Пример #1
0
        private async Task <AddPermissionResponse> AddPermission(string resourceId, IEnumerable <string> scopes, string accessToken)
        {
            var postPermission = new PostPermission
            {
                ResourceSetId = resourceId,
                Scopes        = scopes
            };

            return(await _identityServerUmaClientFactory.GetPermissionClient().AddByResolution(postPermission, _securityOptions.UmaConfigurationUrl, accessToken));
        }
        public async Task <IActionResult> Get(string id)
        {
            if (string.IsNullOrWhiteSpace(id))
            {
                throw new ArgumentNullException(nameof(id));
            }

            var information = _informations.FirstOrDefault(i => i.Id == id);

            if (information == null)
            {
                return(new NotFoundResult());
            }

            string accessToken;
            var    grantedToken = await GetAccessToken();                                // 1. Get an access token.

            if (!TryGetAccessToken(out accessToken))                                     // 2 Try to get the RPT tokens
            {
                var ticket = await _identityServerUmaClientFactory.GetPermissionClient() // 2.1 Get permission ticket.
                             .AddByResolution(new PostPermission
                {
                    ResourceSetId = information.ResourceId,
                    Scopes        = new[] { "read" }
                }, "https://localhost:5445/.well-known/uma2-configuration", grantedToken.AccessToken);

                var ticketId = ticket.TicketId;
                var jObj     = new JObject();
                jObj.Add("ticket_id", ticketId);
                return(new OkObjectResult(jObj));
            }

            var introspectionResult = await _identityServerClientFactory.CreateAuthSelector()
                                      .UseClientSecretPostAuth("resource_server", "resource_server")
                                      .Introspect(accessToken, TokenType.AccessToken)
                                      .ResolveAsync("https://localhost:5445/.well-known/uma2-configuration");

            if (!introspectionResult.Active)
            {
                return(null);
            }

            var payload = _jwsParser.GetPayload(accessToken);

            if (!payload.ContainsKey("ticket"))
            {
                return(null);
            }


            var ticketObj = JArray.Parse(payload["ticket"].ToString());

            // CHECK THE TICKET IS CORRECT.
            return(null);
        }
        private async Task <string> ResolveUrl(AssetResponse asset, string accessToken, string idToken)
        {
            var permissionResponse = await _identityServerUmaClientFactory.GetPermissionClient()
                                     .AddByResolution(new PostPermission
            {
                ResourceSetId = asset.ResourceId,
                Scopes        = new[]
                {
                    "read"
                },
            }, _resourceManagerResolverOptions.Authorization.AuthorizationWellKnownConfiguration, accessToken);

            var umaGrantedToken = await _identityServerClientFactory.CreateAuthSelector()
                                  .UseClientSecretPostAuth(_resourceManagerResolverOptions.Authorization.ClientId, _resourceManagerResolverOptions.Authorization.ClientSecret)
                                  .UseTicketId(permissionResponse.Content.TicketId, idToken)
                                  .ResolveAsync(_resourceManagerResolverOptions.Authorization.AuthorizationWellKnownConfiguration);

            if (umaGrantedToken.ContainsError)
            {
                return(null);
            }

            return(asset.Path);
        }