public SampleForm()
{
InitializeComponent();
var authority = "https://demo.identityserver.io";
var options = new OidcClientOptions(
authority,
"native",
"secret",
"openid email api offline_access",
"http://localhost/winforms.client",
new WinFormsWebView());
options.UseFormPost = true;
_oidcClient = new OidcClient(options);
}
public async Task no_keyset_for_identity_token_should_fail()
{
var tokenResponse = new Dictionary <string, object>
{
{ "access_token", "token" },
{ "expires_in", 300 },
{ "id_token", Crypto.UntrustedIdentityToken },
{ "refresh_token", "refresh_token" }
};
_options.BackchannelHandler = new NetworkHandler(JsonConvert.SerializeObject(tokenResponse), HttpStatusCode.OK);
var client = new OidcClient(_options);
var state = await client.PrepareLoginAsync();
var url = $"?state={state.State}&code=bar";
var result = await client.ProcessResponseAsync(url, state);
result.IsError.Should().BeTrue();
result.Error.Should().StartWith("Error validating token response: Error validating identity token: Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException: IDX10500: Signature validation failed. No security keys were provided to validate the signature");
}
public async Task malformed_identity_token_on_token_response_should_fail()
{
var tokenResponse = new Dictionary <string, object>
{
{ "access_token", "token" },
{ "expires_in", 300 },
{ "id_token", "id_token" },
{ "refresh_token", "refresh_token" }
};
_options.BackchannelHandler = new NetworkHandler(JsonConvert.SerializeObject(tokenResponse), HttpStatusCode.OK);
var client = new OidcClient(_options);
var state = await client.PrepareLoginAsync();
var url = $"?state={state.State}&code=bar";
var result = await client.ProcessResponseAsync(url, state);
result.IsError.Should().BeTrue();
result.Error.Should().StartWith("Error validating token response: Error validating identity token: System.ArgumentException: IDX10709: JWT is not well formed");
}
public async Task Malformed_identity_token_on_token_response_should_fail()
{
var tokenResponse = new Dictionary <string, object>
{
{ "access_token", "token" },
{ "expires_in", 300 },
{ "id_token", "id_token" },
{ "refresh_token", "refresh_token" }
};
_options.BackchannelHandler = new NetworkHandler(JsonSerializer.Serialize(tokenResponse), HttpStatusCode.OK);
var client = new OidcClient(_options);
var state = await client.PrepareLoginAsync();
var url = $"?state={state.State}&code=bar";
var result = await client.ProcessResponseAsync(url, state);
result.IsError.Should().BeTrue();
result.Error.Should().Contain("IDX14100");
}
public async Task Missing_access_token_on_token_response_should_fail()
{
var tokenResponse = new Dictionary <string, object>
{
//{ "access_token", "token" },
{ "expires_in", 300 },
{ "id_token", "id_token" },
{ "refresh_token", "refresh_token" }
};
_options.BackchannelHandler = new NetworkHandler(JsonConvert.SerializeObject(tokenResponse), HttpStatusCode.OK);
var client = new OidcClient(_options);
var state = await client.PrepareLoginAsync();
var url = $"?state={state.State}&code=bar";
var result = await client.ProcessResponseAsync(url, state);
result.IsError.Should().BeTrue();
result.Error.Should().Be("Error validating token response: Access token is missing on token response.");
}
public async Task No_keyset_for_identity_token_should_fail()
{
var tokenResponse = new Dictionary <string, object>
{
{ "access_token", "token" },
{ "expires_in", 300 },
{ "id_token", Crypto.UntrustedIdentityToken },
{ "refresh_token", "refresh_token" }
};
_options.BackchannelHandler = new NetworkHandler(JsonConvert.SerializeObject(tokenResponse), HttpStatusCode.OK);
var client = new OidcClient(_options);
var state = await client.PrepareLoginAsync();
var url = $"?state={state.State}&code=bar";
var result = await client.ProcessResponseAsync(url, state);
result.IsError.Should().BeTrue();
result.Error.Should().Contain("IDX10501");
}
public async Task Invalid_cHash_should_fail()
{
var client = new OidcClient(_options);
var state = await client.PrepareLoginAsync();
