public AuthCodeRequestData RequestAuthCode(AuthCodeRequest codeRequest)
{
var state = Guid.NewGuid().ToString("N");
var reqUrl =
$"{MsGraph.AuthorizationUrl}?client_id={codeRequest.Registration.ClientId}&response_type=code&redirect_uri={codeRequest.CallbackUrl.UrlEncode()}&domain_hint={codeRequest.UserName}&scope={BuildScopesFragment(codeRequest.Scopes)}&state={state}";
return(new AuthCodeRequestData
{
AuthCodeRequestUrl = reqUrl,
State = state
});
}
public AuthCodeRequestData RequestConsentCode(AuthCodeRequest codeRequest)
{
var state = Guid.NewGuid().ToString("N");
var reqUrl = MsGraph.GetConsentUrl(codeRequest.Upn, codeRequest.Registration.ClientId,
state, codeRequest.CallbackUrl.UrlEncode());
return(new AuthCodeRequestData
{
AuthCodeRequestUrl = reqUrl,
State = state
});
}
private object RequestCode(IServiceBase authService, Authenticate request, IAuthSession session,
AuthUserSession userSession, IAuthTokens tokens, ApplicationRegistration registration = null, bool isConsentRequest = false)
{
var appDirectory = GetDirectoryNameFromUsername(request.UserName ?? session.UserName);
if (string.IsNullOrWhiteSpace(session.UserName))
{
session.UserName = request.UserName;
}
if (registration == null)
{
var appRegistry = authService.TryResolve <IApplicationRegistryService>();
if (appRegistry == null)
{
throw new InvalidOperationException(
$"No {nameof(IApplicationRegistryService)} found registered in AppHost.");
}
registration = appRegistry.GetApplicationByDirectoryName(appDirectory);
if (registration == null)
{
throw new UnauthorizedAccessException($"Authorization for directory @{appDirectory} failed.");
}
}
var codeRequest = new AuthCodeRequest
{
CallbackUrl = CallbackUrl,
Registration = registration,
Scopes = Scopes,
UserName = request.UserName,
Upn = appDirectory
};
var codeRequestData = (isConsentRequest)
? _graphService.RequestConsentCode(codeRequest)
: _graphService.RequestAuthCode(codeRequest);
if (!tokens.Items.ContainsKey("ClientId"))
{
tokens.Items.Add("ClientId", registration.ClientId);
}
if (string.IsNullOrWhiteSpace(userSession.UserName))
{
userSession.UserName = request.UserName;
}
userSession.State = codeRequestData.State;
authService.SaveSession(session, SessionExpiry);
return(authService.Redirect(PreAuthUrlFilter(this, codeRequestData.AuthCodeRequestUrl)));
}
/// <summary>
/// Do authorization with the authorization code returned from server
/// </summary>
/// <param name="authCode">The authorization code returned from server</param>
/// <param name="redirectUri">The same redirectUri when you were obtaining the authCode in previous step</param>
public async Task <TokenInfo> Authorize(string authCode, string redirectUri)
{
var url = server.AppendPathSegment("/restapi/oauth/token");
var client = url.WithBasicAuth(clientId, clientSecret);
var requestBody = new AuthCodeRequest
{
grant_type = "authorization_code",
redirect_uri = redirectUri,
code = authCode,
access_token_ttl = access_token_ttl,
refresh_token_ttl = refresh_token_ttl
};
token = await client.PostUrlEncodedAsync(requestBody).ReceiveJson <TokenInfo>();
return(token);
}
public AuthCodeRequestData RequestAuthCode(AuthCodeRequest codeRequest)
{
// RequestAuthCode
return(new MicrosoftGraphService().RequestAuthCode(codeRequest));
}
public AuthCodeRequestData RequestAuthCode(AuthCodeRequest codeRequest)
{
// RequestAuthCode
return(new AzureGraphService().RequestAuthCode(codeRequest));
}
