/// <summary> /// Returns an action resultKind to the controller's action. /// 1). Redirect to the consent screen if the user is authenticated AND the request doesn't contain a login prompt. /// 2). Do nothing /// </summary> /// <param name="authorizationParameter">The parameter</param> /// <param name="resourceOwnerPrincipal">Resource owner principal</param> /// <param name="code">Encrypted parameter</param> /// <param name="issuerName"></param> /// <param name="cancellationToken">The <see cref="CancellationToken"/> for the async operation.</param> /// <returns>Action resultKind to the controller's action</returns> public async Task <EndpointResult> Execute( AuthorizationParameter authorizationParameter, ClaimsPrincipal?resourceOwnerPrincipal, string?code, string?issuerName, CancellationToken cancellationToken) { var resourceOwnerIsAuthenticated = resourceOwnerPrincipal.IsAuthenticated(); var promptParameters = authorizationParameter.Prompt.ParsePrompts(); // 1). if (resourceOwnerIsAuthenticated && !promptParameters.Contains(PromptParameters.Login)) { var subject = resourceOwnerPrincipal.GetSubject() !; var claims = resourceOwnerPrincipal !.Claims.ToArray(); return(await _authenticateHelper.ProcessRedirection( authorizationParameter, code, subject, claims, issuerName, cancellationToken) .ConfigureAwait(false)); } // 2). return(EndpointResult.CreateAnEmptyActionResultWithNoEffect()); }
public static ActionResult?CreateRedirectionFromActionResult( this EndpointResult endpointResult, AuthorizationRequest authorizationRequest, ILogger logger) { if (endpointResult.Type == ActionResultType.RedirectToCallBackUrl) { var parameters = endpointResult.GetRedirectionParameters(); var redirectUrl = CreateRedirectHttp( authorizationRequest.redirect_uri !, parameters, endpointResult.RedirectInstruction !.ResponseMode !).ToString(); logger.LogInformation("Redirection uri: {redirectUrl}", redirectUrl); return(new RedirectResult(redirectUrl)); } var actionInformation = endpointResult.GetControllerAndActionFromRedirectionActionResult(); if (actionInformation != null) { var routeValueDic = actionInformation.RouteValueDictionary; routeValueDic.Add("controller", actionInformation.ControllerName); routeValueDic.Add("action", actionInformation.ActionName); routeValueDic.Add("area", actionInformation.Area); return(new RedirectToRouteResult(routeValueDic)); } return(null); }
public EndpointResult Set(string questionId, OutputDto output) { var id = new QuestionId(questionId); TrySaveAnswer(output, id); return(EndpointResult.Success()); }
public async Task <EndpointResult> Process( AuthorizationParameter authorizationParameter, ClaimsPrincipal claimsPrincipal, Client client, string issuerName, CancellationToken cancellationToken = default) { var endUserIsAuthenticated = IsAuthenticated(claimsPrincipal); Consent?confirmedConsent = null; if (endUserIsAuthenticated) { confirmedConsent = await GetResourceOwnerConsent(claimsPrincipal, authorizationParameter, cancellationToken) .ConfigureAwait(false); } EndpointResult?result = null; var prompts = authorizationParameter.Prompt.ParsePrompts(); if (prompts.Count == 0) { prompts = new List <string>(); if (!endUserIsAuthenticated) { prompts.Add(PromptParameters.Login); } else { prompts.Add(confirmedConsent == null ? PromptParameters.Consent : PromptParameters.None); } } if (authorizationParameter.RedirectUrl == null || client.GetRedirectionUrls(authorizationParameter.RedirectUrl).Length == 0) { var message = string.Format(Strings.RedirectUrlIsNotValid, authorizationParameter.RedirectUrl); _logger.LogError(message); return(EndpointResult.CreateBadRequestResult(new ErrorDetails { Title = ErrorCodes.InvalidRequest, Detail = message, Status = HttpStatusCode.BadRequest })); } var scopeValidationResult = authorizationParameter.Scope.Check(client); if (!scopeValidationResult.IsValid) { _logger.LogError(scopeValidationResult.ErrorMessage !); return(EndpointResult.CreateBadRequestResult(new ErrorDetails { Title = ErrorCodes.InvalidScope, Detail = scopeValidationResult.ErrorMessage !, Status = HttpStatusCode.BadRequest }));