var key = Crypto.CreateKey();
_options.ProviderInformation.KeySet = Crypto.CreateKeySet(key);
var frontChannelJwt = Crypto.CreateJwt(key, "https://authority", "client",
new Claim("sub", "123"),
new Claim("nonce", state.Nonce),
new Claim("c_hash", "invalid"));
var url = $"?state={state.State}&code=code&id_token={frontChannelJwt}";
var result = await client.ProcessResponseAsync(url, state);
result.IsError.Should().BeTrue();
result.Error.Should().Be("Invalid c_hash.");
}
private async void Button_Click(object sender, RoutedEventArgs e)
{
var options = new OidcClientOptions()
{
Authority = "https://localhost:44305/",
ClientId = "wpf",
Scope = "openid ApiOne",
RedirectUri = "http://localhost/sample-wpf-app",
Browser = new WpfEmbeddedBrowser()
};
_oidcClient = new OidcClient(options);
LoginResult result;
try
{
result = await _oidcClient.LoginAsync();
}
catch (Exception ex)
{
//Message.Text = $"Unexpected Error: {ex.Message}";
return;
}
if (result.IsError)
{
//Message.Text = result.Error == "UserCancel" ? "The sign-in window was closed before authorization was completed." : result.Error;
}
else
{
var name = result.User.Identity.Name;
var client = new HttpClient();
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken);
var apiResult = await client.GetStringAsync("https://localhost:44337/secret");
//Message.Text = $"Hello {name}";
}
}
public async Task Extra_parameters_on_backchannel_should_be_sent()
{
var client = new OidcClient(_options);
var state = await client.PrepareLoginAsync();
var url = $"?state={state.State}&code=bar";
var idToken = Crypto.CreateJwt(null, "https://authority", "client",
new Claim("at_hash", Crypto.HashData("token")),
new Claim("sub", "123"));
var tokenResponse = new Dictionary <string, object>
{
{ "access_token", "token" },
{ "expires_in", 300 },
{ "id_token", idToken },
{ "refresh_token", "refresh_token" }
};
var handler = new NetworkHandler(JsonSerializer.Serialize(tokenResponse), HttpStatusCode.OK);
_options.BackchannelHandler = handler;
var backChannel = new Parameters
{
{ "foo", "foo" },
{ "bar", "bar" }
};
var result = await client.ProcessResponseAsync(url, state, backChannel);
result.IsError.Should().BeFalse();
result.AccessToken.Should().Be("token");
result.IdentityToken.Should().NotBeNull();
result.User.Should().NotBeNull();
var body = handler.Body;
body.Should().Contain("foo=foo");
body.Should().Contain("bar=bar");
}
private async void StartAsync(object sender, RoutedEventArgs e)
{
var options = new OidcClientOptions
{
Authority = "http://127.0.0.1:5000",
ClientId = "launcher",
Scope = "games",
RedirectUri = "http://127.0.0.1/callback",
ResponseMode = OidcClientOptions.AuthorizeResponseMode.FormPost,
Flow = OidcClientOptions.AuthenticationFlow.AuthorizationCode,
Browser = new WpfBrowser()
};
var oidcClient = new OidcClient(options);
LoginResult result;
try
{
result = await oidcClient.LoginAsync(new LoginRequest
{
BrowserDisplayMode = IdentityModel.OidcClient.Browser.DisplayMode.Visible,
BrowserTimeout = 300
});
}
catch (Exception ex)
{
MessageBox.Show($"exception {ex.Message}");
return;
}
if (result.IsError)
{
MessageBox.Show(result.Error == "UserCancel" ? "The sign-in window was closed before authorization was completed." : result.Error);
}
else
{
var name = result.User.Identity.Name;
MessageBox.Show($"Hello {name}");
}
}
private async void PrepareClient()
{
var redirectUri = WebAuthenticationBroker.GetCurrentApplicationCallbackUri().OriginalString;
// Create options for endpoint discovery
var options = new OidcClientOptions()
{
Authority = "https://demo.identityserver.io",
ClientId = "interactive.confidential",
ClientSecret = "secret",
Scope = "openid profile email api offline_access",
RedirectUri = redirectUri,
PostLogoutRedirectUri = redirectUri,
ResponseMode = OidcClientOptions.AuthorizeResponseMode.Redirect,
Flow = OidcClientOptions.AuthenticationFlow.AuthorizationCode
};
// Create the client. In production application, this is often created and stored
// directly in the Application class.
