Exemplo n.º 1
0
        public string GetClientIdFromClientAssertion(AuthenticateInstruction instruction)
        {
            if (instruction.ClientAssertionType != "urn:ietf:params:oauth:client-assertion-type:jwt-bearer" || string.IsNullOrWhiteSpace(instruction.ClientAssertion))
            {
                return(string.Empty);
            }

            var clientAssertion = instruction.ClientAssertion;
            var isJweToken      = _jwtParser.IsJweToken(clientAssertion);
            var isJwsToken      = _jwtParser.IsJwsToken(clientAssertion);

            if (isJweToken && isJwsToken)
            {
                return(string.Empty);
            }

            if (isJweToken)
            {
                return(instruction.ClientIdFromHttpRequestBody);
            }

            var payload = _jwsGenerator.ExtractPayload(clientAssertion);

            if (payload == null)
            {
                return(string.Empty);
            }

            return(payload.GetClaimValue("iss"));
        }
Exemplo n.º 2
0
        private string TryGettingClientId(AuthenticateInstruction instruction)
        {
            var clientId = GetClientIdFromClientAssertion(instruction);

            if (!string.IsNullOrWhiteSpace(clientId))
            {
                return(clientId);
            }

            clientId = instruction.ClientIdFromAuthorizationHeader;
            if (!string.IsNullOrWhiteSpace(clientId))
            {
                return(clientId);
            }

            return(instruction.ClientIdFromHttpRequestBody);
        }
Exemplo n.º 3
0
        public async Task <BaseClient> Authenticate(AuthenticateInstruction authenticateInstruction, string issuerName, CancellationToken cancellationToken, bool isAuthorizationCodeGrantType = false, string errorCode = ErrorCodes.INVALID_CLIENT)
        {
            if (authenticateInstruction == null)
            {
                throw new ArgumentNullException(nameof(authenticateInstruction));
            }

            BaseClient client   = null;
            var        clientId = TryGettingClientId(authenticateInstruction);

            if (!string.IsNullOrWhiteSpace(clientId))
            {
                client = await _oauthClientRepository.FindOAuthClientById(clientId, cancellationToken);
            }

            if (client == null)
            {
                throw new OAuthException(errorCode, string.Format(ErrorMessages.UNKNOWN_CLIENT, clientId));
            }

            if (isAuthorizationCodeGrantType)
            {
                return(client);
            }

            var tokenEndPointAuthMethod = client.TokenEndPointAuthMethod;
            var handler = _handlers.FirstOrDefault(h => h.AuthMethod == tokenEndPointAuthMethod);

            if (handler == null)
            {
                throw new OAuthException(errorCode, string.Format(ErrorMessages.UNKNOWN_AUTH_METHOD, tokenEndPointAuthMethod));
            }

            if (!await handler.Handle(authenticateInstruction, client, issuerName, cancellationToken, errorCode))
            {
                throw new OAuthException(errorCode, ErrorMessages.BAD_CLIENT_CREDENTIAL);
            }

            return(client);
        }