public Task <IEndpointResult> HandleAsync(int id, CancellationToken cancellationToken) { var person = peopleService.AllPeople().SingleOrDefault(p => p.Id == id); if (person is null) { return(Task.FromResult(EndpointResult.NotFound())); } return(Task.FromResult(EndpointResult.Ok(person))); }
public static ActionInformation?GetControllerAndActionFromRedirectionActionResult( this EndpointResult endpointResult) { if (endpointResult.Type != ActionResultType.RedirectToAction || endpointResult.RedirectInstruction == null) { return(null); } return(endpointResult.RedirectInstruction.GetActionInformation()); }
public async Task When_No_Resource_Owner_Is_Passed_Then_Redirect_To_Index_Page() { var authorizationParameter = new AuthorizationParameter(); var result = await _authenticateResourceOwnerOpenIdAction.Execute(authorizationParameter, null, null, null, CancellationToken.None) .ConfigureAwait(false); Assert.Equal( JsonConvert.SerializeObject(EndpointResult.CreateAnEmptyActionResultWithNoEffect()), JsonConvert.SerializeObject(result)); }
public static RouteValueDictionary GetRedirectionParameters(this EndpointResult endpointResult) { if (endpointResult.Type != ActionResultType.RedirectToAction && endpointResult.Type != ActionResultType.RedirectToCallBackUrl || endpointResult.RedirectInstruction == null) { return(new RouteValueDictionary()); } return(endpointResult.RedirectInstruction.GetRouteValueDictionary()); }
public DisplayContentResult( Client client, ICollection <Scope> scopes, ICollection <string> allowedClaims, EndpointResult endpointResult) : this(endpointResult) { Client = client; Scopes = scopes; AllowedClaims = allowedClaims; }
public async Task <EndpointResult> Execute( AuthorizationParameter authorizationParameter, ClaimsPrincipal principal, Client client, string issuerName, CancellationToken cancellationToken) { var result = await _processAuthorizationRequest.Process( authorizationParameter, principal, client, issuerName, cancellationToken) .ConfigureAwait(false); if (result.Type == ActionResultType.BadRequest) { return(result); } // 1. Check the client is authorized to use the authorization_code flow. if (!client.CheckGrantTypes(GrantTypes.AuthorizationCode)) { _logger.LogError( string.Format( Strings.TheClientDoesntSupportTheGrantType, authorizationParameter.ClientId, AuthorizationCode)); return(EndpointResult.CreateBadRequestResult( new ErrorDetails { Title = ErrorCodes.InvalidRequest, Detail = string.Format( Strings.TheClientDoesntSupportTheGrantType, authorizationParameter.ClientId, AuthorizationCode), Status = HttpStatusCode.BadRequest })); } if (result.Type == ActionResultType.RedirectToCallBackUrl) { result = await _generateAuthorizationResponse.Generate( result, authorizationParameter, principal, client, issuerName, CancellationToken.None) .ConfigureAwait(false); } return(result); }
public EndpointResult Completed(Guid questionaireId, int slideIndex) { var questionaire = Context.QuestionnaireGateway.Get(questionaireId); var slide = questionaire.Slides[slideIndex]; slide.Validate(); slide.IsCompleted = true; Context.QuestionnaireGateway.Set(questionaire); return(EndpointResult.Success()); }
public async Task <EndpointResult> GetAuthorization( AuthorizationParameter parameter, ClaimsPrincipal claimsPrincipal, string issuerName, CancellationToken cancellationToken) { var processId = Id.Create(); var result = await _authorizationCodeGrantTypeParameterValidator.Validate(parameter, cancellationToken) .ConfigureAwait(false); Client client = null !; switch (result) { case Option <Client> .Error error: return(EndpointResult.CreateBadRequestResult(error.Details)); case Option <Client> .Result r: client = r.Item; break; } EndpointResult?endpointResult = null; if (client.RequirePkce && (string.IsNullOrWhiteSpace(parameter.CodeChallenge) || parameter.CodeChallengeMethod == null)) { _logger.LogError(string.Format(Strings.TheClientRequiresPkce, parameter.ClientId)); return(EndpointResult.CreateBadRequestResult( new ErrorDetails { Title = ErrorCodes.InvalidRequest, Detail = string.Format(Strings.TheClientRequiresPkce, parameter.ClientId), Status = HttpStatusCode.BadRequest })); } var responseTypes = parameter.ResponseType.ParseResponseTypes(); var authorizationFlow = responseTypes.GetAuthorizationFlow(parameter.State); endpointResult = authorizationFlow switch { Option <AuthorizationFlow> .Error e => EndpointResult.CreateBadRequestResult(e.Details), Option <AuthorizationFlow> .Result { Item : AuthorizationFlow.AuthorizationCodeFlow } => await _getAuthorizationCodeOperation
