/// <summary>Refresh Tokenを使用してAccess Tokenを更新</summary>
/// <param name="tokenEndpointUri">tokenEndpointUri</param>
/// <param name="client_id">client_id</param>
/// <param name="client_secret">client_secret</param>
/// <param name="refreshToken">refreshToken</param>
/// <returns>結果のJSON文字列</returns>
public static async Task <string> UpdateAccessTokenByRefreshTokenAsync(
Uri tokenEndpointUri, string client_id, string client_secret, string refreshToken)
{
// 6. アクセストークンの更新
// http://openid-foundation-japan.github.io/rfc6749.ja.html#token-refresh
// 通信用の変数
HttpRequestMessage httpRequestMessage = null;
HttpResponseMessage httpResponseMessage = null;
// HttpRequestMessage (Method & RequestUri)
httpRequestMessage = new HttpRequestMessage
{
Method = HttpMethod.Post,
RequestUri = tokenEndpointUri,
};
// HttpRequestMessage (Headers & Content)
httpRequestMessage.Headers.Authorization =
AuthenticationHeader.CreateBasicAuthenticationHeaderValue(client_id, client_secret);
httpRequestMessage.Content = new FormUrlEncodedContent(
new Dictionary <string, string>
{
{ OAuth2AndOIDCConst.grant_type, OAuth2AndOIDCConst.RefreshTokenGrantType },
{ OAuth2AndOIDCConst.RefreshToken, refreshToken },
});
// HttpResponseMessage
httpResponseMessage = await OAuth2AndOIDCClient._HttpClient.SendAsync(httpRequestMessage).ConfigureAwait(false);
return(await httpResponseMessage.Content.ReadAsStringAsync().ConfigureAwait(false));
}
/// <summary>
/// Client Credentials Grant
/// </summary>
/// <param name="tokenEndpointUri">TokenエンドポイントのUri</param>
/// <param name="client_id">string</param>
/// <param name="client_secret">string</param>
/// <param name="scopes">string</param>
/// <returns>結果のJSON文字列</returns>
public static async Task <string> ClientCredentialsGrantAsync(
Uri tokenEndpointUri, string client_id, string client_secret, string scopes)
{
// 通信用の変数
HttpRequestMessage httpRequestMessage = null;
HttpResponseMessage httpResponseMessage = null;
// HttpRequestMessage (Method & RequestUri)
httpRequestMessage = new HttpRequestMessage
{
Method = HttpMethod.Post,
RequestUri = tokenEndpointUri,
};
// HttpRequestMessage (Headers & Content)
httpRequestMessage.Headers.Authorization =
AuthenticationHeader.CreateBasicAuthenticationHeaderValue(client_id, client_secret);
httpRequestMessage.Content = new FormUrlEncodedContent(
new Dictionary <string, string>
{
{ OAuth2AndOIDCConst.grant_type, OAuth2AndOIDCConst.ClientCredentialsGrantType },
{ OAuth2AndOIDCConst.scope, scopes },
});
// HttpResponseMessage
httpResponseMessage = await OAuth2AndOIDCClient._HttpClient.SendAsync(httpRequestMessage).ConfigureAwait(false);
return(await httpResponseMessage.Content.ReadAsStringAsync().ConfigureAwait(false));
}
/// <summary>
/// Resource Owner Password Credentials Grant
/// </summary>
/// <param name="tokenEndpointUri">TokenエンドポイントのUri</param>
/// <param name="client_id">client_id</param>
/// <param name="client_secret">client_secret</param>
/// <param name="userId">userId</param>
/// <param name="password">password</param>
/// <param name="scopes">scopes</param>
/// <returns>結果のJSON文字列</returns>
public static async Task <string> ResourceOwnerPasswordCredentialsGrantAsync(
Uri tokenEndpointUri, string client_id, string client_secret, string userId, string password, string scopes)
{
// 4.1.3. アクセストークンリクエスト
// http://openid-foundation-japan.github.io/rfc6749.ja.html#token-req
// 通信用の変数
HttpRequestMessage httpRequestMessage = null;
HttpResponseMessage httpResponseMessage = null;
// HttpRequestMessage (Method & RequestUri)
