private bool ExecRegister(Client <T> client, RegisterClient <T> message)
{
RegisterClientResponse Response = new RegisterClientResponse();
bool ValidateAuthToken = _ConfigReader.Get(ConfigReaderKeys.KeyValidateAuthenticationToken, false);
if (ValidateAuthToken)
{
string RSAKey = _ConfigReader.Get(ConfigReaderKeys.KeyValidateAuthenticationToken, string.Empty);
int TokenDuration = _ConfigReader.Get(ConfigReaderKeys.KeyAuthenticationTokenDurationMinutes, Constants.AuthenticationTokenDurationMinutes);
if (!message.AuthToken.IsValid(RSAKey, TokenDuration))
{
Response.Success = false;
Response.ErrorCode = -1;
Response.Message = "Invalid authentication token.";
client.SendObject(Response);
return(false);
}
}
client.ID = message.AuthToken.ClientID;
Response.Success = true;
client.SendObject(Response);
return(true);
}
/// <summary>
/// Unmarshaller the response from the service to the response class.
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override AmazonWebServiceResponse Unmarshall(JsonUnmarshallerContext context)
{
RegisterClientResponse response = new RegisterClientResponse();
context.Read();
int targetDepth = context.CurrentDepth;
while (context.ReadAtDepth(targetDepth))
{
if (context.TestExpression("authorizationEndpoint", targetDepth))
{
var unmarshaller = StringUnmarshaller.Instance;
response.AuthorizationEndpoint = unmarshaller.Unmarshall(context);
continue;
}
if (context.TestExpression("clientId", targetDepth))
{
var unmarshaller = StringUnmarshaller.Instance;
response.ClientId = unmarshaller.Unmarshall(context);
continue;
}
if (context.TestExpression("clientIdIssuedAt", targetDepth))
{
var unmarshaller = LongUnmarshaller.Instance;
response.ClientIdIssuedAt = unmarshaller.Unmarshall(context);
continue;
}
if (context.TestExpression("clientSecret", targetDepth))
{
var unmarshaller = StringUnmarshaller.Instance;
response.ClientSecret = unmarshaller.Unmarshall(context);
continue;
}
if (context.TestExpression("clientSecretExpiresAt", targetDepth))
{
var unmarshaller = LongUnmarshaller.Instance;
response.ClientSecretExpiresAt = unmarshaller.Unmarshall(context);
continue;
}
if (context.TestExpression("tokenEndpoint", targetDepth))
{
var unmarshaller = StringUnmarshaller.Instance;
response.TokenEndpoint = unmarshaller.Unmarshall(context);
continue;
}
}
return(response);
}
public async void ConnectAsync(AuthenticationToken <T> authToken)
{
await Task.Run(() =>
{
_AuthenticationToken = authToken;
RegisterClientResponse RegisterClientRsp;
try
{
EventArgs OnRegisterClientEA = new EventArgs();
OnRegisterClientStarted(OnRegisterClientEA);
ConfigReader CR = new ConfigReader();
_SocketClient = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
IPAddress MyIPAddress = IPAddress.Parse(CR.Get(ConfigReaderKeys.KeyConnectIPAddress, Constants.DefaultConnectIPAddress));
IPEndPoint MyEndPoint = new IPEndPoint(MyIPAddress, CR.Get(ConfigReaderKeys.KeyConnectPort, Constants.DefaultConnectPort));
_SocketClient.Connect(MyEndPoint);
RegisterClient <T> RegisterClientMsg = new RegisterClient <T>();
RegisterClientMsg.AuthToken = _AuthenticationToken;
SocketHelper.SendObject(_SocketClient, RegisterClientMsg);
//TODO: Timeout for response?
//TODO: Add messages history to response?