_oidcClient = new OidcClient(options);
// Invoke Discovery and prepare a request state, containing the nonce.
// This is done here to ensure the discovery mecanism is done before
// the user clicks on the SignIn button. Since the opening of a web window
// should be done during the handling of a user interaction (here it's the button click),
// it will be too late to reach the discovery endpoint.
// Not doing this could trigger popup blockers mechanisms in browsers.
_loginState = await _oidcClient.PrepareLoginAsync();
btnSignin.IsEnabled = true;
resultTxt.Text = "Login URI correct";
// Same for logout url.
_logoutUrl = new Uri(await _oidcClient.PrepareLogoutAsync(new LogoutRequest()));
btnSignout.IsEnabled = true;
resultTxt.Text = $"Initialization completed.\nStart={_loginState.StartUrl}\nCallback={_loginState.RedirectUri}\nLogout={_logoutUrl}";
}
private static OidcClient InitializeLoginClient()
{
int port = 7890;
string authority = "https://log-in.test.miljoeportal.dk/runtime/oauth2";
string clientId = "** insert client id **";
string clientSecret = "** insert client secret **";
string redirectUri = string.Format($"http://127.0.0.1:{port}");
var options = new OidcClientOptions
{
Authority = authority,
Policy = new Policy
{
Discovery = new DiscoveryPolicy
{
ValidateIssuerName = false,
ValidateEndpoints = false
}
},
ClientId = clientId,
ClientSecret = clientSecret,
RedirectUri = redirectUri,
Scope = "openid",
Flow = OidcClientOptions.AuthenticationFlow.AuthorizationCode,
ResponseMode = OidcClientOptions.AuthorizeResponseMode.Redirect,
Browser = new SystemBrowser(port)
};
var client = new OidcClient(options);
return(client);
}
public MainPage()
{
InitializeComponent();
Login.Clicked += Login_Clicked;
CallApi.Clicked += CallApi_Clicked;
var browser = DependencyService.Get <IBrowser>();
var options = new OidcClientOptions
{
Authority = "https://demo.identityserver.io",
ClientId = "native.hybrid",
Scope = "openid profile email api offline_access",
RedirectUri = "xamarinformsclients://callback",
Browser = browser,
ResponseMode = OidcClientOptions.AuthorizeResponseMode.Redirect
};
_client = new OidcClient(options);
}
public async Task At_hash_policy_should_be_enforced(bool atHashRequired)
{
var client = new OidcClient(_options);
var state = await client.PrepareLoginAsync();
var url = $"?state={state.State}&nonce={state.Nonce}&code=bar";
var key = Crypto.CreateKey();
var idToken = Crypto.CreateJwt(key, "https://authority", "client",
new Claim("sub", "123"),
new Claim("nonce", state.Nonce));
var tokenResponse = new Dictionary <string, object>
{
{ "access_token", "token" },
{ "expires_in", 300 },
{ "id_token", idToken },
{ "refresh_token", "refresh_token" }
};
_options.ProviderInformation.KeySet = Crypto.CreateKeySet(key);
_options.BackchannelHandler =
new NetworkHandler(JsonSerializer.Serialize(tokenResponse), HttpStatusCode.OK);
_options.Policy.RequireAccessTokenHash = atHashRequired;
var result = await client.ProcessResponseAsync(url, state);
if (atHashRequired)
{
result.IsError.Should().BeTrue();
result.Error.Should().Be("Error validating token response: at_hash is missing.");
}
else
{
result.IsError.Should().BeFalse();
result.AccessToken.Should().Be("token");
result.IdentityToken.Should().NotBeNull();
result.User.Should().NotBeNull();
}
}
public MainWindow()
{
InitializeComponent();
_writeLine = (text) => txtOutput.Text += text + "\n";
_clearText = () => txtOutput.Text = "";
_oidcOptions = new OidcClientOptions
{
Authority = "{authority}",
ClientId = "{clienId}",
Scope = "openid profile",
Flow = AuthenticationFlow.AuthorizationCode,
ResponseMode = OidcClientOptions.AuthorizeResponseMode.FormPost,
// should post_logout_redirect always be the same?
