public async Task <string> GetBearerTokenAsync(string scopes)
{
try
{
var httpContext = _appApplicationServices.GetService <IHttpContextAccessor>().HttpContext;
var cache = httpContext.RequestServices.GetService <TokenCacheBase>();
var context = _configuration.ConfidentialClientApplication(cache, null);
var user = (await context.GetAccountsAsync()).FirstOrDefault();
if (user == null)
{
throw new ServerException(new ErrorDetail
{
Message = "Invalid token cache"
}, HttpStatusCode.Unauthorized);
}
var token = await context.AcquireTokenSilent(scopes.Split(' '), user).ExecuteAsync();
return(token.CreateAuthorizationHeader());
}
catch (Exception ex)
{
_appApplicationServices.GetService <ILogger <TokenProvider> >().LogError(ex, ex.Message);
return(null);
}
}
private static async Task ExchangeAuthCodeWithToken(AuthorizationCodeReceivedNotification notification, TokenProviderConfiguration configuration)
{
HttpContext.Current.User = new ClaimsPrincipal(notification.AuthenticationTicket.Identity);
var c = HttpContext.Current;
var cache = CacheFactoryFunc().Invoke();
var context = configuration.ConfidentialClientApplication(cache, _debugLogger);
var user = await context.AcquireTokenByAuthorizationCode(new[] { configuration.Scope }, notification.Code)
.ExecuteAsync();
HttpContext.Current = c;
}
private async Task OnAuthorizationCodeReceived(AuthorizationCodeReceivedContext arg, TokenProviderConfiguration configuration, Func <AuthorizationCodeReceivedContext, Task> handler)
{
_logger?.Message("Auth code received...");
var timer = Stopwatch.StartNew();
try
{
arg.HttpContext.User = arg.Principal;
if (IsMfaRequired(arg, configuration) && !arg.Principal.Claims.Any(c => c.Type == "mfa_required" && c.Value == "true"))
{
throw new UnauthorizedAccessException("MFA required");
}
var cache = arg.HttpContext.RequestServices.GetService <TokenCacheBase>();
var context = configuration.ConfidentialClientApplication(cache, s => { _logger?.Message(s); });
var user = await context.AcquireTokenByAuthorizationCode(new[] { configuration.Scope }, arg.ProtocolMessage.Code).ExecuteAsync();
_logger?.Message($"exchanging code with access token took: {timer.ElapsedMilliseconds}ms");
var policyValidator = arg.HttpContext.RequestServices.GetService <IPolicyValidation>();
try
{
if (policyValidator != null)
{
var timer2 = Stopwatch.StartNew();
var policy = await ValidatePolicies(configuration, policyValidator, arg.ProtocolMessage.RedirectUri ?? configuration.PolicyRedirectUrl ?? configuration.RedirectUrl);
timer2.Stop();
_logger?.Message($"Policy check took {timer2.ElapsedMilliseconds}ms. ");
if (policy.AllPoliciesValid)
{
_logger?.Message("Policies validated!");
AdditionalAuthCodeHandling?.Invoke(arg);
}
else
{
_logger?.Message("Not all policies is valid, redirecting to Veracity");
arg.Response.Redirect(policy.RedirectUrl); //Getting the redirect url from the error message.
arg.HandleResponse();
}
}
else
{
AdditionalAuthCodeHandling?.Invoke(arg);
}
}
catch (AggregateException aex)
{
var e = aex.InnerException as ServerException;
if (e != null)
{
HandleServerException(arg, e);
}
}
catch (ServerException ex)
{
HandleServerException(arg, ex);
}
}
catch (Exception ex)
{
ex.Log();
}
timer.Stop();
_logger?.Message($"Total on code received took {timer.ElapsedMilliseconds}ms. ");
await handler(arg);
}