RegisterClientRsp = (RegisterClientResponse)SocketHelper.ReceiveObject(_SocketClient);
if (RegisterClientRsp.Success)
{
_ClientRunning = true;
ManagePushMessagesAsync();
}
}
catch
{
RegisterClientRsp = new RegisterClientResponse();
RegisterClientRsp.ErrorCode = -1;
RegisterClientRsp.Success = false;
RegisterClientRsp.Message = "Unable to connect to the server.";
}
RegisterClientEndedEventArgs <T> OnRegisterClientEndedEA = new RegisterClientEndedEventArgs <T>(RegisterClientRsp);
OnRegisterClientEnded(OnRegisterClientEndedEA);
return;
});
}
public static async Task <OAuth2Client> RegisterClientAsync(Uri clientRegistrationEndpoint, string initialAccessToken, string softwareId, string softwareVersion, OAuth2TokenEndpointAuthMethod tokenEndpointAuthMethod, List <OAuth2GrantType> grantTypes, List <string> redirectUris, List <string> scopes)
{
/* STEP 1: validate all arguments */
// validate our clientRegistrationEndpoint uri
if (clientRegistrationEndpoint == null)
{
throw new ArgumentNullException(nameof(clientRegistrationEndpoint));
}
else if (clientRegistrationEndpoint.Scheme.ToLowerInvariant() != "https")
{
throw new ArgumentException("clientRegistrationEndpoint must be secured with the https protocol.", nameof(clientRegistrationEndpoint));
}
/* validate redirectUris: make sure that the redirectUris use HTTPS or a non-HTTP protocol (e.g. an app-specific protocol on a mobile
* device). HTTP is also valid with redirectUris--but only for the localhost. */
if (redirectUris != null)
{
for (int iRedirectUri = 0; iRedirectUri < redirectUris.Count; iRedirectUri++)
{
// break the redirectUri down into its components (scheme, host, etc.)
Uri uri;
try
{
uri = new Uri(redirectUris[iRedirectUri]);
}
catch
{
throw new ArgumentException("redirectUris[" + iRedirectUri + "] is a malformed redirect uri.", nameof(redirectUris));
}
//
if (uri.Host == null)
{
throw new ArgumentException("redirectUris[" + iRedirectUri + "] is a malformed redirect uri.", nameof(redirectUris));
}
//
switch (uri.Scheme.ToLowerInvariant())
{
case "http":
// HTTP scheme is okay as long as the server is localhost (i.e. communication is on the loopback interface).
if (uri.Host != "127.0.0.1" && uri.Host != "::1" && uri.Host.ToLowerInvariant() != "localhost")
{
throw new ArgumentException("redirectUris[" + iRedirectUri + "] must be secured with the https protocol.", nameof(redirectUris));
}
break;
case "https":
// HTTPS scheme is okay
break;
default:
// custom app-specific schemes are okay
break;
}
}
}
// validate our scopes: they cannot contain any spaces and they must conform to our "allowable characters" rules.
if (scopes != null)
{
for (int iScope = 0; iScope < scopes.Count; iScope++)
{
if (ContainsOnlyAllowedScopeCharacters(scopes[iScope]) == false)
{
throw new ArgumentException("scopes[" + iScope + "] may only contain letters, numbers and the following characters: '" + string.Join("', '", _allowedScopeSpecialCharactersAsString.ToArray()) + "'", nameof(scopes));
}
}
}
// validate the grantTypes
/* Supported grantType options (including combinations) are:
* .AuthorizationCode
* .AuthorizationCode, .RefreshToken
* .Implicit
* .Password
* .Password, .RefreshToken
* .ClientCredentials */
OAuth2GrantType grantType;
bool requestRefreshTokenGrantType = false;
if (grantTypes == null || grantTypes.Count == 0)
{
// if no grant type was provided, use the default
grantType = OAuth2GrantType.AuthorizationCode;
}
else if (grantTypes.Count == 1 && grantTypes.Contains(OAuth2GrantType.AuthorizationCode))
{
grantType = OAuth2GrantType.AuthorizationCode;
}
else if (grantTypes.Count == 2 && grantTypes.Contains(OAuth2GrantType.AuthorizationCode) && grantTypes.Contains(OAuth2GrantType.RefreshToken))
{
grantType = OAuth2GrantType.AuthorizationCode;
requestRefreshTokenGrantType = true;
}
else if (grantTypes.Count == 1 && grantTypes.Contains(OAuth2GrantType.Implicit))
{
grantType = OAuth2GrantType.Implicit;
}
else if (grantTypes.Count == 1 && grantTypes.Contains(OAuth2GrantType.Password))
{
grantType = OAuth2GrantType.Password;
}
