Пример #1
0
        public async Task ValidateAsync(ExtensionGrantValidationContext context)
        {
            try
            {
                var providerName  = context.Request.Raw.Get(TokenExchangeGrantParameters.Provider);
                var externalToken = context.Request.Raw.Get(TokenExchangeGrantParameters.ExternalToken);
                var requestEmail  = context.Request.Raw.Get(TokenExchangeGrantParameters.Email);

                if (string.IsNullOrWhiteSpace(providerName))
                {
                    context.Result = GrantValidationResultHelpers.Error(TokenExchangeErrors.InvalidProvider);
                    return;
                }

                if (string.IsNullOrWhiteSpace(externalToken))
                {
                    context.Result = GrantValidationResultHelpers.Error(TokenExchangeErrors.InvalidExternalToken);
                    return;
                }

                var provider = await _providerStore.GetProviderByNameAsync(providerName);

                if (provider == null)
                {
                    context.Result = GrantValidationResultHelpers.Error(TokenExchangeErrors.ProviderNotFound);
                    return;
                }

                var tokenService = _tokenServiceAccessor(providerName);
                var userInfo     = await tokenService.GetUserInfoAsync(externalToken);

                if (userInfo == null)
                {
                    context.Result = GrantValidationResultHelpers.Error(TokenExchangeErrors.UserInfoNotRetrieved);
                    return;
                }

                var externalId = userInfo.Value <string>("id");
                if (!string.IsNullOrWhiteSpace(externalId))
                {
                    var existingUserId = await _externalUserStore.FindByProviderAsync(providerName, externalId);

                    if (!string.IsNullOrWhiteSpace(existingUserId))
                    {
                        var claims = await _externalUserStore.GetUserClaimsByExternalIdAsync(externalId);

                        context.Result = GrantValidationResultHelpers.Success(existingUserId, providerName, claims);
                    }
                }

                if (string.IsNullOrWhiteSpace(requestEmail))
                {
                    context.Result = await _nonEmailUserProcessor.ProcessAsync(userInfo, providerName);

                    return;
                }

                context.Result = await _emailUserProcessor.ProcessAsync(userInfo, requestEmail, providerName);
            }
            catch (Exception e)
            {
                context.Result = GrantValidationResultHelpers.Error(e.Message);
            }
        }
Пример #2
0
        public async Task ValidateAsync(ExtensionGrantValidationContext context)
        {
            var provider = context.Request.Raw.Get("provider");

            if (string.IsNullOrWhiteSpace(provider))
            {
                context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest, "invalid provider");
                return;
            }


            var token = context.Request.Raw.Get("external_token");

            if (string.IsNullOrWhiteSpace(token))
            {
                context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest, "invalid external token");
                return;
            }

            var requestEmail = context.Request.Raw.Get("email");

            var providerType = (ProviderType)Enum.Parse(typeof(ProviderType), provider, true);

            if (!Enum.IsDefined(typeof(ProviderType), providerType))
            {
                context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest, "invalid provider");
                return;
            }

            var userInfo = _providers[providerType].GetUserInfo(token);

            if (userInfo == null)
            {
                context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest, "couldn't retrieve user info from specified provider, please make sure that access token is not expired.");
                return;
            }

            var externalId = userInfo.Value <string>("id");

            if (!string.IsNullOrWhiteSpace(externalId))
            {
                var user = await _userManager.FindByLoginAsync(provider, externalId);

                if (null != user)
                {
                    var userClaims = _userManager.GetClaimsAsync(user).Result;
                    context.Result = new GrantValidationResult(user.Id, provider, userClaims, provider, null);
                    return;
                }
            }

            if (string.IsNullOrWhiteSpace(requestEmail))
            {
                context.Result = await _nonEmailUserProcessor.ProcessAsync(userInfo, provider);

                return;
            }

            context.Result = await _emailUserProcessor.ProcessAsync(userInfo, requestEmail, provider);

            return;
        }
        public async Task ValidateAsync(ExtensionGrantValidationContext context)
        {
            var providerName = context.Request.Raw.Get("provider");

            if (string.IsNullOrEmpty(providerName))
            {
                context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest,
                                                           "invalid provider");
                return;
            }

            var idToken = context.Request.Raw.Get("id_token");

            if (string.IsNullOrEmpty(idToken))
            {
                context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest,
                                                           "invalid external token");
                return;
            }

            var validationSettings = new ValidationSettings();
            //{ Audience = new[] { "YOUR_CLIENT_ID" } };