public async Task When_There_Is_No_Logged_User_Then_Exception_Is_Throw() { var redirectInstruction = new EndpointResult { RedirectInstruction = new RedirectInstruction() }; await Assert.ThrowsAsync <ArgumentNullException>( () => _generateAuthorizationResponse.Generate( redirectInstruction, new AuthorizationParameter(), new ClaimsPrincipal(), new Client(), "", CancellationToken.None)) .ConfigureAwait(false); }
public EndpointResult AddItems(string id, IEnumerable <string> items) { RequiresAuthentication(); var result = Context.SelectionGateway.Get(id); foreach (var item in items) { result.Items.Add(new Item { Id = item }); } Context.SelectionGateway.Set(result); return(EndpointResult.Success()); }
public async Task When_No_Client_Is_Passed_Then_Exception_Is_Thrown() { var redirectInstruction = new EndpointResult { RedirectInstruction = new RedirectInstruction() }; var claimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity("fake")); await Assert.ThrowsAsync <NullReferenceException>( () => _generateAuthorizationResponse.Generate( redirectInstruction, new AuthorizationParameter(), claimsPrincipal, null, null, CancellationToken.None)) .ConfigureAwait(false); }
public EndpointResult <string> Unmount(Partition partition) { try { var result = new EndpointResult <string>(); var kebabDisplayName = partition.DisplayName.ToKebabCase(); _mount.Unmount(kebabDisplayName); result.Succeed = true; return(result); } catch (Exception) // details are logged in OSCommander's ILogger { return(new EndpointResult <string>() { Succeed = false, ErrorMessage = "http.unmountError", StatusCode = 461 }); } }
public EndpointResult <string> DisableAutoMount(string uuid, Partition partition) { try { var result = new EndpointResult <string>(); var kebabDisplayName = partition.DisplayName.ToKebabCase(); _cron.Remove($"sudo mount -t auto /dev/disk/by-uuid/{uuid} /mnt/armnas/{kebabDisplayName}"); result.Succeed = true; result.Result = "Partition auto mount disabled."; return(result); } catch (Exception) // details are logged in OSCommander's ILogger { return(new EndpointResult <string>() { Succeed = false, ErrorMessage = "http.autoMountDisableError", StatusCode = 461 }); } }
private void OnCompleteCreateEndPoint(EndpointResult result) { if (result.Status == Status.Success) { // Set the newly created endpoint available in result as active(my) endpoint. this.RelayContext.Endpoint = result.EndPoint; this.Dispatcher.BeginInvoke( delegate { string name = UsernameTextBox.Text; RendezvousService.RegisterNameAsync(HawaiiClient.HawaiiApplicationId, name, this.OnCompleteRegisterName); }); NameRegistration nameRegistration = (NameRegistration)result.StateObject; } else { // Display a message box, in case of any error creating a new endpoint. DisplayMessage("Error creating endpoint.", "Error"); error(); } }
public EndpointResult <bool> CheckAutoMount(string uuid, Partition partition) { try { var result = new EndpointResult <bool>(); var kebabDisplayName = partition.DisplayName.ToKebabCase(); var res = _cron.Check("@reboot", $"sudo mount -t auto /dev/disk/by-uuid/{uuid} /mnt/armnas/{kebabDisplayName}"); result.Succeed = true; result.Result = res; return(result); } catch (Exception) // details are logged in OSCommander's ILogger { return(new EndpointResult <bool>() { Succeed = false, ErrorMessage = "http.autoMountCheckError", StatusCode = 461 }); } }
