public virtual TokenResponse SVX_MakeTokenResponse(AccessTokenRequest req, AuthorizationCodeParams codeParamsHint) { // We should only get here with req.grant_type == // "authorization_code", so we don't have to worry about modeling // what IdP does in any other case. if (req.grant_type != "authorization_code") { return(VProgram_API.Nondet <TokenResponse>()); } authorizationCodeGenerator.Verify(codeParamsHint, req.code); if (req.redirect_uri != codeParamsHint.redirect_uri) { throw new Exception("Authorization code RP mismatch"); } var JwtTokenBody = MakeJwtTokenBody(req.client_id, codeParamsHint.userID); SVX.PayloadSecret <JwtTokenBody> id_token1 = getTokenGenerator().Generate(JwtTokenBody, SVX_Principal); TokenResponse TokenResponse = new TokenResponse { id_token = id_token1, }; return(TokenResponse); }
public AuthorizationResponse SVX_MakeAuthorizationResponse(AuthorizationRequest req, IdPAuthenticationEntry idpConc) { // In the real CodeEndpoint, we would request an // IdPAuthenticationEntry for req.SVX_sender, but SVX doesn't know // that, so we have to do a concrete check. SVX.VProgram_API.Assert(req.SVX_sender == idpConc.channel); // Copy/paste: [With this expression inlined below, BCT silently mistranslated the code.] var theParams = new AuthorizationCodeParams { redirect_uri = req.redirect_uri, userID = idpConc.userID }; var authorizationCode = authorizationCodeGenerator.Generate(theParams, SVX_Principal); return(new AuthorizationResponse { code = authorizationCode, state = req.state }); }
public AuthorizationCodeResponse SVX_MakeAuthorizationCodeResponse(AuthorizationCodeRequest req, IdPAuthenticationEntry idpConc) { // In CodeEndpoint, we requested an IdPAuthenticationEntry for // req.SVX_sender, but SVX doesn't know that, so we have to do a // concrete check. VProgram_API.Assert(req.SVX_sender == idpConc.authenticatedClient); // With this expression inlined below, BCT silently mistranslated the code. var theParams = new AuthorizationCodeParams { rpPrincipal = req.rpPrincipal, googleUsername = idpConc.googleUsername }; var authorizationCode = authorizationCodeGenerator.Generate(theParams, googlePrincipal); return(new AuthorizationCodeResponse { authorizationCode = authorizationCode, state = req.state }); }
public ValidationResponse SVX_MakeValidationResponse(ValidationRequest req, AuthorizationCodeParams paramsHint) { // As long as we're using the interim implementation of // AssumeValidSecret that assumes the parameters of equal // secrets are reference equal, it's critical that we don't do // anything that will introduce a contradiction. With paramsHint // as nondet, we should be OK for now. // Comment out these 2 lines to see the verification fail. if (paramsHint.rpPrincipal != req.rpPrincipal) { throw new Exception("Authorization code RP mismatch"); } authorizationCodeGenerator.Verify(paramsHint, req.authorizationCode); return(new ValidationResponse { googleUsername = paramsHint.googleUsername }); }