public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
var inputToken = context.Request.Raw.Get("input_token");
var accessToken = context.Request.Raw.Get("access_token");
if (string.IsNullOrEmpty(inputToken))
{
context.Result = new GrantValidationResult(OidcConstants.TokenErrors.InvalidRequest, null);
return;
}
if (string.IsNullOrEmpty(accessToken))
{
context.Result = new GrantValidationResult(OidcConstants.TokenErrors.InvalidRequest, null);
return;
}
var client = new HttpClient();
var tokenResponse = await client.GetAsync($"https://graph.facebook.com/debug_token?input_token={inputToken}&access_token={accessToken}");
if (tokenResponse.StatusCode == System.Net.HttpStatusCode.OK)
{
//Get token response and check wheather ist from valid application or not
var tokenResponseData = await tokenResponse.Content.ReadAsStringAsync();
var fbTokenResponseData = TokenResponseDserializer.DserializeIdToken <FacebookAuthTokenResponse>(tokenResponseData);
//Make sure issuer client is valid
//if (fbTokenResponseData.Data.App_id != FacebookAuthConstants.FacebookAppId)
//{
// context.Result = new GrantValidationResult(OidcConstants.TokenErrors.UnauthorizedClient, null);
// return;
//}
//Get user profile information using access_token from Facebook Graph API
var profileResponse = await client.GetAsync($"https://graph.facebook.com/me?fields=id,email,gender,picture&access_token={inputToken}");
if (profileResponse.IsSuccessStatusCode)
{
//Parse fb response
var responseData = await profileResponse.Content.ReadAsStringAsync();
var fbTokenResponse = TokenResponseDserializer.DserializeIdToken <FacebookAuthResponse>(responseData);
//Check if user is available in Auth Database yet.
var requestedUser = _userStore.FindByProviderAndSubjectId(ProviderConstants.Facebook, fbTokenResponse.Id);
if (requestedUser == null)
{
#region Password Hash and Salt
var pwdSalt = CryptoService.GenerateSalt();
var pwdHash = CryptoService.ComputeHash(PasswordGenerator.GetRandomPassword(), pwdSalt);
#endregion
//Get User Information
//Create new User
var customUser = new CustomUser
{
SubjectId = fbTokenResponse.Id,
Email = string.IsNullOrEmpty(fbTokenResponse.Email)?"": fbTokenResponse.Email.ToLower(),
PasswordHash = Convert.ToBase64String(pwdHash),
PasswordSalt = Convert.ToBase64String(pwdSalt),
Provider = ProviderConstants.Facebook,
CreatedDate = DateTime.UtcNow,
LastUpdated = DateTime.UtcNow
};
_userStore.AddNewUser(customUser);
}
context.Result = new GrantValidationResult(fbTokenResponse.Id, ExternalGrantTypes.Facebok);
}
else
{
context.Result = new GrantValidationResult(OidcConstants.TokenErrors.InvalidRequest, null);
}
}
else
{
context.Result = new GrantValidationResult(OidcConstants.TokenErrors.InvalidRequest, null);
}
}
public async Task ValidateAsync(ExtensionGrantValidationContext context)
{
try
{
var idToken = context.Request.Raw.Get("id_token");
if (string.IsNullOrEmpty(idToken))
{
context.Result = new GrantValidationResult(OidcConstants.TokenErrors.InvalidRequest, null);
return;
}
//https://www.googleapis.com/auth/userinfo.profile scope is required to get user profile image for app team
// get user's identity
var client = new HttpClient();
var request = await client.GetAsync($"https://www.googleapis.com/oauth2/v3/tokeninfo?id_token={idToken}");
if (request.StatusCode == System.Net.HttpStatusCode.OK)
{
var responseData = await request.Content.ReadAsStringAsync();
var googleAuthResponse = TokenResponseDserializer.DserializeIdToken <GoogleAuthResponse>(responseData);
if (!string.Equals(googleAuthResponse.Iss, GoogleAuthConstants.Issuer, StringComparison.CurrentCultureIgnoreCase))
{
context.Result = new GrantValidationResult("Invalid Issuer.", null);
return;
}
//Make sure issuer client is valid
//if (googleAuthResponse.Azp != GoogleAuthConstants.ClinetId)
//{
// context.Result = new GrantValidationResult(OidcConstants.TokenErrors.UnauthorizedClient, null);
// return;
//}
var requestedUser = _userStore.FindByProviderAndEmail(ProviderConstants.Google, googleAuthResponse.Email);
if (requestedUser == null)
{
#region Password Hash and Salt
var pwdSalt = CryptoService.GenerateSalt();
var pwdHash = CryptoService.ComputeHash(PasswordGenerator.GetRandomPassword(), pwdSalt);
#endregion
//Create new User
var customUser = new CustomUser
{
SubjectId = googleAuthResponse.Sub,
Email = googleAuthResponse.Email.ToLower(),
PasswordHash = Convert.ToBase64String(pwdHash),
PasswordSalt = Convert.ToBase64String(pwdSalt),
Provider = ProviderConstants.Google,
CreatedDate = DateTime.UtcNow,
LastUpdated = DateTime.UtcNow
};
_userStore.AddNewUser(customUser);
}
context.Result = new GrantValidationResult(googleAuthResponse.Sub, ExternalGrantTypes.Google);
}
}
catch (Exception)
{
context.Result = new GrantValidationResult("Internal Server Error.", null);
}
}