httpRequestMessage = new HttpRequestMessage
{
Method = HttpMethod.Post,
RequestUri = tokenEndpointUri,
};
// HttpRequestMessage (Headers & Content)
httpRequestMessage.Headers.Authorization =
AuthenticationHeader.CreateBasicAuthenticationHeaderValue(client_id, client_secret);
httpRequestMessage.Content = new FormUrlEncodedContent(
new Dictionary <string, string>
{
{ OAuth2AndOIDCConst.grant_type, OAuth2AndOIDCConst.ResourceOwnerPasswordCredentialsGrantType },
{ "username", userId },
{ "password", password },
{ OAuth2AndOIDCConst.scope, scopes },
});
// HttpResponseMessage
httpResponseMessage = await OAuth2AndOIDCClient._HttpClient.SendAsync(httpRequestMessage).ConfigureAwait(false);
return(await httpResponseMessage.Content.ReadAsStringAsync().ConfigureAwait(false));
}
/// <summary>Introspectエンドポイントで、Tokenを無効化する。</summary>
/// <param name="introspectTokenEndpointUri">IntrospectエンドポイントのUri</param>
/// <param name="client_id">client_id</param>
/// <param name="client_secret">client_secret</param>
/// <param name="token">token</param>
/// <param name="token_type_hint">token_type_hint</param>
/// <returns>結果のJSON文字列</returns>
public static async Task <string> IntrospectTokenAsync(
Uri introspectTokenEndpointUri, string client_id, string client_secret, string token, string token_type_hint)
{
// 通信用の変数
HttpRequestMessage httpRequestMessage = null;
HttpResponseMessage httpResponseMessage = null;
// HttpRequestMessage (Method & RequestUri)
httpRequestMessage = new HttpRequestMessage
{
Method = HttpMethod.Post,
RequestUri = introspectTokenEndpointUri,
};
// HttpRequestMessage (Headers & Content)
httpRequestMessage.Headers.Authorization =
AuthenticationHeader.CreateBasicAuthenticationHeaderValue(client_id, client_secret);
httpRequestMessage.Content = new FormUrlEncodedContent(
new Dictionary <string, string>
{
{ OAuth2AndOIDCConst.token, token },
{ OAuth2AndOIDCConst.token_type_hint, token_type_hint },
});
// HttpResponseMessage
httpResponseMessage = await OAuth2AndOIDCClient._HttpClient.SendAsync(httpRequestMessage).ConfigureAwait(false);
return(await httpResponseMessage.Content.ReadAsStringAsync().ConfigureAwait(false));
}
/// <summary>Revokeエンドポイントで、Tokenを無効化する。</summary>
/// <param name="revokeTokenEndpointUri">RevokeエンドポイントのUri</param>
/// <param name="client_id">client_id</param>
/// <param name="client_secret">client_secret</param>
/// <param name="token">token</param>
/// <param name="token_type_hint">token_type_hint</param>
/// <param name="authMethod">OAuth2AndOIDCEnum.AuthMethods</param>
/// <returns>結果のJSON文字列</returns>
public static async Task <string> RevokeTokenAsync(
Uri revokeTokenEndpointUri, string client_id, string client_secret, string token, string token_type_hint,
OAuth2AndOIDCEnum.AuthMethods authMethod = OAuth2AndOIDCEnum.AuthMethods.client_secret_basic)
{
// 通信用の変数
HttpRequestMessage httpRequestMessage = null;
HttpResponseMessage httpResponseMessage = null;
// HttpRequestMessage (Method & RequestUri)
httpRequestMessage = new HttpRequestMessage
{
Method = HttpMethod.Post,
RequestUri = revokeTokenEndpointUri,
};
if (authMethod == OAuth2AndOIDCEnum.AuthMethods.client_secret_basic)
{
// HttpRequestMessage (Headers & Content)
httpRequestMessage.Headers.Authorization =
AuthenticationHeader.CreateBasicAuthenticationHeaderValue(client_id, client_secret);
httpRequestMessage.Content = new FormUrlEncodedContent(
new Dictionary <string, string>
{
{ OAuth2AndOIDCConst.token, token },
{ OAuth2AndOIDCConst.token_type_hint, token_type_hint },
});
}