RedirectUri = "{redirectUri}", //"http://127.0.0.1:56008/",
PostLogoutRedirectUri = "{postLogoutRedirectUri}", //"http://127.0.0.1:56008/",
Browser = new DefaultSystemBrowser(),
};
_oidcClient = new OidcClient(_oidcOptions);
}
public void HandleOidcUserAddUpdate_NewUserGetsCreatedWithCorrectData()
{
var expectedFirstName = System.Guid.NewGuid().ToString("N");
var expectedLastName = System.Guid.NewGuid().ToString("N");
var expectedMiddleName = System.Guid.NewGuid().ToString("N");
var expectedNickName = System.Guid.NewGuid().ToString("N");
var expectedEmailAddress = System.Guid.NewGuid().ToString("N") + "@fakeinbox.com";
var userId = System.Guid.NewGuid().ToString("N");
var tokenHandler = new JwtSecurityTokenHandler();
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new[]
{
new Claim(JwtClaimTypes.Subject, userId),
new Claim(JwtClaimTypes.Email, expectedEmailAddress),
new Claim(JwtClaimTypes.NickName, expectedNickName),
new Claim(JwtClaimTypes.GivenName, expectedFirstName),
new Claim(JwtClaimTypes.MiddleName, expectedMiddleName),
new Claim(JwtClaimTypes.FamilyName, expectedLastName)
}),
};
var token = ( JwtSecurityToken )tokenHandler.CreateToken(tokenDescriptor);
var oidcClient = new OidcClient();
var userName = oidcClient.HandleOidcUserAddUpdate(token, "test");
var userLoginService = new UserLoginService(new RockContext());
var actualUserLogin = userLoginService.Queryable().Where(ul => ul.UserName == userName).FirstOrDefault();
Assert.That.IsNotNull(actualUserLogin);
Assert.That.AreEqual("OIDC_" + userId, actualUserLogin.UserName);
Assert.That.AreEqual(expectedEmailAddress.ToLower(), actualUserLogin.Person.Email.ToLower());
Assert.That.AreEqual(expectedFirstName.ToLower(), actualUserLogin.Person.FirstName.ToLower());
Assert.That.AreEqual(expectedMiddleName.ToLower(), actualUserLogin.Person.MiddleName.ToLower());
Assert.That.AreEqual(expectedLastName.ToLower(), actualUserLogin.Person.LastName.ToLower());
Assert.That.AreEqual(expectedNickName.ToLower(), actualUserLogin.Person.NickName.ToLower());
}
public async Task untrusted_identity_token_should_fail()
{
var tokenResponse = new Dictionary <string, object>
{
{ "access_token", "token" },
{ "expires_in", 300 },
{ "id_token", Crypto.UntrustedIdentityToken },
{ "refresh_token", "refresh_token" }
};
_options.ProviderInformation.KeySet = Crypto.CreateKeySet(Crypto.CreateKey());
_options.BackchannelHandler = new NetworkHandler(JsonConvert.SerializeObject(tokenResponse), HttpStatusCode.OK);
var client = new OidcClient(_options);
var state = await client.PrepareLoginAsync();
var url = $"?state={state.State}&code=bar";
var result = await client.ProcessResponseAsync(url, state);
result.IsError.Should().BeTrue();
result.Error.Should().StartWith("Error validating token response: Error validating identity token: Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: IDX10501: Signature validation failed. Unable to match 'kid'");
}
public async Task Untrusted_identity_token_should_fail()
{
var tokenResponse = new Dictionary <string, object>
{
{ "access_token", "token" },
{ "expires_in", 300 },
{ "id_token", Crypto.UntrustedIdentityToken },
{ "refresh_token", "refresh_token" }
};
_options.ProviderInformation.KeySet = Crypto.CreateKeySet(Crypto.CreateKey());
_options.BackchannelHandler = new NetworkHandler(JsonSerializer.Serialize(tokenResponse), HttpStatusCode.OK);
var client = new OidcClient(_options);
var state = await client.PrepareLoginAsync();
var url = $"?state={state.State}&code=bar";
var result = await client.ProcessResponseAsync(url, state);
result.IsError.Should().BeTrue();
result.Error.Should().Contain("invalid_signature");
}
private static async Task SignIn()
{
// create a redirect URI using an available port on the loopback address.