public EndpointResult DeleteItems(string id, IEnumerable <string> items) { RequiresAuthentication(); var result = Context.SelectionGateway.Get(id); foreach (var item in items) { var itemToDelete = result.Items.FirstOrDefault(i => i.Id == item); if (itemToDelete == null) { continue; } result.Items.Remove(itemToDelete); } Context.SelectionGateway.Set(result); return(EndpointResult.Success()); }
public async Task When_Prompt_Parameter_Contains_Login_Value_Then_Redirect_To_Index_Page() { var authorizationParameter = new AuthorizationParameter { Prompt = "login", ClientId = "client", Scope = "scope" }; var claimsIdentity = new ClaimsIdentity("authServer"); var claimsPrincipal = new ClaimsPrincipal(claimsIdentity); var result = await _authenticateResourceOwnerOpenIdAction.Execute( authorizationParameter, claimsPrincipal, null, null, CancellationToken.None) .ConfigureAwait(false); Assert.Equal( JsonConvert.SerializeObject(EndpointResult.CreateAnEmptyActionResultWithNoEffect()), JsonConvert.SerializeObject(result)); }
public async Task When_Generating_AuthorizationResponse_With_IdToken_Then_IdToken_Is_Added_To_The_Parameters() { var claimsPrincipal = new ClaimsPrincipal(new ClaimsIdentity("fake")); // const string idToken = "idToken"; var clientId = "client"; var authorizationParameter = new AuthorizationParameter { ResponseType = ResponseTypeNames.IdToken, ClientId = clientId }; var actionResult = new EndpointResult { RedirectInstruction = new RedirectInstruction() }; var client = new Client { ClientId = clientId, JsonWebKeys = TestKeys.SecretKey.CreateJwk(JsonWebKeyUseNames.Sig, KeyOperations.Sign, KeyOperations.Verify) .ToSet(), IdTokenSignedResponseAlg = SecurityAlgorithms.HmacSha256 }; _clientStore.Setup(x => x.GetById(It.IsAny <string>(), It.IsAny <CancellationToken>())).ReturnsAsync(client); actionResult = await _generateAuthorizationResponse.Generate( actionResult, authorizationParameter, claimsPrincipal, client, null, CancellationToken.None) .ConfigureAwait(false); Assert.Contains( actionResult.RedirectInstruction !.Parameters, p => p.Name == StandardAuthorizationResponseNames.IdTokenName); }
public Task <IEndpointResult> HandleAsync(int id) { return(Task.FromResult(EndpointResult.Json(new Book { Id = id, Name = id.ToString() }, id))); }
public async Task <EndpointResult> ProcessRedirection( AuthorizationParameter authorizationParameter, string?code, string subject, Claim[] claims, string?issuerName, CancellationToken cancellationToken) { var client = authorizationParameter.ClientId == null ? null : await _clientRepository.GetById(authorizationParameter.ClientId, cancellationToken) .ConfigureAwait(false); if (client == null) { throw new InvalidOperationException(SharedStrings.TheClientDoesntExist); } // Redirect to the consent page if the prompt parameter contains "consent" EndpointResult result; var prompts = authorizationParameter.Prompt.ParsePrompts(); if (prompts.Contains(PromptParameters.Consent) && code != null) { return(EndpointResult.CreateAnEmptyActionResultWithRedirection( SimpleAuthEndPoints.ConsentIndex, new Parameter("code", code))); } var assignedConsent = await _consentRepository .GetConfirmedConsents(subject, authorizationParameter, cancellationToken) .ConfigureAwait(false); // If there's already one consent then redirect to the callback if (assignedConsent != null) { var claimsIdentity = new ClaimsIdentity(claims, "SimpleAuth"); var claimsPrincipal = new ClaimsPrincipal(claimsIdentity); result = await _generateAuthorizationResponse.Generate( EndpointResult.CreateAnEmptyActionResultWithRedirectionToCallBackUrl(), authorizationParameter, claimsPrincipal, client, issuerName, cancellationToken) .ConfigureAwait(false); var responseMode = authorizationParameter.ResponseMode; if (responseMode != ResponseModes.None) { return(result with { RedirectInstruction = result.RedirectInstruction !with { ResponseMode = responseMode } }); } var responseTypes = authorizationParameter.ResponseType.ParseResponseTypes(); var authorizationFlow = GetAuthorizationFlow(authorizationParameter.State, responseTypes); switch (authorizationFlow) { case Option <AuthorizationFlow> .Error e: return(EndpointResult.CreateBadRequestResult(e.Details)); case Option <AuthorizationFlow> .Result r: responseMode = GetResponseMode(r.Item); break; } return(result with { RedirectInstruction = result.RedirectInstruction !with { ResponseMode = responseMode } }); } // If there's no consent & there's no consent prompt then redirect to the consent screen. return(EndpointResult.CreateAnEmptyActionResultWithRedirection( SimpleAuthEndPoints.ConsentIndex, new Parameter("code", code ?? ""))); }