else if (authMethod == OAuth2AndOIDCEnum.AuthMethods.client_secret_post)
{
// HttpRequestMessage (Content)
httpRequestMessage.Content = new FormUrlEncodedContent(
new Dictionary <string, string>
{
{ OAuth2AndOIDCConst.client_id, client_id },
{ OAuth2AndOIDCConst.client_secret, client_secret },
{ OAuth2AndOIDCConst.token, token },
{ OAuth2AndOIDCConst.token_type_hint, token_type_hint },
});
}
else
{
throw new ArgumentException(
PublicExceptionMessage.ARGUMENT_INCORRECT, "authMethod");
}
// HttpResponseMessage
httpResponseMessage = await OAuth2AndOIDCClient._HttpClient.SendAsync(httpRequestMessage).ConfigureAwait(false);
return(await httpResponseMessage.Content.ReadAsStringAsync().ConfigureAwait(false));
}
/// <summary>GetCredentials(Bearer)</summary>
/// <param name="authHeader">string</param>
/// <param name="bearerToken">string</param>
/// <returns>bool</returns>
public static bool GetCredentials(string authHeader, out string bearerToken)
{
bearerToken = "";
string[] credentials = null;
if (AuthenticationHeader.GetCredentials(authHeader, out credentials) == OAuth2AndOIDCConst.Bearer)
{
if (credentials.Length == 1)
{
bearerToken = credentials[0];
return(true);
}
}
return(false);
}
/// <summary>FAPI CIBAのTokenリクエスト</summary>
/// <param name="tokenEndpointUri">Uri</param>
/// <param name="client_id">client_id</param>
/// <param name="client_secret">client_secret</param>
/// <param name="auth_req_id">string</param>
/// <param name="authMethod">OAuth2AndOIDCEnum.AuthMethods</param>
/// <returns>結果のJSON文字列</returns>
public static async Task <string> GetAccessTokenByCibaAsync(
Uri tokenEndpointUri, string client_id, string client_secret, string auth_req_id,
OAuth2AndOIDCEnum.AuthMethods authMethod = OAuth2AndOIDCEnum.AuthMethods.client_secret_basic)
{
// 通信用の変数
HttpRequestMessage httpRequestMessage = null;
HttpResponseMessage httpResponseMessage = null;
// HttpRequestMessage (Method & RequestUri)
httpRequestMessage = new HttpRequestMessage
{
Method = HttpMethod.Post,
RequestUri = tokenEndpointUri,
};
// body
Dictionary <string, string> body = new Dictionary <string, string>
{
{ OAuth2AndOIDCConst.grant_type, OAuth2AndOIDCConst.CibaGrantType },
{ "auth_req_id", auth_req_id }
};
// 認証情報の付加
if (authMethod == OAuth2AndOIDCEnum.AuthMethods.client_secret_basic)
{
httpRequestMessage.Headers.Authorization
= AuthenticationHeader.CreateBasicAuthenticationHeaderValue(client_id, client_secret);
}
else if (authMethod == OAuth2AndOIDCEnum.AuthMethods.client_secret_post)
{
body.Add(OAuth2AndOIDCConst.client_id, client_id);
body.Add(OAuth2AndOIDCConst.client_secret, client_secret);
}
else
{
throw new ArgumentException(
PublicExceptionMessage.ARGUMENT_INCORRECT, "authMethod");
}
httpRequestMessage.Content = new FormUrlEncodedContent(body);
// HttpResponseMessage
httpResponseMessage = await OAuth2AndOIDCClient._HttpClient.SendAsync(httpRequestMessage).ConfigureAwait(false);
return(await httpResponseMessage.Content.ReadAsStringAsync().ConfigureAwait(false));
}
/// <summary>認可したユーザのClaim情報を取得するWebAPIを呼び出す</summary>
/// <param name="userInfoEndpointUri">Uri</param>
/// <param name="accessToken">accessToken</param>
/// <returns>結果のJSON文字列(認可したユーザのClaim情報)</returns>
public static async Task <string> GetUserInfoAsync(Uri userInfoEndpointUri, string accessToken)
{
// 通信用の変数
HttpRequestMessage httpRequestMessage = null;
HttpResponseMessage httpResponseMessage = null;
// HttpRequestMessage (Method & RequestUri)
httpRequestMessage = new HttpRequestMessage
{
Method = HttpMethod.Get,
RequestUri = userInfoEndpointUri,
};
// HttpRequestMessage (Headers)
