/// <summary>
/// Implicit
/// </summary>
/// <param name="oidc"></param>
/// <returns></returns>
public static string AuthorizeUrl(OidcSpec oidc)
{
// https://leastprivilege.com/2016/02/02/pkce-support-in-identityserver-and-identitymodel/
var nonce = CryptoRandom.CreateRandomKeyString(64);
return(new AuthorizeRequest(AuthorizeEndpoint)
.CreateAuthorizeUrl(
clientId: oidc.clientId,
responseType: oidc.responseType, // OidcConstants.ResponseTypes.IdTokenToken,
scope: oidc.scope, //"openid profile idm roles",
redirectUri: oidc.redirectUri, // $"http://localhost:1391/Home/PostResult",
responseMode: oidc.responseMode, //OidcConstants.ResponseModes.FormPost
nonce: nonce,
acrValues: oidc.acrValues
));
}
/// <summary>
/// Authorize With Code Challenge
/// allows for hybrid client setup to get in one request: auth_code, id_token and access_token
/// </summary>
/// <param name="oidc"></param>
/// <returns>
/// Item1: AuthorizeUrl,
/// Item2: challenge,
/// Item3: verifier
/// </returns>
public static (string, string, string) AuthorizeUrlWithCodeChallenge(OidcSpec oidc)
{
// https://leastprivilege.com/2016/02/02/pkce-support-in-identityserver-and-identitymodel/
var nonce = CryptoRandom.CreateRandomKeyString(64);
var verifier = CryptoRandom.CreateRandomKeyString(64);
var challenge = verifier.ToSha256();
return(new AuthorizeRequest(AuthorizeEndpoint)
.CreateAuthorizeUrl(
clientId: oidc.clientId,
responseType: oidc.responseType, // OidcConstants.ResponseTypes.CodeIdTokenToken,
scope: oidc.scope, //"openid profile idm roles",
redirectUri: oidc.redirectUri, // $"http://localhost:1391/Home/PostResult",
nonce: nonce,
acrValues: oidc.acrValues,
responseMode: oidc.responseMode,//OidcConstants.ResponseModes.FormPost
codeChallenge: challenge,
codeChallengeMethod: OidcConstants.CodeChallengeMethods.Sha256
), challenge, verifier);
}