public Task <IEndpointResult> HandleAsync(int id) { return(Task.FromResult <IEndpointResult>(EndpointResult.StatusCode(id))); }
public async Task <EndpointResult> Execute( AuthorizationParameter authorizationParameter, IPrincipal principal, Client client, string issuerName, CancellationToken cancellationToken) { if (string.IsNullOrWhiteSpace(authorizationParameter.Nonce)) { _logger.LogError( string.Format( Strings.MissingParameter, CoreConstants.StandardAuthorizationRequestParameterNames.NonceName)); return(EndpointResult.CreateBadRequestResult( new ErrorDetails { Title = ErrorCodes.InvalidRequest, Detail = string.Format( Strings.MissingParameter, CoreConstants.StandardAuthorizationRequestParameterNames.NonceName), Status = HttpStatusCode.BadRequest })); } if (!client.CheckGrantTypes(GrantTypes.Implicit)) { _logger.LogError( string.Format( Strings.TheClientDoesntSupportTheGrantType, authorizationParameter.ClientId, "implicit")); return(EndpointResult.CreateBadRequestResult( new ErrorDetails { Title = ErrorCodes.InvalidRequest, Detail = string.Format( Strings.TheClientDoesntSupportTheGrantType, authorizationParameter.ClientId, "implicit"), Status = HttpStatusCode.BadRequest })); } var claimsPrincipal = (ClaimsPrincipal)principal; var result = await _processAuthorizationRequest.Process( authorizationParameter, claimsPrincipal, client, issuerName, cancellationToken) .ConfigureAwait(false); if (result.Type == ActionResultType.RedirectToCallBackUrl) { result = await _generateAuthorizationResponse.Generate( result, authorizationParameter, claimsPrincipal, client, issuerName, cancellationToken) .ConfigureAwait(false); } return(result); }
/// <summary> /// Fetch the scopes and client name from the ClientRepository and the parameter /// Those information are used to create the consent screen. /// </summary> /// <param name="authorizationParameter">Authorization code grant type parameter.</param> /// <param name="claimsPrincipal"></param> /// <param name="issuerName"></param> /// <param name="cancellationToken">The <see cref="CancellationToken"/> for the async operation.</param> /// <returns>Action resultKind.</returns> public async Task <DisplayContentResult> Execute( AuthorizationParameter authorizationParameter, ClaimsPrincipal claimsPrincipal, string issuerName, CancellationToken cancellationToken) { var client = authorizationParameter.ClientId == null ? null : await _clientRepository.GetById(authorizationParameter.ClientId, cancellationToken) .ConfigureAwait(false); if (client == null) { return(new DisplayContentResult( EndpointResult.CreateBadRequestResult( new ErrorDetails { Title = ErrorCodes.InvalidRequest, Detail = string.Format(Strings.ClientIsNotValid, authorizationParameter.ClientId), Status = HttpStatusCode.BadRequest }))); } EndpointResult endpointResult; var subject = claimsPrincipal.GetSubject() !; var assignedConsent = await _consentRepository .GetConfirmedConsents(subject, authorizationParameter, cancellationToken) .ConfigureAwait(false); // If there's already a consent then redirect to the callback if (assignedConsent != null) { endpointResult = await _generateAuthorizationResponse.Generate( EndpointResult.CreateAnEmptyActionResultWithRedirectionToCallBackUrl(), authorizationParameter, claimsPrincipal, client, issuerName, cancellationToken) .ConfigureAwait(false); var responseMode = authorizationParameter.ResponseMode; if (responseMode == ResponseModes.None) { var responseTypes = authorizationParameter.ResponseType.ParseResponseTypes(); var authorizationFlow = GetAuthorizationFlow(responseTypes, authorizationParameter.State); switch (authorizationFlow) { case Option <AuthorizationFlow> .Error e: return(new DisplayContentResult(EndpointResult.CreateBadRequestResult(e.Details))); case Option <AuthorizationFlow> .Result r: responseMode = GetResponseMode(r.Item); break; } } endpointResult = endpointResult with { RedirectInstruction = endpointResult.RedirectInstruction !with { ResponseMode = responseMode } }; return(new DisplayContentResult(endpointResult)); } ICollection <string> allowedClaims = Array.Empty <string>(); ICollection <Scope> allowedScopes = Array.Empty <Scope>(); var claimsParameter = authorizationParameter.Claims; if (claimsParameter.IsAnyIdentityTokenClaimParameter() || claimsParameter.IsAnyUserInfoClaimParameter()) { allowedClaims = claimsParameter.GetClaimNames(); } else { allowedScopes = (await GetScopes(authorizationParameter.Scope !, cancellationToken).ConfigureAwait(false)) .Where(s => s.IsDisplayedInConsent) .ToList(); } endpointResult = EndpointResult.CreateAnEmptyActionResultWithOutput(); return(new DisplayContentResult(client, allowedScopes, allowedClaims, endpointResult)); }
public Task <IEndpointResult> HandleAsync(CancellationToken cancellationToken) { authService.SignOut(); return(Task.FromResult(EndpointResult.NoContent())); }
public async Task <EndpointResult> Generate( EndpointResult endpointResult, AuthorizationParameter authorizationParameter, ClaimsPrincipal claimsPrincipal, Client client, string?issuerName, CancellationToken cancellationToken) { var allowedTokenScopes = string.Empty; GrantedToken?grantedToken = null; var responses = authorizationParameter.ResponseType.ParseResponseTypes(); var generateIdToken = await GenerateIdTokenPayload( claimsPrincipal, authorizationParameter, issuerName, cancellationToken) .ConfigureAwait(false); if (generateIdToken is Option <JwtPayload> .Result p) { var idTokenPayload = p.Item; var payload = await GenerateUserInformationPayload( claimsPrincipal, authorizationParameter, cancellationToken) .ConfigureAwait(false); if (payload is Option <JwtPayload> .Error er) { return(EndpointResult.CreateBadRequestResult(er.Details)); } var userInformationPayload = (payload as Option <JwtPayload> .Result) !.Item; if (responses.Contains(ResponseTypeNames.Token)) { // 1. Generate an access token. var tokenScopes = authorizationParameter.Scope.ParseScopes(); allowedTokenScopes = string.Join(' ', tokenScopes); grantedToken = await _tokenStore.GetValidGrantedToken( _jwksStore, allowedTokenScopes, client.ClientId, cancellationToken, idTokenJwsPayload : userInformationPayload, userInfoJwsPayload : idTokenPayload) .ConfigureAwait(false) ?? await client.GenerateToken( _jwksStore, tokenScopes, issuerName, userInformationPayload, idTokenPayload, cancellationToken : cancellationToken, claimsPrincipal.Claims.Where( c => client.UserClaimsToIncludeInAuthToken.Any( r => r.IsMatch(c.Type))) .ToArray()) .ConfigureAwait(false); endpointResult = endpointResult with { RedirectInstruction = endpointResult.RedirectInstruction !.AddParameter( StandardAuthorizationResponseNames.AccessTokenName, grantedToken.AccessToken) }; } AuthorizationCode?authorizationCode = null; var authorizationParameterClientId = authorizationParameter.ClientId; if (responses.Contains(ResponseTypeNames.Code)) // 2. Generate an authorization code. { var subject = claimsPrincipal.GetSubject() !; var assignedConsent = await _consentRepository .GetConfirmedConsents(subject, authorizationParameter, cancellationToken) .ConfigureAwait(false); if (assignedConsent != null) { if (authorizationParameterClientId == null || authorizationParameter.RedirectUrl == null || authorizationParameter.Scope == null) { throw new ArgumentException(Strings.MissingValues, nameof(authorizationParameter)); } // Insert a temporary authorization code // It will be used later to retrieve tha id_token or an access token. authorizationCode = new AuthorizationCode { Code = Id.Create(), RedirectUri = authorizationParameter.RedirectUrl, CreateDateTime = DateTimeOffset.UtcNow, ClientId = authorizationParameterClientId, Scopes = authorizationParameter.Scope, IdTokenPayload = idTokenPayload, UserInfoPayLoad = userInformationPayload }; endpointResult = endpointResult with { RedirectInstruction = endpointResult.RedirectInstruction !.AddParameter( StandardAuthorizationResponseNames.AuthorizationCodeName, authorizationCode.Code) }; } } _jwtGenerator.FillInOtherClaimsIdentityTokenPayload( idTokenPayload, authorizationCode == null ? string.Empty : authorizationCode.Code, grantedToken == null ? string.Empty : grantedToken.AccessToken, client); if (grantedToken != null) // 3. Insert the stateful access token into the DB OR insert the access token into the caching. { if (authorizationParameterClientId == null || authorizationParameter.ResponseType == null) { throw new ArgumentException(Strings.MissingValues, nameof(authorizationParameter)); } await _tokenStore.AddToken(grantedToken, cancellationToken).ConfigureAwait(false); await _eventPublisher.Publish( new TokenGranted( Id.Create(), claimsPrincipal.GetSubject(), authorizationParameterClientId, allowedTokenScopes, authorizationParameter.ResponseType, DateTimeOffset.UtcNow)) .ConfigureAwait(false); } if (authorizationCode != null) // 4. Insert the authorization code into the caching. { if (client.RequirePkce) { authorizationCode = authorizationCode with { CodeChallenge = authorizationParameter.CodeChallenge ?? string.Empty, CodeChallengeMethod = authorizationParameter.CodeChallengeMethod ?? string.Empty }; } await _authorizationCodeStore.Add(authorizationCode, cancellationToken).ConfigureAwait(false); await _eventPublisher.Publish( new AuthorizationGranted( Id.Create(), claimsPrincipal.GetSubject(), authorizationParameterClientId !, DateTimeOffset.UtcNow)) .ConfigureAwait(false); } if (responses.Contains(ResponseTypeNames.IdToken)) { var idToken = await _clientStore.GenerateIdToken( authorizationParameterClientId !, idTokenPayload, _jwksStore, cancellationToken) .ConfigureAwait(false); endpointResult = endpointResult with { RedirectInstruction = endpointResult.RedirectInstruction !.AddParameter( StandardAuthorizationResponseNames.IdTokenName, idToken) }; } if (!string.IsNullOrWhiteSpace(authorizationParameter.State)) { endpointResult = endpointResult with { RedirectInstruction = endpointResult.RedirectInstruction !.AddParameter( StandardAuthorizationResponseNames.StateName, authorizationParameter.State) }; } var sessionState = GetSessionState( authorizationParameterClientId, authorizationParameter.OriginUrl, authorizationParameter.SessionId); if (sessionState != null) { endpointResult = endpointResult with { RedirectInstruction = endpointResult.RedirectInstruction !.AddParameter( StandardAuthorizationResponseNames.SessionState, sessionState) }; } if (authorizationParameter.ResponseMode == ResponseModes.FormPost) { endpointResult = endpointResult with { Type = ActionResultType.RedirectToAction, RedirectInstruction = endpointResult.RedirectInstruction !.AddParameter( "redirect_uri", authorizationParameter.RedirectUrl?.AbsoluteUri) with { Action = SimpleAuthEndPoints.FormIndex } }; } // Set the response mode if (endpointResult.Type == ActionResultType.RedirectToCallBackUrl) { var responseMode = authorizationParameter.ResponseMode; if (responseMode == ResponseModes.None) { var responseTypes = authorizationParameter.ResponseType.ParseResponseTypes(); var authorizationFlow = responseTypes.GetAuthorizationFlow(authorizationParameter.State); switch (authorizationFlow) { case Option <AuthorizationFlow> .Error error: return(EndpointResult.CreateBadRequestResult(error.Details)); case Option <AuthorizationFlow> .Result r: responseMode = CoreConstants.MappingAuthorizationFlowAndResponseModes[r.Item]; break; } } endpointResult = endpointResult with { RedirectInstruction = endpointResult.RedirectInstruction !with { ResponseMode = responseMode } }; } return(endpointResult); } var e = generateIdToken as Option <JwtPayload> .Error; return(EndpointResult.CreateBadRequestResult(e !.Details)); }
public DisplayContentResult(EndpointResult endpointResult) { EndpointResult = endpointResult; }