public async Task ValidateIdgwCallBackAsync(DIAuthorizationRequest request, string?code, string?error, string?error_description)
{
if (!string.IsNullOrEmpty(error))
{
var diAuthorizationRequest = await AggregatorContext.QueryAsync(ctx => ctx.DIAuthorizationRequests.FirstAsync(r => r.StateNew == request.StateNew));
diAuthorizationRequest !.Error = error;
diAuthorizationRequest !.ErrorDescription = error_description;
diAuthorizationRequest !.ErrorAt = DateTimeOffset.Now;
await AggregatorContext.SaveAsync(ctx => ctx.DIAuthorizationRequests !.Update(diAuthorizationRequest));
throw new UnifiedException(OAuth2ErrorDetails.GetError(error), error_description);
}
if (string.IsNullOrEmpty(code))
{
var diAuthorizationRequest = await AggregatorContext.QueryAsync(ctx => ctx.DIAuthorizationRequests.FirstAsync(r => r.StateNew == request.StateNew));
diAuthorizationRequest !.Error = "Empty parameter code";
diAuthorizationRequest !.ErrorDescription = "Empty parameter code";
diAuthorizationRequest !.ErrorAt = DateTimeOffset.Now;
await AggregatorContext.SaveAsync(ctx => ctx.DIAuthorizationRequests !.Update(diAuthorizationRequest));
throw new UnifiedException(OAuth2Error.ServerError, "Empty parameter code");
}
}
public async Task <Result> AuthorizeAndGetDiscoDetailsAsync(string clientId, string request)
{
var serviceProvider = await AggregatorContext.QueryAsync(ctx => ctx.ServiceProviders
.Include(p => p.AllowedNotificationUris)
.Include(p => p.Discoveries).ThenInclude(d => d.DiscoveryService)
.FirstOrDefaultAsync(p => p.ClientIdOnAggregator == clientId));
if (serviceProvider == null)
{
throw new UnifiedException(OAuth2Error.UnauthorizedClient, GetInvalidDescription(OpenIdConnectParameterNames.ClientId));
}
var jwksString = serviceProvider.UseStoredJwksValue
? serviceProvider.JwksValue
: await cacheAccessor.GetOrCreateAsync(
$"{GetType()}:{nameof(AuthorizeAndGetDiscoDetailsAsync)}:{serviceProvider.Id}",
serviceProvider.JwksCachingInSeconds !.Value,
() => httpClient.GetStringAsync(serviceProvider.JwksUri));
if (!JwtSignatureValidator.Validate(request, jwksString !, out var claims))
{
throw new UnifiedException(OAuth2Error.UnauthorizedClient, "Token validation failed");
}
claims !.TryGetValue(MobileConnectParameterNames.NotificationUri, out var value2);
if (!serviceProvider.AllowedNotificationUris !.Any(u => u.Value == (claims !.TryGetValue(MobileConnectParameterNames.NotificationUri, out var value) ? (string?)value : null)))
{
throw new UnifiedException(OAuth2Error.UnauthorizedClient, GetInvalidDescription(MobileConnectParameterNames.Request));
}
var disco = serviceProvider.Discoveries !.First(d => d.IsEnabled);
return(new(disco.DiscoveryService !.Uri !, disco.ClientIdOnDiscovery !, disco.ClientSecretOnDiscovery !, disco.RedirectUri !));
}
static public async Task <DiscoverySettings> GetSettingsByClientId(string clientId)
{
var serviceProvider = await AggregatorContext.QueryAsync(ctx => ctx.ServiceProviders
.Include(p => p.AllowedNotificationUris)
.Include(p => p.Discoveries).ThenInclude(d => d.DiscoveryService)
.FirstOrDefaultAsync(p => p.ClientIdOnAggregator == clientId));
if (serviceProvider == null)
{
throw new UnifiedException(OAuth2Error.UnauthorizedClient, GetInvalidDescription(OpenIdConnectParameterNames.ClientId));
}
var disco = serviceProvider.Discoveries !.First(d => d.IsEnabled);
return(new DiscoverySettings(disco.DiscoveryService !.Uri !, disco.ClientIdOnDiscovery !, disco.ClientSecretOnDiscovery !, disco.RedirectUri !));
}
private async Task UpdateDIAuthStateInDBAsync(DIAuthorizationRequest newAuthState, string id, IdType idType)
{
DIAuthorizationRequest diAuthorizationRequest;
if (idType == IdType.StateId)
{
diAuthorizationRequest = await AggregatorContext.QueryAsync(ctx => ctx.DIAuthorizationRequests.FirstAsync(r => r.StateNew == id));
}
else if (idType == IdType.Dcid)
{
diAuthorizationRequest = await AggregatorContext.QueryAsync(ctx => ctx.DIAuthorizationRequests.FirstAsync(r => r.Dcid == id));
}
else if (idType == IdType.Code)
{
diAuthorizationRequest = await AggregatorContext.QueryAsync(ctx => ctx.DIAuthorizationRequests.FirstAsync(r => r.Code == id));
}
else
{
throw new Exception("Id type is wrong ");
}
diAuthorizationRequest = newAuthState;
await AggregatorContext.SaveAsync(ctx => ctx.DIAuthorizationRequests !.Update(diAuthorizationRequest));
}