public async Task AuthenticateUser()
{
var state = Guid.NewGuid().ToString();
var nonce = Guid.NewGuid().ToString();
await accessTokenSem.WaitAsync();
try
{
var webAuthenticationResult =
await WebAuthenticationBroker.AuthenticateAsync(WebAuthenticationOptions.None,
new Uri($"{authorizationUrl}/connect/authorize?client_id={clientId}&scope={scopes} openid offline_access&response_type=code id_token&" +
$"redirect_uri={redirectUri}&state={state}&nonce={nonce}"),
new Uri(redirectUri));
if (webAuthenticationResult.ResponseStatus == WebAuthenticationStatus.Success)
{
var data = webAuthenticationResult.ResponseData;
var parms = new WwwFormUrlDecoder(new Uri(data.Replace("#", "?")).Query);
if (state != parms.Where(p => p.Name == "state").Single().Value)
{
throw new UnauthorizedException("State differs");
}
var code = parms.Where(p => p.Name == "code").Single().Value;
var client = new System.Net.Http.HttpClient();
var dict = new Dictionary <string, string>();
dict.Add("client_id", clientId);
dict.Add("client_secret", clientSecret);
dict.Add("grant_type", "authorization_code");
dict.Add("code", code);
dict.Add("redirect_uri", redirectUri);
var res = await client.PostAsync($"{authorizationUrl}/connect/token", new FormUrlEncodedContent(dict));
if (res.IsSuccessStatusCode)
{
var str = await res.Content.ReadAsStringAsync();
var token = JsonConvert.DeserializeObject <TokenResponse>(str);
var tokens = new StoredTokens()
{
AccessToken = token.access_token,
RefreshToken = token.refresh_token,
AccessTokenExpires = DateTime.Now.AddSeconds(token.expires_in)
};
await tokenStorage.Store(tokens);
}
else
{
throw new UnauthorizedException("Could not redeem refresh token.");
}
}
else
{
throw new UnauthorizedException("Browser authentication was not successful");
}
}
finally
{
accessTokenSem.Release();
}
}
public async Task Store(StoredTokens tokens)
{
StorageFolder localFolder = ApplicationData.Current.LocalFolder;
StorageFile tokenFile = await localFolder.CreateFileAsync($"{name}Tokens.json",
CreationCollisionOption.ReplaceExisting);
await FileIO.WriteTextAsync(tokenFile, JsonConvert.SerializeObject(tokens));
}
private async Task <string> GetAccessToken()
{
await accessTokenSem.WaitAsync();
var tokens = await tokenStorage.Get();
if (!tokens.Expired)
{
accessTokenSem.Release();
return(tokens.AccessToken);
}
else if (tokens.HasRefreshToken)
{
try
{
var dict = new Dictionary <string, string>
{
{ "client_id", clientId },
{ "client_secret", clientSecret },
{ "grant_type", "refresh_token" },
{ "refresh_token", tokens.RefreshToken }
};
var res = await new System.Net.Http.HttpClient().PostAsync($"{authorizationUrl}/connect/token",
new FormUrlEncodedContent(dict));
if (res.IsSuccessStatusCode)
{
var str = await res.Content.ReadAsStringAsync();
var token = JsonConvert.DeserializeObject <TokenResponse>(str);
tokens = new StoredTokens()
{
AccessToken = token.access_token,
RefreshToken = token.refresh_token,
AccessTokenExpires = DateTime.Now.AddSeconds(token.expires_in)
};
await tokenStorage.Store(tokens);
return(tokens.AccessToken);
}
else
{
throw new UnauthorizedException("Could not redeem refresh token.");
}
}
finally
{
accessTokenSem.Release();
}
}
else
{
accessTokenSem.Release();
throw new UnauthorizedException("No valid access or refresh token configured.");
}
}