public ID_Claim getEntry(string IdPSessionSecret, string client_id)
{
AuthorizationCodeEntry entry = Dictionary[IdPSessionSecret][client_id];
Contract.Assume(entry.GetType() == typeof(AuthorizationCodeEntry));
return(entry);
}
internal override AuthorizationCodeEntry createAuthorizationCodeEntry(AuthorizationRequest req)
{
AuthorizationCodeEntry entry = Nondet.AuthorizationCodeEntry();
entry.redirect_uri = req.redirect_uri;
entry.scope = req.scope;
entry.state = req.state;
return(entry);
}
public bool setEntry(string IdPSessionSecret, string client_id, _ID_Claim Entry)
{
AuthorizationCodeEntry AuthorizationCodeEntry = (AuthorizationCodeEntry)Entry;
if (AuthorizationCodeEntry == null)
{
return(false);
}
Dictionary[IdPSessionSecret] = new Dictionary <string, AuthorizationCodeEntry>();
Dictionary[IdPSessionSecret][client_id] = AuthorizationCodeEntry;
return(true);
}
public string findISSByClientIDAndCode(string client_id, string authorization_code)
{
string IdPSessinSecret = Nondet.String();
AuthorizationCodeEntry entry = (AuthorizationCodeEntry)getEntry(IdPSessinSecret, client_id);
Contract.Assume(entry.code == authorization_code);
/*This is an assumption implicitly in the definition of the notion of "code lookup" and "AuthReq redirection"*/
Contract.Assume(IdPSessinSecret == GlobalObjects_base.SignInIdP_Req.IdPSessionSecret &&
client_id == GlobalObjects_base.SignInIdP_Req.Realm &&
client_id == GlobalObjects_base.RP.Realm);
/*********************************************************************************/
return(IdPSessinSecret);
}
public TokenResponse TokenEndpoint(TokenRequest req)
{
IDTokenAndAccessTokenEntry IDTokenAndAccessTokenEntry;
TokenResponse resp = new TokenResponse();
CST_Ops.recordme(this, req, resp, false, false);
string IdPSessionSecret;
if (req == null)
{
return(null);
}
switch (req.grant_type)
{
case "authorization_code":
IdPSessionSecret = AuthorizationCodeRecs.findISSByClientIDAndCode(req.client_id /*, req.UserID*/, req.code);
if (IdPSessionSecret == null)
{
return(null);
}
AuthorizationCodeEntry AuthCodeEntry = (AuthorizationCodeEntry)AuthorizationCodeRecs.getEntry(IdPSessionSecret, req.client_id);
if (AuthCodeEntry.Redir_dest != req.redirect_uri)
{
return(null);
}
IDTokenAndAccessTokenEntry = (IDTokenAndAccessTokenEntry)createAccessTokenEntry(AuthCodeEntry.redirect_uri, AuthCodeEntry.scope, AuthCodeEntry.state);
if (IDTokenAndAccessTokenRecs.setEntry(req.access_token, req.client_id, AuthCodeEntry.UserID, IDTokenAndAccessTokenEntry) == false)
{
return(null);
}
resp.access_token = IDTokenAndAccessTokenEntry.access_token;
resp.refresh_token = IDTokenAndAccessTokenEntry.refresh_token;
resp.scope = IDTokenAndAccessTokenEntry.scope;
resp.id_token = IDTokenAndAccessTokenEntry.id_token;
resp.id_token.Claims.UserId = AuthCodeEntry.UserID;
return(resp);
}
return(null);
}