// requires the OP to allow random ports on 127.0.0.1 - otherwise set a static port
var browser = new SystemBrowser();
string redirectUri = string.Format($"http://127.0.0.1:{browser.Port}");
var options = new OidcClientOptions
{
Authority = _authority,
ClientId = "interactive.public",
RedirectUri = redirectUri,
Scope = "openid profile api offline_access",
FilterClaims = false,
Browser = browser,
IdentityTokenValidator = new JwtHandlerIdentityTokenValidator(),
RefreshTokenInnerHttpHandler = new HttpClientHandler()
};
var serilog = new LoggerConfiguration()
.MinimumLevel.Debug()
.Enrich.FromLogContext()
.WriteTo.Console(outputTemplate: "[{Timestamp:HH:mm:ss} {Level}] {SourceContext}{NewLine}{Message}{NewLine}{Exception}{NewLine}", theme: AnsiConsoleTheme.Code)
.CreateLogger();
options.LoggerFactory.AddSerilog(serilog);
_oidcClient = new OidcClient(options);
var result = await _oidcClient.LoginAsync(new LoginRequest());
_apiClient = new HttpClient(result.RefreshTokenHandler)
{
BaseAddress = new Uri(_api)
};
ShowResult(result);
await NextSteps(result);
}
protected ViewController(IntPtr handle) : base(handle)
{
IdentityModelEventSource.ShowPII = true;
var options = new OidcClientOptions
{
Authority = "https://demo.identityserver.io",
ClientId = "native.hybrid",
Scope = "openid profile email api offline_access",
ResponseMode = OidcClientOptions.AuthorizeResponseMode.Redirect,
RedirectUri = "SFAuthenticationSessionExample://callback",
PostLogoutRedirectUri = "SFAuthenticationSessionExample://callback",
//Browser = new SFAuthenticationSessionBrowser()
// new in iOS 12
Browser = new ASWebAuthenticationSessionBrowser()
};
_client = new OidcClient(options);
}
public MainPage()
{
InitializeComponent();
var browser = DependencyService.Get <IBrowser>();
var options = new OidcClientOptions
{
Authority = "http://192.168.1.107:5000/",
ClientId = "xamarin",
Scope = "openid ApiOne",
RedirectUri = "xamarinformsclients://callback",
Browser = browser,
ResponseMode = OidcClientOptions.AuthorizeResponseMode.Redirect
};
options.Policy.Discovery.RequireHttps = false;
_client = new OidcClient(options);
_apiClient.Value.BaseAddress = new Uri("http://192.168.1.107:5002/");
}
private static async Task Login(OidcClientOptions options)
{
// create a redirect URI using an available port on the loopback address. requires the
// OP to allow random ports on 127.0.0.1 - otherwise set a static port
var browser = new SystemBrowser(3000);
string redirectUri = string.Format($"http://127.0.0.1:{browser.Port}");
//string redirectUri = "https://keycloak.docufy.de/auth/realms/AzureAdTest/broker/oidc/endpoint/auth";
//var options = new OidcClientOptions
//{
// Authority = _authority,
// ClientId = "native.code",
// RedirectUri = redirectUri,
// Scope = "openid profile api",
// FilterClaims = false,
// Browser = browser,
// Flow = OidcClientOptions.AuthenticationFlow.AuthorizationCode,
// ResponseMode = OidcClientOptions.AuthorizeResponseMode.Redirect
//};
options.Browser = browser;
options.RedirectUri = redirectUri;
var serilog = new LoggerConfiguration()
.MinimumLevel.Error()
.Enrich.FromLogContext()
.WriteTo.LiterateConsole(outputTemplate: "[{Timestamp:HH:mm:ss} {Level}] {SourceContext}{NewLine}{Message}{NewLine}{Exception}{NewLine}")
