public IPrincipal Authenticate(string deviceId, string deviceSecret, string clientId, string clientSecret)
{
// Authenticate
IPrincipal retVal = null;
using (IRestClient restClient = new RestClient(this.m_configuration.GetIdpDescription()))
{
try
{
// Create grant information
OAuthTokenRequest request = new OAuthTokenRequest(clientId, clientSecret);
request.Scope = "*";
restClient.Requesting += (o, p) =>
{
p.AdditionalHeaders.Add("X-Device-Authorization", $"BASIC {Convert.ToBase64String(Encoding.UTF8.GetBytes(String.Format("{0}:{1}", deviceId, deviceSecret)))}");
};
OAuthTokenResponse response = restClient.Post <OAuthTokenRequest, OAuthTokenResponse>("oauth2_token", "application/x-www-form-urlencoded", request);
retVal = new TokenClaimsPrincipal(response.AccessToken, response.IdToken ?? response.AccessToken, response.TokenType, response.RefreshToken);
}
catch (RestClientException <OAuthTokenResponse> ex)
{
Trace.TraceError("REST client exception: {0}", ex.Message);
var se = new SecurityException($"Error executing OAuth request: {ex.Result.Error}", ex);
se.Data.Add("detail", ex.Result);
throw se;
}
catch (SecurityException ex)
{
Trace.TraceError("TOKEN exception: {0}", ex.Message);
throw new SecurityException($"Security error: {ex.Message}", ex);
}
catch (Exception ex)
{
Trace.TraceError("Generic exception: {0}", ex);
throw;
}
return(retVal);
}
}
/// <summary>
/// Token request for refresh
/// </summary>
public OAuthTokenRequest(TokenClaimsPrincipal current, String scope)
{
this.GrantType = "refresh_token";
this.RefreshToken = current.RefreshToken;
this.Scope = scope;
}
/// <summary>
/// Authenticate the user
/// </summary>
/// <param name="principal">Principal.</param>
/// <param name="password">Password.</param>
public System.Security.Principal.IPrincipal Authenticate(System.Security.Principal.IPrincipal principal, string password, String tfaSecret)
{
// Get the scope being requested
String scope = "*";
if (principal is ClaimsPrincipal)
{
scope = (principal as ClaimsPrincipal).Claims.FirstOrDefault(o => o.Type == "scope")?.Value ?? scope;
}
else
{
scope = "*";
}
// Authenticate
IPrincipal retVal = null;
using (IRestClient restClient = new RestClient(this.m_configuration.GetIdpDescription()))
{
try
{
// Create grant information
OAuthTokenRequest request = null;
if (!String.IsNullOrEmpty(password))
{
request = new OAuthTokenRequest(principal.Identity.Name, password, scope);
}
else if (principal is TokenClaimsPrincipal)
{
request = new OAuthTokenRequest(principal as TokenClaimsPrincipal, scope);
}
else
{
request = new OAuthTokenRequest(principal.Identity.Name, null, scope);
}
// Set credentials
request.ClientId = this.m_configuration.ClientId;
request.ClientSecret = this.m_configuration.ClientSecret;
OAuthTokenResponse response = restClient.Post <OAuthTokenRequest, OAuthTokenResponse>("oauth2_token", "application/x-www-form-urlencoded", request);
retVal = new TokenClaimsPrincipal(response.AccessToken, response.IdToken ?? response.AccessToken, response.TokenType, response.RefreshToken);
}
catch (RestClientException <OAuthTokenResponse> ex)
{
Trace.TraceError("REST client exception: {0}", ex.Message);
var se = new SecurityException($"Error executing OAuth request: {ex.Result.Error}", ex);
se.Data.Add("detail", ex.Result);
throw se;
}
catch (SecurityException ex)
{
Trace.TraceError("TOKEN exception: {0}", ex.Message);
throw new SecurityException($"Security error: {ex.Message}", ex);
}
catch (Exception ex)
{
Trace.TraceError("Generic exception: {0}", ex);
}
return(retVal);
}
}
