public async Task ValidateAsync(ExtensionGrantValidationContext context) { var inputToken = context.Request.Raw.Get("input_token"); var accessToken = context.Request.Raw.Get("access_token"); if (string.IsNullOrEmpty(inputToken)) { context.Result = new GrantValidationResult(OidcConstants.TokenErrors.InvalidRequest, null); return; } if (string.IsNullOrEmpty(accessToken)) { context.Result = new GrantValidationResult(OidcConstants.TokenErrors.InvalidRequest, null); return; } var client = new HttpClient(); var tokenResponse = await client.GetAsync($"https://graph.facebook.com/debug_token?input_token={inputToken}&access_token={accessToken}"); if (tokenResponse.StatusCode == System.Net.HttpStatusCode.OK) { //Get token response and check wheather ist from valid application or not var tokenResponseData = await tokenResponse.Content.ReadAsStringAsync(); var fbTokenResponseData = TokenResponseDserializer.DserializeIdToken <FacebookAuthTokenResponse>(tokenResponseData); //Make sure issuer client is valid //if (fbTokenResponseData.Data.App_id != FacebookAuthConstants.FacebookAppId) //{ // context.Result = new GrantValidationResult(OidcConstants.TokenErrors.UnauthorizedClient, null); // return; //} //Get user profile information using access_token from Facebook Graph API var profileResponse = await client.GetAsync($"https://graph.facebook.com/me?fields=id,email,gender,picture&access_token={inputToken}"); if (profileResponse.IsSuccessStatusCode) { //Parse fb response var responseData = await profileResponse.Content.ReadAsStringAsync(); var fbTokenResponse = TokenResponseDserializer.DserializeIdToken <FacebookAuthResponse>(responseData); //Check if user is available in Auth Database yet. var requestedUser = _userStore.FindByProviderAndSubjectId(ProviderConstants.Facebook, fbTokenResponse.Id); if (requestedUser == null) { #region Password Hash and Salt var pwdSalt = CryptoService.GenerateSalt(); var pwdHash = CryptoService.ComputeHash(PasswordGenerator.GetRandomPassword(), pwdSalt); #endregion //Get User Information //Create new User var customUser = new CustomUser { SubjectId = fbTokenResponse.Id, Email = string.IsNullOrEmpty(fbTokenResponse.Email)?"": fbTokenResponse.Email.ToLower(), PasswordHash = Convert.ToBase64String(pwdHash), PasswordSalt = Convert.ToBase64String(pwdSalt), Provider = ProviderConstants.Facebook, CreatedDate = DateTime.UtcNow, LastUpdated = DateTime.UtcNow }; _userStore.AddNewUser(customUser); } context.Result = new GrantValidationResult(fbTokenResponse.Id, ExternalGrantTypes.Facebok); } else { context.Result = new GrantValidationResult(OidcConstants.TokenErrors.InvalidRequest, null); } } else { context.Result = new GrantValidationResult(OidcConstants.TokenErrors.InvalidRequest, null); } }
public async Task ValidateAsync(ExtensionGrantValidationContext context) { try { var idToken = context.Request.Raw.Get("id_token"); if (string.IsNullOrEmpty(idToken)) { context.Result = new GrantValidationResult(OidcConstants.TokenErrors.InvalidRequest, null); return; } //https://www.googleapis.com/auth/userinfo.profile scope is required to get user profile image for app team // get user's identity var client = new HttpClient(); var request = await client.GetAsync($"https://www.googleapis.com/oauth2/v3/tokeninfo?id_token={idToken}"); if (request.StatusCode == System.Net.HttpStatusCode.OK) { var responseData = await request.Content.ReadAsStringAsync(); var googleAuthResponse = TokenResponseDserializer.DserializeIdToken <GoogleAuthResponse>(responseData); if (!string.Equals(googleAuthResponse.Iss, GoogleAuthConstants.Issuer, StringComparison.CurrentCultureIgnoreCase)) { context.Result = new GrantValidationResult("Invalid Issuer.", null); return; } //Make sure issuer client is valid //if (googleAuthResponse.Azp != GoogleAuthConstants.ClinetId) //{ // context.Result = new GrantValidationResult(OidcConstants.TokenErrors.UnauthorizedClient, null); // return; //} var requestedUser = _userStore.FindByProviderAndEmail(ProviderConstants.Google, googleAuthResponse.Email); if (requestedUser == null) { #region Password Hash and Salt var pwdSalt = CryptoService.GenerateSalt(); var pwdHash = CryptoService.ComputeHash(PasswordGenerator.GetRandomPassword(), pwdSalt); #endregion //Create new User var customUser = new CustomUser { SubjectId = googleAuthResponse.Sub, Email = googleAuthResponse.Email.ToLower(), PasswordHash = Convert.ToBase64String(pwdHash), PasswordSalt = Convert.ToBase64String(pwdSalt), Provider = ProviderConstants.Google, CreatedDate = DateTime.UtcNow, LastUpdated = DateTime.UtcNow }; _userStore.AddNewUser(customUser); } context.Result = new GrantValidationResult(googleAuthResponse.Sub, ExternalGrantTypes.Google); } } catch (Exception) { context.Result = new GrantValidationResult("Internal Server Error.", null); } }