token);
//checking CSRF_state
var stateParams = new OAuth20.StateParams
{
client = authenticationResponse.SVX_sender,
idpPrincipal = idpParticipantId.principal
};
stateGenerator.Verify(stateParams, authenticationResponse.state);
AuthConclusion.userProfile = userProfile;
AuthConclusion.userProfile.Authority = "Google.com";
return(AuthConclusion);
}
// Very little of this is Weibo-specific. Consider moving it to
// OAuth20. (Exception: it's unclear if the user profile request is an
// OAuth20 concept at all, so maybe the entirety of that should move to
// Weibo with only a hook remaining in OAuth20.)
/*** implementing the methods for AuthorizationRequest ***/
public override OAuth20.AuthorizationRequest createAuthorizationRequest(SVX.Channel client)
{
var authorizationRequest = new OAuth20.AuthorizationRequest();
authorizationRequest.client_id = client_id;
authorizationRequest.response_type = "code";
//authorizationRequest.scope = "user_about_me email";
authorizationRequest.redirect_uri = redirect_uri;
var stateParams = new OAuth20.StateParams
{
client = client,
idpPrincipal = idpParticipantId.principal
};
authorizationRequest.state = stateGenerator.Generate(stateParams, SVX_Principal);
return(authorizationRequest);
}
/*** implementing the methods for AccessTokenRequest ***/
public override OAuth20.AccessTokenRequest createAccessTokenRequest(OAuth20.AuthorizationResponse authorizationResponse)
{
var stateParams = new OAuth20.StateParams
{
client = authorizationResponse.SVX_sender,
idpPrincipal = idpParticipantId.principal
};
stateGenerator.Verify(stateParams, authorizationResponse.state);
OAuth20.AccessTokenRequest _AccessTokenRequest = new OAuth20.AccessTokenRequest();
_AccessTokenRequest.client_id = client_id;
_AccessTokenRequest.code = authorizationResponse.code;
_AccessTokenRequest.redirect_uri = redirect_uri;
_AccessTokenRequest.grant_type = "authorization_code";
_AccessTokenRequest.client_secret = client_secret;
return(_AccessTokenRequest);
}
/*** implementing the methods for AccessTokenRequest ***/
public override OAuth20.AccessTokenRequest createAccessTokenRequest(OAuth20.AuthorizationResponse authorizationResponse)
{
var stateParams = new OAuth20.StateParams
{
client = authorizationResponse.SVX_sender,
idpPrincipal = idpParticipantId.principal
};
stateGenerator.Verify(stateParams, authorizationResponse.state);
OAuth20.AccessTokenRequest _AccessTokenRequest = new OAuth20.AccessTokenRequest();
//Facebook's access token request doesn't need "grant_type=authorization_code".
//See https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow
_AccessTokenRequest.client_id = client_id;
_AccessTokenRequest.code = authorizationResponse.code;
_AccessTokenRequest.redirect_uri = redirect_uri;
_AccessTokenRequest.client_secret = client_secret;
return(_AccessTokenRequest);
}
public override OAuth20.AuthorizationRequest createAuthorizationRequest(SVX.Channel client)
{
GGAuthenticationRequest GGAuthenticationRequest = new GGAuthenticationRequest();
GGAuthenticationRequest.client_id = client_id;
GGAuthenticationRequest.response_type = "id_token token";
GGAuthenticationRequest.scope = "openid email profile";
GGAuthenticationRequest.redirect_uri = redirect_uri;
GGAuthenticationRequest.response_mode = "form_post";
var stateParams = new OAuth20.StateParams
{
client = client,
idpPrincipal = idpParticipantId.principal
};
GGAuthenticationRequest.state = stateGenerator.Generate(stateParams, SVX_Principal);
HashAlgorithm hashAlgo = SHA1.Create();
GGAuthenticationRequest.nonce = BitConverter.ToString(hashAlgo.ComputeHash(System.Text.Encoding.UTF8.GetBytes(client.id)));
return(GGAuthenticationRequest);
}
