// GetDevAuthCode gets an authorization code
public HttpRequest <AuthCodeResponse> GetDevAuthCode(string accessToken, string orgId, string codeVerifier)
{
// Allow user JWT complete access to their own organization
var queryParams = new Dictionary <string, string>
{
["client_id"] = k_ClientId,
["response_type"] = "code",
["format"] = "json",
["access_token"] = accessToken,
["prompt"] = "none",
["scope"] = "roles/userauth.admin orgs/" + orgId + " upid/none",
["code_challenge_method"] = "s256"
};
using (var sha256 = SHA256.Create())
{
var bytes = sha256.ComputeHash(Encoding.UTF8.GetBytes(codeVerifier));
var codeChallenge = UnityPlayerIdentityUtility.Base64EncodeUrlSafe(bytes);
queryParams["code_challenge"] = codeChallenge;
}
var data = UnityPlayerIdentityUtility.UrlEncode(queryParams);
var webReq = RequestForm(UnityWebRequest.kHttpVerbPOST, "/v1/oauth2/authorize", null, data);
return(new HttpRequest <AuthCodeResponse>(webReq, ParseJsonResponse <AuthCodeResponse>, null));
}
private string GenerateCodeChallenge()
{
m_State.codeVerifier = UnityPlayerIdentityUtility.RandomBase64String(36);
using (var sha256 = SHA256.Create())
{
byte[] bytes = sha256.ComputeHash(Encoding.UTF8.GetBytes(m_State.codeVerifier));
return(UnityPlayerIdentityUtility.Base64EncodeUrlSafe(bytes));
}
}
// ListIDDomains lists all available ID domains owned by the organization
public HttpRequest <ListIDDomainResponse> ListIDDomains(string orgId)
{
var queryParams = new Dictionary <string, string>();
queryParams["org_id"] = orgId;
queryParams["desc"] = "true";
var data = UnityPlayerIdentityUtility.UrlEncode(queryParams);
var webReq = RequestJson(UnityWebRequest.kHttpVerbGET, "/iddomains?" + data, m_Headers, null);
return(new HttpRequest <ListIDDomainResponse>(webReq, ParseJsonResponse <ListIDDomainResponse>, null));
}
public bool NeedRefreshAccessTokenAync()
{
if (!string.IsNullOrEmpty(this.accessToken))
{
JWTStandardClaims claims = UnityPlayerIdentityUtility.DecodeJWT <JWTStandardClaims>(m_State.accessToken);
DateTime expireDateTime = ConvertFromUnixEpochSeconds((claims.exp * 1000).ToString());
if (expireDateTime - DateTime.UtcNow < TimeSpan.FromMinutes(5))
{
return(true);
}
}
return(false);
}
// GetDevToken gets an access token
public HttpRequest <TokenResponse> GetDevToken(string authCode, string codeVerifier)
{
var queryParams = new Dictionary <string, string>
{
["client_id"] = k_ClientId,
["grant_type"] = "authorization_code",
["code"] = authCode,
["code_verifier"] = codeVerifier,
["redirect_uri"] = "launcher://playerid"
};
var data = UnityPlayerIdentityUtility.UrlEncode(queryParams);
var webReq = RequestForm(UnityWebRequest.kHttpVerbPOST, "/v1/oauth2/token", null, data);
return(new HttpRequest <TokenResponse>(webReq, ParseJsonResponse <TokenResponse>, null));
}
public HttpRequest <TokenResponse> GetToken(TokenRequest request)
{
var formBody = UnityPlayerIdentityUtility.UrlEncode(new Dictionary <string, string>
{
{ "grant_type", request.grant_type },
{ "code", request.code },
{ "redirect_uri", request.redirect_uri },
{ "scope", request.scope },
{ "client_id", request.client_id },
{ "client_secret", request.client_secret },
{ "refresh_token", request.refresh_token },
{ "code_verifier", request.code_verifier },
});
var webReq = RequestForm(UnityWebRequest.kHttpVerbPOST, "/oauth2/token", null, formBody);
return(new HttpRequest <TokenResponse>(webReq, ParseJsonResponse <TokenResponse>, request));
}
private void SaveOAuthTokenResponse(TokenResponse response, Callback callback)
{
var decodedToken = UnityPlayerIdentityUtility.DecodeJWT <IDToken>(response.id_token);
var result = new IdentityCallbackArgs
{
