private Dictionary<string, object> PerformSelfIssuedAuthentication(OIDCAuthorizationRequestMessage requestMessage, X509Certificate2 certificate)
{
OIDCIdToken idToken = new OIDCIdToken();
idToken.Iss = "https://self-issued.me";
idToken.Sub = Convert.ToBase64String(Encoding.UTF8.GetBytes(certificate.Thumbprint));
idToken.Aud = new List<string>() { requestMessage.RedirectUri };
idToken.Nonce = requestMessage.Nonce;
idToken.Exp = DateTime.MaxValue;
idToken.Iat = DateTime.MaxValue;
idToken.SubJkw = KeyManager.GetOIDCKey(certificate, "RSA", "AQAB", "sig");
if (requestMessage.Scope.Contains(MessageScope.Profile))
{
idToken.GivenName = "Myself";
idToken.FamilyName = "User";
idToken.Name = idToken.GivenName + " " + idToken.FamilyName;
}
if (requestMessage.Scope.Contains(MessageScope.Email))
{
idToken.Email = "*****@*****.**";
}
if (requestMessage.Scope.Contains(MessageScope.Address))
{
idToken.Address = new OIDCAddress();
idToken.Address.Country = "Italy";
idToken.Address.PostalCode = "20100";
idToken.Address.StreetAddress = "Via Test, 1";
idToken.Address.Locality = "Milano";
}
if (requestMessage.Scope.Contains(MessageScope.Phone))
{
idToken.PhoneNumber = "0";
}
idToken.Validate();
Dictionary<string, object> responseMessage = new Dictionary<string, object>();
responseMessage["id_token"] = JWT.Encode(idToken.SerializeToJsonString(), null, JwsAlgorithm.none);
responseMessage["state"] = requestMessage.State;
return responseMessage;
}
