public async Task <AuthorizeResponse> CreateImplicitFlowResponseAsync(ValidatedAuthorizeRequest request, string authorizationCode = null) { _logger.LogDebug("Creating Implicit Flow response."); string accessTokenValue = null; int accessTokenLifetime = 0; var responseTypes = request.ResponseType.FromSpaceSeparatedString(); if (responseTypes.Contains(OidcConstants.ResponseTypes.Token)) { var tokenRequest = new TokenCreationRequest { Subject = request.Subject, Client = request.Client, Scopes = request.ValidatedScopes.GrantedScopes, ValidatedRequest = request }; var accessToken = await _tokenService.CreateAccessTokenAsync(tokenRequest); accessTokenLifetime = accessToken.Lifetime; accessTokenValue = await _tokenService.CreateSecurityTokenAsync(accessToken); } string jwt = null; if (responseTypes.Contains(OidcConstants.ResponseTypes.IdToken)) { var tokenRequest = new TokenCreationRequest { ValidatedRequest = request, Subject = request.Subject, Client = request.Client, Scopes = request.ValidatedScopes.GrantedScopes, Nonce = request.Raw.Get(OidcConstants.AuthorizeRequest.Nonce), IncludeAllIdentityClaims = !request.AccessTokenRequested, AccessTokenToHash = accessTokenValue, AuthorizationCodeToHash = authorizationCode }; var idToken = await _tokenService.CreateIdentityTokenAsync(tokenRequest); jwt = await _tokenService.CreateSecurityTokenAsync(idToken); } var response = new AuthorizeResponse { Request = request, AccessToken = accessTokenValue, AccessTokenLifetime = accessTokenLifetime, IdentityToken = jwt, SessionState = request.GenerateSessionStateValue() }; return(response); }
protected async Task <IEndpointResult> CreateErrorResultAsync( string logMessage, ValidatedAuthorizeRequest request = null, string error = OidcConstants.AuthorizeErrors.ServerError, string errorDescription = null, bool logError = true) { if (logError) { Logger.LogError(logMessage); } if (request != null) { var details = new AuthorizeRequestValidationLog(request); Logger.LogInformation("{@validationDetails}", details); } // TODO: should we raise a token failure event for all errors to the authorize endpoint? await RaiseFailureEventAsync(request, error, errorDescription); return(new AuthorizeResult(new AuthorizeResponse { Request = request, Error = error, ErrorDescription = errorDescription, SessionState = request?.GenerateSessionStateValue() })); }
public async Task <AuthorizeResponse> CreateCodeFlowResponseAsync(ValidatedAuthorizeRequest request) { _logger.LogDebug("Creating Authorization Code Flow response."); var code = await CreateCodeAsync(request); var response = new AuthorizeResponse { Request = request, Code = code, SessionState = request.GenerateSessionStateValue() }; return(response); }
/// <summary> /// Creates the response for a code flow request /// </summary> /// <param name="request"></param> /// <returns></returns> protected virtual async Task <AuthorizeResponse> CreateCodeFlowResponseAsync(ValidatedAuthorizeRequest request) { Logger.LogDebug("Creating Authorization Code Flow response."); var code = await CreateCodeAsync(request); var id = await AuthorizationCodeStore.StoreAuthorizationCodeAsync(code); var response = new AuthorizeResponse { Request = request, Code = id, SessionState = request.GenerateSessionStateValue() }; return(response); }
/// <summary> /// Creates the response for a implicit flow request /// </summary> /// <param name="request"></param> /// <param name="authorizationCode"></param> /// <returns></returns> protected virtual async Task <AuthorizeResponse> CreateImplicitFlowResponseAsync(ValidatedAuthorizeRequest request, string authorizationCode = null) { Logger.LogDebug("Creating Implicit Flow response."); string accessTokenValue = null; int accessTokenLifetime = 0; var responseTypes = request.ResponseType.FromSpaceSeparatedString(); if (responseTypes.Contains(OidcConstants.ResponseTypes.Token)) { var tokenRequest = new TokenCreationRequest { Subject = request.Subject, Resources = request.ValidatedScopes.GrantedResources, ValidatedRequest = request }; var accessToken = await TokenService.CreateAccessTokenAsync(tokenRequest); accessTokenLifetime = accessToken.Lifetime; accessTokenValue = await TokenService.CreateSecurityTokenAsync(accessToken); } string jwt = null; if (responseTypes.Contains(OidcConstants.ResponseTypes.IdToken)) { string stateHash = null; if (request.State.IsPresent()) { var credential = await KeyMaterialService.GetSigningCredentialsAsync(request.Client.AllowedIdentityTokenSigningAlgorithms); if (credential == null) { throw new InvalidOperationException("No signing credential is configured."); } var algorithm = credential.Algorithm; stateHash = CryptoHelper.CreateHashClaimValue(request.State, algorithm); } var tokenRequest = new TokenCreationRequest { ValidatedRequest = request, Subject = request.Subject, Resources = request.ValidatedScopes.GrantedResources, Nonce = request.Raw.Get(OidcConstants.AuthorizeRequest.Nonce), IncludeAllIdentityClaims = !request.AccessTokenRequested, AccessTokenToHash = accessTokenValue, AuthorizationCodeToHash = authorizationCode, StateHash = stateHash }; var idToken = await TokenService.CreateIdentityTokenAsync(tokenRequest); jwt = await TokenService.CreateSecurityTokenAsync(idToken); } var response = new AuthorizeResponse { Request = request, AccessToken = accessTokenValue, AccessTokenLifetime = accessTokenLifetime, IdentityToken = jwt, SessionState = request.GenerateSessionStateValue() }; return(response); }