else if (grantTypes.Count == 2 && grantTypes.Contains(OAuth2GrantType.Password) && grantTypes.Contains(OAuth2GrantType.RefreshToken))
{
grantType = OAuth2GrantType.Password;
requestRefreshTokenGrantType = true;
}
else if (grantTypes.Count == 1 && grantTypes.Contains(OAuth2GrantType.ClientCredentials))
{
grantType = OAuth2GrantType.ClientCredentials;
}
else
{
throw new ArgumentException("grantTypes contains an " + (grantTypes.Count > 1 ? "invalid combination of grant types" : "invalid grant type") + ".", nameof(grantTypes));
}
// validate the grantType and tokenEndpointAuthMethod (and assign the corresponding responseType)
OAuth2ResponseType?responseType = null;
switch (grantType)
{
case OAuth2GrantType.AuthorizationCode:
responseType = OAuth2ResponseType.Code;
if (tokenEndpointAuthMethod != OAuth2TokenEndpointAuthMethod.ClientSecretBasic && tokenEndpointAuthMethod != OAuth2TokenEndpointAuthMethod.None)
{
throw new ArgumentException("A grantType does not support the requested tokenEndpointAuthMethod.", nameof(grantType));
}
break;
case OAuth2GrantType.Implicit:
responseType = OAuth2ResponseType.Token;
if (tokenEndpointAuthMethod != OAuth2TokenEndpointAuthMethod.None)
{
throw new ArgumentException("A grantType does not support the requested tokenEndpointAuthMethod.", nameof(grantType));
}
break;
case OAuth2GrantType.ClientCredentials:
responseType = null;
if (tokenEndpointAuthMethod != OAuth2TokenEndpointAuthMethod.ClientSecretBasic)
{
throw new ArgumentException("A grantType does not support the requested tokenEndpointAuthMethod.", nameof(grantType));
}
break;
case OAuth2GrantType.Password:
responseType = null;
if (tokenEndpointAuthMethod != OAuth2TokenEndpointAuthMethod.ClientSecretBasic)
{
throw new ArgumentException("A grantType does not support the requested tokenEndpointAuthMethod.", nameof(grantType));
}
break;
}
// verify that, if grant types require redirect uris, our caller has included at least one redirectUri.
switch (grantType)
{
case OAuth2GrantType.AuthorizationCode:
case OAuth2GrantType.Implicit:
if (redirectUris == null || redirectUris.Count == 0)
{
throw new ArgumentException(grantType.ToString() + " requires redirectUris.", nameof(redirectUris));
}
break;
default:
// no response URIs required.
break;
}
/* STEP 2: create our JSON request payload */
RegisterClientRequest requestPayload = new RegisterClientRequest();
requestPayload.software_id = softwareId;
requestPayload.software_version = softwareVersion;
if (redirectUris != null)
{
requestPayload.redirect_uris = redirectUris.ToArray();
}
// token endpoint auth method
requestPayload.token_endpoint_auth_method = OAuth2Convert.ConvertTokenEndpointAuthMethodToString(tokenEndpointAuthMethod);
// grant types
if (requestRefreshTokenGrantType)
{
requestPayload.grant_types = new string[] { OAuth2Convert.ConvertGrantTypeToString(grantType), OAuth2Convert.ConvertGrantTypeToString(OAuth2GrantType.RefreshToken) };
}
else
{
requestPayload.grant_types = new string[] { OAuth2Convert.ConvertGrantTypeToString(grantType) };
}
// response types
if (responseType != null)
{
requestPayload.response_types = new string[] { OAuth2Convert.ConvertResponseTypeToString(responseType.Value) };
}
// scopes
if (scopes != null)
{
requestPayload.scope = String.Join(" ", scopes.ToArray());
}
//
string jsonEncodedRequestPayload = JsonConvert.SerializeObject(requestPayload, Formatting.None,
new JsonSerializerSettings()
{
NullValueHandling = NullValueHandling.Ignore
});
/* STEP 3: send our dynamic client registration request */
try
{
using (HttpClient httpClient = new HttpClient())
{
// create request
var requestMessage = new HttpRequestMessage(HttpMethod.Post, clientRegistrationEndpoint);
requestMessage.Content = new HttpStringContent(jsonEncodedRequestPayload, Windows.Storage.Streams.UnicodeEncoding.Utf8, "application/json");
requestMessage.Headers.Accept.Clear();
requestMessage.Headers.Accept.Add(new Windows.Web.Http.Headers.HttpMediaTypeWithQualityHeaderValue("application/json"));
if (initialAccessToken != null)
{
