Пример #1
0
        public OpenIDLoginResponse(OpenIDResponseType responseType, string id, string issuer, string audience, IdentityModel identity, string x509Thumbprint, string nonce, string state)
        {
            if (responseType == OpenIDResponseType.Code)
            {
                this.AccessCode = AuthTokenManager.GenerateAccessCode(id, identity);
            }
            else if (responseType == OpenIDResponseType.IdToken)
            {
                this.ID       = id;
                this.Issuer   = issuer;
                this.Subject  = Guid.NewGuid().ToString();
                this.Audience = audience;
                this.UserID   = identity.UserID;
                this.UserName = identity.UserName;
                this.Roles    = identity.Roles;

                this.KeyID          = x509Thumbprint;
                this.X509Thumbprint = x509Thumbprint; //same https://docs.microsoft.com/en-us/azure/active-directory/develop/id-tokens
                this.Nonce          = nonce;
                this.State          = state;

                this.IssuedAtTime = DateTimeOffset.UtcNow.ToUnixTimeSeconds();
                this.NotBefore    = DateTimeOffset.UtcNow.AddMinutes(-5).ToUnixTimeSeconds();
                this.Expiration   = DateTimeOffset.UtcNow.AddMinutes(5).ToUnixTimeSeconds();
            }
            else
            {
                throw new IdentityProviderException($"Not supported response type {responseType}");
            }
        }
Пример #2
0
 public OpenIDIdentityConsumer(string serviceProvider, string secret, string loginUrl, string redirectUrl, string logoutUrl, string tokenUrl, string userInfoUrl, string redirectUrlPostLogout, string identityProviderCertUrl, string scope, bool requiredSignature, OpenIDResponseType responseType)
 {
     this.serviceProvider         = serviceProvider;
     this.secret                  = secret;
     this.loginUrl                = loginUrl;
     this.redirectUrl             = redirectUrl;
     this.logoutUrl               = logoutUrl;
     this.tokenUrl                = tokenUrl;
     this.userInfoUrl             = userInfoUrl;
     this.redirectUrlPostLogout   = redirectUrlPostLogout;
     this.identityProviderCertUrl = identityProviderCertUrl;
     this.scope             = scope;
     this.requiredSignature = requiredSignature;
     this.responseType      = responseType;
 }
Пример #3
0
        public static async Task <OpenIDIdentityConsumer> FromMetadata(string serviceProvider, string secret, string metadataUrl, string redirectUrl, string redirectUrlPostLogout, string scope, OpenIDResponseType responseType)
        {
            var request  = WebRequest.Create(metadataUrl);
            var response = await request.GetResponseAsync();

            var binding  = OpenIDBinding.GetBindingForResponse(response, BindingDirection.Response);
            var document = new OpenIDMetadataResponse(binding);

            if (!document.ScopesSupported.Contains("openid"))
            {
                throw new IdentityProviderException("OpenID Scope Not Supported From This Service.");
            }

            if (String.IsNullOrWhiteSpace(scope))
            {
                var sb = new StringBuilder();
                sb.Append("openid");
                if (document.ScopesSupported.Contains("profile"))
                {
                    sb.Append("+profile");
                }
                if (document.ScopesSupported.Contains("email"))
                {
                    sb.Append("+email");
                }
                if (document.ScopesSupported.Contains("offline_access"))
                {
                    sb.Append("+offline_access");
                }

                scope = sb.ToString();
            }

            return(new OpenIDIdentityConsumer(
                       serviceProvider,
                       secret,
                       document.LoginUrl,
                       redirectUrl,
                       document.LogoutUrl,
                       document.TokenUrl,
                       document.UserInfoUrl,
                       redirectUrlPostLogout,
                       document.KeysUrl,
                       scope,
                       true,
                       responseType
                       ));
        }