httpRequestMessage.Headers.Authorization = AuthenticationHeader.CreateBearerAuthenticationHeaderValue(accessToken);
// HttpResponseMessage
httpResponseMessage = await OAuth2AndOIDCClient._HttpClient.SendAsync(httpRequestMessage).ConfigureAwait(false);
return(await httpResponseMessage.Content.ReadAsStringAsync().ConfigureAwait(false));
}
/// <summary>GetCredentials(Basic)</summary>
/// <param name="authHeader">string</param>
/// <param name="client_id">string</param>
/// <param name="client_secret">string</param>
/// <returns>bool</returns>
public static bool GetCredentials(string authHeader, out string client_id, out string client_secret)
{
client_id = "";
client_secret = "";
string[] credentials = null;
if (AuthenticationHeader.GetCredentials(authHeader, out credentials) == OAuth2AndOIDCConst.Basic)
{
// Length == 1 の ケースもサポート
if (credentials.Length == 1)
{
client_id = credentials[0];
return(true);
}
else if (credentials.Length == 2)
{
client_id = credentials[0];
client_secret = credentials[1];
return(true);
}
}
return(false);
}
/// <summary>
/// code, etc. からAccess Tokenを取得する。
/// </summary>
/// <param name="tokenEndpointUri">TokenエンドポイントのUri</param>
/// <param name="client_id">client_id</param>
/// <param name="client_secret">client_secret</param>
/// <param name="redirect_uri">redirect_uri</param>
/// <param name="code">code</param>
/// <param name="code_verifier">code_verifier</param>
/// <param name="assertion">assertion</param>
/// <param name="authMethod">OAuth2AndOIDCEnum.AuthMethods</param>
/// <returns>結果のJSON文字列</returns>
private static async Task <string> GetAccessTokenByCodeAsync(Uri tokenEndpointUri,
string client_id, string client_secret, string redirect_uri,
string code, string code_verifier, string assertion,
OAuth2AndOIDCEnum.AuthMethods authMethod = OAuth2AndOIDCEnum.AuthMethods.client_secret_basic)
{
// 4.1.3. アクセストークンリクエスト
// http://openid-foundation-japan.github.io/rfc6749.ja.html#token-req
// 通信用の変数
HttpRequestMessage httpRequestMessage = null;
HttpResponseMessage httpResponseMessage = null;
// HttpRequestMessage (Method & RequestUri)
httpRequestMessage = new HttpRequestMessage
{
Method = HttpMethod.Post,
RequestUri = tokenEndpointUri,
};
if (string.IsNullOrEmpty(code_verifier) && string.IsNullOrEmpty(assertion))
{
// 通常のアクセストークン・リクエスト
Dictionary <string, string> body = new Dictionary <string, string>
{
{ OAuth2AndOIDCConst.grant_type, OAuth2AndOIDCConst.AuthorizationCodeGrantType },
{ OAuth2AndOIDCConst.code, code },
{ OAuth2AndOIDCConst.redirect_uri, HttpUtility.HtmlEncode(redirect_uri) },
};
// 認証情報の付加
if (authMethod == OAuth2AndOIDCEnum.AuthMethods.client_secret_basic)
{
httpRequestMessage.Headers.Authorization
= AuthenticationHeader.CreateBasicAuthenticationHeaderValue(client_id, client_secret);
}
else if (authMethod == OAuth2AndOIDCEnum.AuthMethods.client_secret_post)
{
body.Add(OAuth2AndOIDCConst.client_id, client_id);
body.Add(OAuth2AndOIDCConst.client_secret, client_secret);
}
else
{
throw new ArgumentException(
PublicExceptionMessage.ARGUMENT_INCORRECT, "authMethod");
}
httpRequestMessage.Content = new FormUrlEncodedContent(body);
}
else if (!string.IsNullOrEmpty(code_verifier) &&
authMethod == OAuth2AndOIDCEnum.AuthMethods.client_secret_post)
{
// OAuth PKCEのアクセストークン・リクエスト
httpRequestMessage.Content = new FormUrlEncodedContent(
new Dictionary <string, string>
{
{ OAuth2AndOIDCConst.grant_type, OAuth2AndOIDCConst.AuthorizationCodeGrantType },
{ OAuth2AndOIDCConst.code, code },
{ OAuth2AndOIDCConst.client_id, client_id },