userInfo = ExtractUserInfo(decodedToken),
accessToken = response.access_token,
subsystem = this,
};
m_State.refreshToken = response.refresh_token;
m_State.accessToken = response.access_token;
PersistTokens();
// Force update user info by calling GetUser
GetUser(result.userInfo.userId, callback);
}
public HttpRequest <AuthorizeResponse> Authorize(AuthorizeRequest request)
{
var parameters = UnityPlayerIdentityUtility.UrlEncode(new Dictionary <string, string>
{
{ "response_type", request.response_type },
{ "client_id", request.client_id },
{ "redirect_uri", request.redirect_uri },
{ "scope", request.scope },
{ "state", request.state },
{ "nonce", request.nonce },
{ "prompt", request.prompt },
{ "id_token", request.id_token },
{ "code_challenge", request.code_challenge },
{ "code_challenge_method", request.code_challenge_method },
});
var webReq = RequestForm(UnityWebRequest.kHttpVerbPOST, "/oauth2/auth", null, parameters);
return(new HttpRequest <AuthorizeResponse>(webReq, ParseOAuthRedirectResponse, request));
}
private void Authorize(Callback callback)
{
var authRequest = m_Client.Authorize(new AuthorizeRequest
{
client_id = settings.OAuthClientId,
scope = SanitizeScope(settings.OAuthScopes + " platform/" + Application.platform),
id_token = m_State.authnIdToken,
response_type = "code",
state = UnityPlayerIdentityUtility.RandomBase64String(8),
nonce = UnityPlayerIdentityUtility.RandomBase64String(8),
code_challenge = GenerateCodeChallenge(),
code_challenge_method = "S256",
});
var result = authRequest.Send();
result.completed += authOp =>
{
var authResp = authRequest.HandleResponse();
if (authResp.error != null)
{
SendErrorCallback(authResp.error, callback);
return;
}
// Call token endpoint
var tokenRequest = m_Client.GetToken(new TokenRequest
{
client_id = settings.OAuthClientId,
grant_type = "authorization_code",
code = authResp.result.code,
code_verifier = m_State.codeVerifier
});
var tokenResult = tokenRequest.Send();
tokenResult.completed += tokenOp => {
HandleOAuthTokenResponse(tokenRequest, callback);
};
};
}
private HttpRequest <AuthorizeResponse> .ParsedResult ParseOAuthRedirectResponse(UnityWebRequest request, string text, object requestType)
{
if (request.responseCode == 302)
{
var headers = request.GetResponseHeaders();
if (!headers.ContainsKey("location"))
{
return(new HttpRequest <AuthorizeResponse> .ParsedResult
{
error = new Error
{
errorClass = ErrorClass.ApiError,
type = "UNEXPECTED_RESPONSE",
message = request.responseCode.ToString() + ": location header 没有返回",
}
});
}
var location = headers["location"];
Utils.Logger.Info("Location: " + location);
int index = location.IndexOf('?');
if (index == -1)
{
return(new HttpRequest <AuthorizeResponse> .ParsedResult
{
error = new Error
{
errorClass = ErrorClass.ApiError,
type = "UNEXPECTED_RESPONSE",
message = request.responseCode.ToString() + ": location header 没有相应参数",
}
});
}
var qs = location.Substring(index + 1);
var queryParams = UnityPlayerIdentityUtility.ParseQueryString(qs);
var response = new AuthorizeResponse
{
state = queryParams["state"],
code = queryParams["code"],
scope = queryParams["scope"],
};
Error error = null;
if (queryParams["error"] != null)
{
response.error = queryParams["error"];
response.error_description = queryParams["error_description"];
error = response.GetError(null);
}
return(new HttpRequest <AuthorizeResponse> .ParsedResult
{
error = error,
result = response
});
}
else
{
return(new HttpRequest <AuthorizeResponse> .ParsedResult
{
error = new Error
{
errorClass = ErrorClass.ApiError,
type = "UNEXPECTED_RESPONSE",
message = request.responseCode.ToString() + ": OAuth redirect response 意外响应码",
}
});
}
}
