Пример #1
0
 public UserController(UserManager <User> userManager, IUserService userService, ILogger <UserController> logger,
                       IRepository <WeChatAccount> wechatAccountRepo, ChatyApiService chatyApiService, IOptions <ExternalIdentityServiceOptions> idpOptions)
 {
     _userManager       = userManager;
     _userService       = userService;
     _wechatAccountRepo = wechatAccountRepo;
     _chatyApiService   = chatyApiService;
     _idpOptions        = idpOptions?.Value;
     _logger            = logger;
 }
Пример #2
0
        private static void ConfigureExternalIdp(IServiceCollection services, ExternalIdentityServiceOptions parsedConfiguration)
        {
            JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();

            services.AddAuthentication(options =>
            {
                options.DefaultScheme             = IdentityConstants.ApplicationScheme;
                options.DefaultAuthenticateScheme = IdentityConstants.ApplicationScheme;
                options.DefaultSignInScheme       = IdentityConstants.ApplicationScheme;
                options.DefaultChallengeScheme    = OpenIdConnectDefaults.AuthenticationScheme;
            })
            .AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
            {
                options.CallbackPath = "/oidc-callback";

                options.Authority                     = parsedConfiguration.Authority;
                options.RequireHttpsMetadata          = parsedConfiguration.RequireHttpsMetadata;
                options.ClientId                      = parsedConfiguration.ClientId;
                options.ClientSecret                  = parsedConfiguration.ClientSecret;
                options.ResponseType                  = "code id_token";
                options.GetClaimsFromUserInfoEndpoint = true;

                options.Scope.Clear();
                options.Scope.Add(OidcConstants.StandardScopes.OpenId);
                options.Scope.Add(OidcConstants.StandardScopes.Profile);
                options.Scope.Add(OidcConstants.StandardScopes.Email);
                options.Scope.Add(OidcConstants.StandardScopes.Phone);

                options.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidAudience = parsedConfiguration.ClientId,
                    ValidIssuer   = parsedConfiguration.Authority
                };
                options.Events.OnAuthorizationCodeReceived = context =>
                {
                    var jti = context.JwtSecurityToken.Claims.FirstOrDefault(c => c.Type == JwtClaimTypes.JwtId)?.Value;
                    context.TokenEndpointRequest.SetParameter("client_session_state", jti);       // local user session key id
                    //  context.TokenEndpointRequest.SetParameter("client_session_host", "localhost:8080");  // web server instance name...   https://${application.session.host}.app.com/k_logout
                    return(Task.CompletedTask);
                };
                options.Events.OnTicketReceived = async context =>
                {
                    var externalSignOutManager = context.HttpContext.RequestServices.GetService <ExternalSigninManager>();
                    context.Principal          = await externalSignOutManager.TransformToDiscussionUser(context.HttpContext, context.Principal.Claims.ToList());
                };

                // for Keycloak Back Channel Logout
                options.RemoteSignOutPath      = "/k_logout";
                options.Events.OnRemoteSignOut = async context =>
                {
                    var externalSignOutManager = context.HttpContext.RequestServices.GetService <ExternalSigninManager>();
                    await externalSignOutManager.TrySignOutLocalSession(context);
                };
            });
        }
Пример #3
0
        public KeyCloakUserUpdater(IOptions <ExternalIdentityServiceOptions> smsSendingOptions, HttpMessageInvoker httpInvoker, ILogger <KeyCloakUserUpdater> logger, IAvatarUrlService avatarUrlService)
        {
            _httpInvoker        = httpInvoker;
            _logger             = logger;
            _avatarUrlService   = avatarUrlService;
            _externalIdpOptions = smsSendingOptions.Value;

            var idpAuthorityUrl = new Uri(_externalIdpOptions.Authority);

            _keyCloakBaseUrl = idpAuthorityUrl.GetComponents(UriComponents.Scheme | UriComponents.Host | UriComponents.Port, UriFormat.Unescaped);
        }
Пример #4
0
 public ExternalSigninManager(ILogger <ExternalSigninManager> logger,
                              IRepository <User> userRepo, IOptions <ExternalIdentityServiceOptions> idpOptions,
                              SiteSettings siteSettings, IRepository <VerifiedPhoneNumber> phoneNumberVerificationRepo,
                              UserManager <User> userManager, IUserClaimsPrincipalFactory <User> principalFactory, IClock clock, IRepository <SessionRevocationRecord> sessionRevocationRepo)
 {
     _logger       = logger;
     _userRepo     = userRepo;
     _idpOptions   = idpOptions.Value;
     _siteSettings = siteSettings;
     _phoneNumberVerificationRepo = phoneNumberVerificationRepo;
     _userManager           = userManager;
     _principalFactory      = principalFactory;
     _clock                 = clock;
     _sessionRevocationRepo = sessionRevocationRepo;
 }
Пример #5
0
 public AccountController(
     UserManager <User> userManager,
     SignInManager <User> signInManager,
     IUserService userService,
     ILogger <AccountController> logger,
     IRepository <User> userRepo,
     IClock clock,
     SiteSettings settings,
     IOptions <ExternalIdentityServiceOptions> idpOptions, IRepository <VerifiedPhoneNumber> phoneNumberVerificationRepo)
 {
     _userManager   = userManager;
     _signInManager = signInManager;
     _logger        = logger;
     _userRepo      = userRepo;
     _clock         = clock;
     _settings      = settings;
     _phoneNumberVerificationRepo = phoneNumberVerificationRepo;
     _idpOptions  = idpOptions.Value;
     _userService = userService;
 }
Пример #6
0
 public DefaultUserService(IOptions <ExternalIdentityServiceOptions> idpOptions, IRepository <User> userRepo,
                           UserManager <User> userManager,
                           IEmailDeliveryMethod emailDeliveryMethod,
                           IUrlHelper urlHelper,
                           IConfirmationEmailBuilder confirmationEmailBuilder,
                           IResetPasswordEmailBuilder resetPasswordEmailBuilder,
                           IPhoneNumberVerificationService phoneNumberVerificationService,
                           IRepository <VerifiedPhoneNumber> verifiedPhoneNumberRepo, IClock clock, Lazy <KeyCloakUserUpdater> keyCloakUserUpdater, IOptions <ExternalIdentityServiceOptions> externalIdp)
 {
     _idpOptions                     = idpOptions.Value;
     _userRepo                       = userRepo;
     _userManager                    = userManager;
     _emailDeliveryMethod            = emailDeliveryMethod;
     _resetPasswordEmailBuilder      = resetPasswordEmailBuilder;
     _urlHelper                      = urlHelper;
     _confirmationEmailBuilder       = confirmationEmailBuilder;
     _phoneNumberVerificationService = phoneNumberVerificationService;
     _verifiedPhoneNumberRepo        = verifiedPhoneNumberRepo;
     _clock = clock;
     _keyCloakUserUpdater = keyCloakUserUpdater;
     _externalIdpOptions  = externalIdp?.Value;
 }