requestMessage.Headers.Authorization = new Windows.Web.Http.Headers.HttpCredentialsHeaderValue("Bearer", initialAccessToken);
}
// send request
HttpResponseMessage responseMessage = await httpClient.SendRequestAsync(requestMessage);
// process response
switch (responseMessage.StatusCode)
{
case HttpStatusCode.Created:
{
// client was registered; parse response
RegisterClientResponse responsePayload = JsonConvert.DeserializeObject <RegisterClientResponse>(await responseMessage.Content.ReadAsStringAsync());
if (responsePayload.client_id == null)
{
throw new OAuth2ServerErrorException();
}
OAuth2Client client = new OAuth2Client();
// Id
client.Id = responsePayload.client_id;
// Secret
client.Secret = responsePayload.client_secret;
// IssuedAt
if (responsePayload.client_id_issued_at != null)
{
client.IssuedAt = DateTimeOffset.FromUnixTimeSeconds(long.Parse(responsePayload.client_id_issued_at.Value.ToString()));
}
// ExpiresAt
if (responsePayload.client_secret_expires_at != null && responsePayload.client_secret_expires_at != 0)
{
client.SecretExpiresAt = DateTimeOffset.FromUnixTimeSeconds(long.Parse(responsePayload.client_secret_expires_at.Value.ToString()));
}
// SoftwareId
client.SoftwareId = responsePayload.software_id;
// SoftwareVersion
client.SoftwareVersion = responsePayload.software_version;
// RedirectUris
if (responsePayload.redirect_uris != null)
{
client.RedirectUris = responsePayload.redirect_uris.ToList <string>();
}
// TokenEndpointAuthMethod
if (responsePayload.token_endpoint_auth_method != null)
{
OAuth2TokenEndpointAuthMethod?allowedTokenEndpointAuthMethod = OAuth2Convert.ConvertStringToTokenEndpointAuthMethod(responsePayload.token_endpoint_auth_method);
if (allowedTokenEndpointAuthMethod != null)
{
client.TokenEndpointAuthMethod = allowedTokenEndpointAuthMethod.Value;
}
}
// GrantTypes
if (responsePayload.grant_types != null)
{
client.GrantTypes = new List <OAuth2.OAuth2GrantType>();
foreach (string grantTypeAsString in responsePayload.grant_types)
{
OAuth2GrantType?allowedGrantType = OAuth2Convert.ConvertStringToGrantType(grantTypeAsString);
if (allowedGrantType != null)
{
client.GrantTypes.Add(allowedGrantType.Value);
}
}
}
// Scope
client.Scope = responsePayload.scope;
// RegistrationAccessToken and RegistrationAccessUri
if (responsePayload.registration_access_token != null && responsePayload.registration_client_uri != null)
{
// RegistrationAccessToken
client.RegistrationToken = responsePayload.registration_access_token;
// RegistrationAccessUri
client.RegistrationUri = responsePayload.registration_client_uri;
}
// return our client
return(client);
}
case HttpStatusCode.BadRequest:
{
// process the "bad request" response
OAuth2ErrorResponse responsePayload = JsonConvert.DeserializeObject <OAuth2ErrorResponse>(await responseMessage.Content.ReadAsStringAsync());
if (responsePayload.error == null)
{
throw new OAuth2ServerErrorException();
}
switch (responsePayload.error.ToLowerInvariant())
{
case "invalid_redirect_uri":
throw new ArgumentException(responsePayload.error_description ?? responsePayload.error, nameof(redirectUris));
case "invalid_client_metadata":
throw new ArgumentException(responsePayload.error_description ?? responsePayload.error);
default:
throw new OAuth2HttpException(responseMessage.StatusCode);
}
}
case HttpStatusCode.PaymentRequired:
throw new OAuth2PaymentRequiredException();
case HttpStatusCode.Forbidden:
throw new OAuth2ForbiddenException();
case HttpStatusCode.TooManyRequests:
throw new OAuth2TooManyRequestsException();
case HttpStatusCode.InternalServerError:
throw new OAuth2ServerErrorException();
case HttpStatusCode.ServiceUnavailable:
throw new OAuth2ServiceUnavailableException();
default:
throw new OAuth2HttpException(responseMessage.StatusCode);
}
}
}
catch (JsonException)
{
// JSON parsing error; this is catastrophic.
throw new OAuth2ServerErrorException();
}
catch
{
// NOTE: callers must catch non-HTTP networking exceptions
throw;
}
}
public RegisterClientEndedEventArgs(RegisterClientResponse registerClientResponse)
{
RegisterClientResponse = registerClientResponse;
}