{ OAuth2AndOIDCConst.code_verifier, code_verifier },
{ OAuth2AndOIDCConst.redirect_uri, HttpUtility.HtmlEncode(redirect_uri) },
});
}
else if (!string.IsNullOrEmpty(assertion) &&
authMethod == OAuth2AndOIDCEnum.AuthMethods.private_key_jwt)
{
// FAPI1のアクセストークン・リクエスト
httpRequestMessage.Content = new FormUrlEncodedContent(
new Dictionary <string, string>
{
{ OAuth2AndOIDCConst.grant_type, OAuth2AndOIDCConst.AuthorizationCodeGrantType },
{ OAuth2AndOIDCConst.code, code },
{ OAuth2AndOIDCConst.assertion, assertion },
{ OAuth2AndOIDCConst.redirect_uri, HttpUtility.HtmlEncode(redirect_uri) },
});
}
else
{
throw new ArgumentException(
PublicExceptionMessage.ARGUMENT_INCORRECT, "code_verifier, assertion, authMethod");
}
// HttpResponseMessage
httpResponseMessage = await OAuth2AndOIDCClient._HttpClient.SendAsync(httpRequestMessage).ConfigureAwait(false);
return(await httpResponseMessage.Content.ReadAsStringAsync().ConfigureAwait(false));
}
/// <summary>
/// code, etc. からAccess Tokenを取得する。
/// </summary>
/// <param name="tokenEndpointUri">TokenエンドポイントのUri</param>
/// <param name="client_id">client_id</param>
/// <param name="client_secret">client_secret</param>
/// <param name="redirect_uri">redirect_uri</param>
/// <param name="code">code</param>
/// <param name="code_verifier">code_verifier</param>
/// <param name="assertion">assertion</param>
/// <returns>結果のJSON文字列</returns>
private static async Task <string> GetAccessTokenByCodeAsync(
Uri tokenEndpointUri, string client_id, string client_secret, string redirect_uri,
string code, string code_verifier, string assertion)
{
// 4.1.3. アクセストークンリクエスト
// http://openid-foundation-japan.github.io/rfc6749.ja.html#token-req
// 通信用の変数
HttpRequestMessage httpRequestMessage = null;
HttpResponseMessage httpResponseMessage = null;
// HttpRequestMessage (Method & RequestUri)
httpRequestMessage = new HttpRequestMessage
{
Method = HttpMethod.Post,
RequestUri = tokenEndpointUri,
};
// HttpRequestMessage (Headers & Content)
httpRequestMessage.Headers.Authorization =
AuthenticationHeader.CreateBasicAuthenticationHeaderValue(client_id, client_secret);
if (string.IsNullOrEmpty(code_verifier) && string.IsNullOrEmpty(assertion))
{
// 通常のアクセストークン・リクエスト
httpRequestMessage.Content = new FormUrlEncodedContent(
new Dictionary <string, string>
{
{ OAuth2AndOIDCConst.grant_type, OAuth2AndOIDCConst.AuthorizationCodeGrantType },
{ OAuth2AndOIDCConst.code, code },
{ OAuth2AndOIDCConst.redirect_uri, HttpUtility.HtmlEncode(redirect_uri) },
});
}
else if (!string.IsNullOrEmpty(code_verifier))
{
// OAuth PKCEのアクセストークン・リクエスト
httpRequestMessage.Content = new FormUrlEncodedContent(
new Dictionary <string, string>
{
{ OAuth2AndOIDCConst.grant_type, OAuth2AndOIDCConst.AuthorizationCodeGrantType },
{ OAuth2AndOIDCConst.code, code },
{ OAuth2AndOIDCConst.code_verifier, code_verifier },
{ OAuth2AndOIDCConst.redirect_uri, HttpUtility.HtmlEncode(redirect_uri) },
});
}
else if (!string.IsNullOrEmpty(assertion))
{
// FAPI1のアクセストークン・リクエスト
httpRequestMessage.Content = new FormUrlEncodedContent(
new Dictionary <string, string>
{
{ OAuth2AndOIDCConst.grant_type, OAuth2AndOIDCConst.AuthorizationCodeGrantType },
{ OAuth2AndOIDCConst.code, code },
{ OAuth2AndOIDCConst.assertion, assertion },
{ OAuth2AndOIDCConst.redirect_uri, HttpUtility.HtmlEncode(redirect_uri) },
});
}
// HttpResponseMessage
httpResponseMessage = await OAuth2AndOIDCClient._HttpClient.SendAsync(httpRequestMessage).ConfigureAwait(false);
return(await httpResponseMessage.Content.ReadAsStringAsync().ConfigureAwait(false));
}