            Payload userInfoPayload = await GoogleJsonWebSignature
                                      .ValidateAsync(idToken, validationSettings);

            if (userInfoPayload == null)
            {
                context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest,
                                                           "couldn't retrieve user info from specified provider, please make sure that token is not expired.");
                return;
            }

            /**
             *  // Get profile information from payload
             *   String email = payload.getEmail();
             *   boolean emailVerified = Boolean.valueOf(payload.getEmailVerified());
             *   String name = (String) payload.get("name");
             *   String pictureUrl = (String) payload.get("picture");
             *   String locale = (String) payload.get("locale");
             *   String familyName = (String) payload.get("family_name");
             *   String givenName = (String) payload.get("given_name");
             *
             *   // Use or store profile information
             */

            // this part signs in user directly if user already exists
            var userExternalId = userInfoPayload.Subject;

            if (!string.IsNullOrEmpty(userExternalId))
            {
                // find if external user is already logged in
                var extenalLoggedInUser = await _userManager.FindByLoginAsync(providerName, userExternalId);

                // this part if external user is already logged in
                if (extenalLoggedInUser != null)
                {
                    // so find the user from db to retrieve claims to send into token
                    var user = await _userManager.FindByIdAsync(extenalLoggedInUser.Id);

                    // to find the db user claims
                    var userClaims = await _userManager.GetClaimsAsync(user);

                    context.Result = new GrantValidationResult(
                        user.Id, providerName, userClaims, providerName, null);
                    return;
                }
            }

            // this part registers user
            // get email from the post request context
            var requestEmail = context.Request.Raw.Get("email");

            if (string.IsNullOrEmpty(requestEmail))
            {
                context.Result = await _nonEmailUserProcessor.ProcessAsync(userInfoPayload,
                                                                           providerName);

                return;
            }

            // if email found in post request context
            // that is from client application email parameter is sent
            context.Result = await _emailUserProcessor.ProcessAsync(userInfoPayload,
                                                                    requestEmail, providerName);

            return;
        }
        public async Task ValidateAsync(ExtensionGrantValidationContext context)
        {
            try
            {
                var providerName  = context.Request.Raw.Get(ExternalGrantParameters.Provider);
                var externalToken = context.Request.Raw.Get(ExternalGrantParameters.ExternalToken);
                var requestEmail  = context.Request.Raw.Get(ExternalGrantParameters.Email);

                if (string.IsNullOrWhiteSpace(providerName))
                {
                    context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest, ExternalGrantErrors.InvalidProvider);
                    return;
                }

                if (string.IsNullOrWhiteSpace(externalToken))
                {
                    context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest, ExternalGrantErrors.InvalidExternalToken);
                    return;
                }

                var provider = ExternalProviders.GetProviders().FirstOrDefault(x => x.Name.Equals(providerName, StringComparison.OrdinalIgnoreCase));
                if (provider == null)
                {
                    context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest, ExternalGrantErrors.ProviderNotFound);
                    return;
                }

                var tokenService = _tokenServiceAccessor(providerName);
                var userInfo     = await tokenService.GetUserInfoAsync(externalToken);

                if (userInfo == null)
                {
                    context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest, ExternalGrantErrors.UserInfoNotRetrieved);
                    return;
                }

                var externalId = userInfo.Value <string>("id");
                if (!string.IsNullOrWhiteSpace(externalId))
                {
                    var existingUserId = await _userManager.FindByProviderAsync(providerName, externalId);

                    if (!string.IsNullOrWhiteSpace(existingUserId))
                    {
                        var claims = await _userManager.GetUserClaimsByExternalIdAsync(externalId, providerName);

                        context.Result = new GrantValidationResult(existingUserId, providerName, claims, providerName, null);
                    }
                }

                if (string.IsNullOrWhiteSpace(requestEmail))
                {
                    context.Result = await _nonEmailUserProcessor.ProcessAsync(userInfo, providerName);

                    return;
                }

                context.Result = await _emailUserProcessor.ProcessAsync(userInfo, requestEmail, providerName);
            }
            catch (Exception e)
            {
                context.Result = new GrantValidationResult(TokenRequestErrors.InvalidRequest, e.Message);
            }
        }