.CreateLogger();
options.LoggerFactory.AddSerilog(serilog);
_oidcClient = new OidcClient(options);
var result = await _oidcClient.LoginAsync(new LoginRequest());
ShowResult(result);
await NextSteps(result);
}
private async void Window_Loaded(object sender, RoutedEventArgs e)
{
var options = new OidcClientOptions()
{
Authority = "http://localhost:5001",
ClientId = "8b25bce5-fbee-41a8-ba0e-8385fe4afff7",
ClientSecret = "8b25bce5-fbee-41a8-ba0e-8385fe4afff7",
Scope = "openid profile openIdConnectClient",
RedirectUri = "http://127.0.0.1/sample-wpf-app",
ResponseMode = OidcClientOptions.AuthorizeResponseMode.FormPost,
Flow = OidcClientOptions.AuthenticationFlow.AuthorizationCode,
Browser = new WpfEmbeddedBrowser()
};
_oidcClient = new OidcClient(options);
LoginResult result;
try
{
result = await _oidcClient.LoginAsync(new LoginRequest { BrowserDisplayMode = DisplayMode.Visible });
}
catch (Exception ex)
{
Message.Text = $"Unexpected Error: {ex.Message}";
return;
}
if (result.IsError)
{
Message.Text = result.Error == "UserCancel" ? "A janela de autenticação foi fechada antes da autorização ser completada." : result.Error;
}
else
{
var name = result.User.Identity.Name;
Message.Text = $"Hello {name}";
}
}
private async void Login_OnClick(object sender, RoutedEventArgs e)
{
var options = new OidcClientOptions
{
Authority = Constants.AuthorityUri,
ClientId = Constants.ClientId,
Scope = Constants.Scope,
RedirectUri = Constants.RedirectUri,
ResponseMode = OidcClientOptions.AuthorizeResponseMode.Redirect,
Browser = new Browser(),
Policy = new Policy {
Discovery = new DiscoveryPolicy {
RequireHttps = false
}
}
};
_oidcClient = new OidcClient(options);
_loginResult = await _oidcClient.LoginAsync(new LoginRequest());
if (_loginResult.IsError)
{
ViewModel.Result = $"Error: {_loginResult.Error}";
return;
}
ViewModel.Result = "Success";
ViewModel.IdentityToken = _loginResult.IdentityToken;
ViewModel.AccessToken = _loginResult.AccessToken;
_httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", _loginResult?.AccessToken ?? string.Empty);
var response = await _httpClient.GetAsync("");
var content = await response.Content.ReadAsStringAsync();
ViewModel.UserInfo = content;
}
public async void Start(object sender, RoutedEventArgs e)
{
var options = new OidcClientOptions()
{
Authority = "http://localhost:53382/",
ClientId = "windows-client",
Scope = "openid profile",
RedirectUri = "urn:ietf:wg:oauth:2.0:oob",
ResponseMode = OidcClientOptions.AuthorizeResponseMode.FormPost,
Flow = OidcClientOptions.AuthenticationFlow.AuthorizationCode,
Browser = new WpfEmbeddedBrowser(),
ClientSecret = "secret"
};
_oidcClient = new OidcClient(options);
LoginResult result;
try
{
result = await _oidcClient.LoginAsync();
}
catch (Exception ex)
{
Message.Text = $"Unexpected Error: {ex.Message}";
return;
}
if (result.IsError)
{
Message.Text = result.Error == "UserCancel" ? "The sign-in window was closed before authorization was completed." : result.Error;
}
else
{
var name = result.User.Identity.Name;
Message.Text = $"Hello {name}";
}
}
public async Task Sending_authorization_header_should_succeed()
{
_options.ClientSecret = "secret";
