Exemplo n.º 1
0
        /// <summary>
        /// Implicit
        /// </summary>
        /// <param name="oidc"></param>
        /// <returns></returns>
        public static string AuthorizeUrl(OidcSpec oidc)
        {
            // https://leastprivilege.com/2016/02/02/pkce-support-in-identityserver-and-identitymodel/
            var nonce = CryptoRandom.CreateRandomKeyString(64);


            return(new AuthorizeRequest(AuthorizeEndpoint)
                   .CreateAuthorizeUrl(
                       clientId: oidc.clientId,
                       responseType: oidc.responseType, // OidcConstants.ResponseTypes.IdTokenToken,
                       scope: oidc.scope,               //"openid profile idm roles",
                       redirectUri: oidc.redirectUri,   // $"http://localhost:1391/Home/PostResult",
                       responseMode: oidc.responseMode, //OidcConstants.ResponseModes.FormPost
                       nonce: nonce,
                       acrValues: oidc.acrValues
                       ));
        }
Exemplo n.º 2
0
        /// <summary>
        /// Authorize With Code Challenge
        /// allows for hybrid client setup to get in one request: auth_code, id_token and access_token
        /// </summary>
        /// <param name="oidc"></param>
        /// <returns>
        /// Item1: AuthorizeUrl,
        /// Item2: challenge,
        /// Item3: verifier
        /// </returns>
        public static (string, string, string) AuthorizeUrlWithCodeChallenge(OidcSpec oidc)
        {
            // https://leastprivilege.com/2016/02/02/pkce-support-in-identityserver-and-identitymodel/

            var nonce     = CryptoRandom.CreateRandomKeyString(64);
            var verifier  = CryptoRandom.CreateRandomKeyString(64);
            var challenge = verifier.ToSha256();

            return(new AuthorizeRequest(AuthorizeEndpoint)
                   .CreateAuthorizeUrl(
                       clientId: oidc.clientId,
                       responseType: oidc.responseType, // OidcConstants.ResponseTypes.CodeIdTokenToken,
                       scope: oidc.scope,               //"openid profile idm roles",
                       redirectUri: oidc.redirectUri,   // $"http://localhost:1391/Home/PostResult",
                       nonce: nonce,
                       acrValues: oidc.acrValues,
                       responseMode: oidc.responseMode,//OidcConstants.ResponseModes.FormPost
                       codeChallenge: challenge,
                       codeChallengeMethod: OidcConstants.CodeChallengeMethods.Sha256

                       ), challenge, verifier);
        }