public async Task <IActionResult> Index(string returnUrl, CancellationToken cancellationToken)
{
if (string.IsNullOrWhiteSpace(returnUrl))
{
return(RedirectToAction("Index", "Errors", new { code = "invalid_request", ReturnUrl = $"{Request.Path}{Request.QueryString}", area = string.Empty }));
}
try
{
var query = Unprotect(returnUrl).GetQueries().ToJObj();
var clientId = query.GetClientIdFromAuthorizationRequest();
var client = await OAuthClientQueryRepository.FindOAuthClientById(clientId, cancellationToken);
var loginHint = query.GetLoginHintFromAuthorizationRequest();
return(View(new AuthenticateViewModel(returnUrl,
loginHint,
_translationHelper.Translate(client.ClientNames),
_translationHelper.Translate(client.LogoUris),
_translationHelper.Translate(client.TosUris),
_translationHelper.Translate(client.PolicyUris))));
}
catch (CryptographicException)
{
return(RedirectToAction("Index", "Errors", new { code = "invalid_request", ReturnUrl = $"{Request.Path}{Request.QueryString}", area = string.Empty }));
}
}
public async Task <IActionResult> Index(string returnUrl, CancellationToken cancellationToken)
{
if (string.IsNullOrWhiteSpace(returnUrl))
{
return(RedirectToAction("Index", "Errors", new { code = "invalid_request", ReturnUrl = $"{Request.Path}{Request.QueryString}", area = string.Empty }));
}
try
{
var schemes = await _authenticationSchemeProvider.GetAllSchemesAsync();
var query = Unprotect(returnUrl).GetQueries().ToJObj();
var clientId = query.GetClientIdFromAuthorizationRequest();
var client = await OAuthClientQueryRepository.FindOAuthClientById(clientId, cancellationToken);
var loginHint = query.GetLoginHintFromAuthorizationRequest();
var externalIdProviders = schemes.Where(s => !string.IsNullOrWhiteSpace(s.DisplayName));
return(View(new AuthenticateViewModel(
loginHint,
returnUrl,
_translationHelper.Translate(client.ClientNames),
_translationHelper.Translate(client.LogoUris),
_translationHelper.Translate(client.TosUris),
_translationHelper.Translate(client.PolicyUris),
externalIdProviders.Select(e => new OpenID.UI.ViewModels.ExternalIdProvider
{
AuthenticationScheme = e.Name,
DisplayName = e.DisplayName
}).ToList())));
}
catch (CryptographicException)
{
return(RedirectToAction("Index", "Errors", new { code = "invalid_request", ReturnUrl = $"{Request.Path}{Request.QueryString}", area = string.Empty }));
}
}
public virtual async Task <OAuthClient> GetClient(string clientId, HandlerContext handlerContext, CancellationToken cancellationToken)
{
var accessToken = handlerContext.Request.GetToken(AutenticationSchemes.Bearer, AutenticationSchemes.Basic);
if (string.IsNullOrWhiteSpace(accessToken))
{
Logger.LogError("access token is missing");
throw new OAuthUnauthorizedException(ErrorCodes.INVALID_TOKEN, ErrorMessages.MISSING_ACCESS_TOKEN);
}
var clients = await OAuthClientQueryRepository.Find(new Persistence.Parameters.SearchClientParameter
{
RegistrationAccessToken = accessToken
}, cancellationToken);
if (!clients.Content.Any())
{
Logger.LogError($"access token '{accessToken}' is invalid");
throw new OAuthUnauthorizedException(ErrorCodes.INVALID_TOKEN, ErrorMessages.BAD_ACCESS_TOKEN);
}
var client = clients.Content.First();
if (client.ClientId != clientId)
{
client.RegistrationAccessToken = null;
await OAuthClientCommandRepository.Update(client, cancellationToken);
await OAuthClientCommandRepository.SaveChanges(cancellationToken);
Logger.LogError($"access token '{accessToken}' can be used for the client '{client.ClientId}' and not for the client '{clientId}'");
throw new OAuthUnauthorizedException(ErrorCodes.INVALID_TOKEN, string.Format(ErrorMessages.ACCESS_TOKEN_VALID_CLIENT, client.ClientId, clientId));
}
return(client);
}