_options.TokenClientCredentialStyle = Client.ClientCredentialStyle.AuthorizationHeader;
var client = new OidcClient(_options);
var state = await client.PrepareLoginAsync();
var url = $"?state={state.State}&nonce={state.Nonce}&code=bar";
var key = Crypto.CreateKey();
var idToken = Crypto.CreateJwt(key, "https://authority", "client",
new Claim("at_hash", Crypto.HashData("token")),
new Claim("sub", "123"),
new Claim("nonce", state.Nonce));
var tokenResponse = new Dictionary <string, object>
{
{ "access_token", "token" },
{ "expires_in", 300 },
{ "id_token", idToken },
{ "refresh_token", "refresh_token" }
};
_options.ProviderInformation.KeySet = Crypto.CreateKeySet(key);
var backChannelHandler = new NetworkHandler(JsonSerializer.Serialize(tokenResponse), HttpStatusCode.OK);
_options.BackchannelHandler = backChannelHandler;
var result = await client.ProcessResponseAsync(url, state);
var request = backChannelHandler.Request;
request.Headers.Authorization.Should().NotBeNull();
request.Headers.Authorization.Scheme.Should().Be("Basic");
request.Headers.Authorization.Parameter.Should()
.Be(BasicAuthenticationOAuthHeaderValue.EncodeCredential("client", "secret"));
}
private async void LoginSysBrowseButton_Click(object sender, RoutedEventArgs e)
{
var options = new OidcClientOptions
{
Authority = "https://demo.identityserver.io",
ClientId = "native.hybrid",
Scope = "openid profile api offline_access",
RedirectUri = "io.identityserver.demo.uwp://callback",
ResponseMode = OidcClientOptions.AuthorizeResponseMode.Redirect,
Browser = new SystemBrowser()
};
var client = new OidcClient(options);
var result = await client.LoginAsync(new LoginRequest());
if (!string.IsNullOrEmpty(result.Error))
{
ResultTextBox.Text = result.Error;
return;
}
var sb = new StringBuilder(128);
foreach (var claim in result.User.Claims)
{
sb.AppendLine($"{claim.Type}: {claim.Value}");
}
sb.AppendLine($"refresh token: {result.RefreshToken}");
sb.AppendLine($"access token: {result.AccessToken}");
ResultTextBox.Text = sb.ToString();
_result = result;
_client = new HttpClient(result.RefreshTokenHandler);
_client.BaseAddress = new Uri("https://demo.identityserver.io/");
}
private async void Button_Click(object sender, EventArgs e)
{
var authority = "https://demo.identityserver.io";
var options = new OidcClientOptions(
authority,
"native",
"secret",
"openid profile api offline_access",
"io.identitymodel.native://callback",
new ChromeCustomTabsWebView(this));
_oidcClient = new OidcClient(options);
var result = await _oidcClient.LoginAsync();
var txtResult = FindViewById <EditText>(Resource.Id.editText1);
if (!string.IsNullOrEmpty(result.Error))
{
txtResult.Text = result.Error;
return;
}
var sb = new StringBuilder(128);
foreach (var claim in result.Claims)
{
sb.Append(string.Format("{0}: {1}\n", claim.Type, claim.Value));
}
sb.Append(string.Format("\n{0}: {1}\n", "refresh token", result.RefreshToken));
sb.Append(string.Format("\n{0}: {1}\n", "access token", result.AccessToken));
txtResult.Text = sb.ToString();
_apiClient = new HttpClient(result.Handler);
_apiClient.BaseAddress = new Uri("https://demo.identityserver.io/api/");
}
private async void Window_Loaded(object sender, RoutedEventArgs e)
{
var options = new OidcClientOptions()
{
Authority = "https://demo.identityserver.io/",
ClientId = "interactive.public",
Scope = "openid profile email",
RedirectUri = "http://127.0.0.1/sample-wpf-app",
Browser = new WpfEmbeddedBrowser(),
Policy = new Policy
{
RequireIdentityTokenSignature = false
}
};
var _oidcClient = new OidcClient(options);
LoginResult loginResult;
try
{
loginResult = await _oidcClient.LoginAsync();
}
catch (Exception exception)
{
txbMessage.Text = $"Unexpected Error: {exception.Message}";
return;
}
if (loginResult.IsError)
{
txbMessage.Text = loginResult.Error == "UserCancel" ? "The sign-in window was closed before authorization was completed." : loginResult.Error;
}
else
{
txbMessage.Text = loginResult.User.Identity.Name;
}
}
public async void Start(object sender, RoutedEventArgs e)
{
var options = new OidcClientOptions()
{
Authority = "https://demo.identityserver.io/",
ClientId = "native.code",
Scope = "openid profile email",
RedirectUri = "http://127.0.0.1/sample-wpf-app",
ResponseMode = OidcClientOptions.AuthorizeResponseMode.FormPost,
Flow = OidcClientOptions.AuthenticationFlow.AuthorizationCode,
Browser = new WpfEmbeddedBrowser()
};
_oidcClient = new OidcClient(options);
LoginResult result;
try
{
result = await _oidcClient.LoginAsync();
}
catch (Exception ex)
{
Message.Text = $"Unexpected Error: {ex.Message}";
return;
}
if (result.IsError)
{
Message.Text = result.Error == "UserCancel" ? "The sign-in window was closed before authorization was completed." : result.Error;
}
else
{
var name = result.User.Identity.Name;
_result = result;
Message.Text = $"Hello {name}";
}
}
public MainPage()
{
InitializeComponent();
Login.Clicked += Login_Clicked;
CallApi.Clicked += CallApi_Clicked;
var browser = DependencyService.Get <IBrowser>();
var options = new OidcClientOptions
{
Authority = "https://as.landsense.eu",
ClientId = Constant.AndroidClientId,
ClientSecret = Constant.ClientIdSecret,
Scope = Constant.Scope,
RedirectUri = Constant.AndroidRedirectUrl,
Flow = OidcClientOptions.AuthenticationFlow.AuthorizationCode,
Browser = browser,
ResponseMode = OidcClientOptions.AuthorizeResponseMode.Redirect
};
_client = new OidcClient(options);
}
private async void LoginButton_Click(object sender, RoutedEventArgs e)
{
var authority = "https://demo.identityserver.io";
var webView = new UwpWebView(enableWindowsAuthentication: false);
var options = new OidcClientOptions(
authority: authority,
clientId: "native",
clientSecret: "secret",
scope: "openid profile api offline_access",
redirectUri: WebAuthenticationBroker.GetCurrentApplicationCallbackUri().AbsoluteUri,
webView: webView);
var client = new OidcClient(options);
var result = await client.LoginAsync();
if (!string.IsNullOrEmpty(result.Error))
{
ResultTextBox.Text = result.Error;
return;
}
var sb = new StringBuilder(128);
foreach (var claim in result.Claims)
{
sb.AppendLine($"{claim.Type}: {claim.Value}");
}
sb.AppendLine($"refresh token: {result.RefreshToken}");
sb.AppendLine($"access token: {result.AccessToken}");
ResultTextBox.Text = sb.ToString();
_client = new HttpClient(result.Handler);
_client.BaseAddress = new Uri("https://demo.identityserver.io/api/");
}
