private async Task <IEnumerable <string> > GetProviderFilterForClientAsync(SignInMessage message) { IEnumerable <string> filter = null; if (!String.IsNullOrWhiteSpace(message.ClientId)) { var client = await _clientStore.FindClientByIdAsync(message.ClientId); if (client == null) { throw new InvalidOperationException("Invalid client: " + message.ClientId); } filter = client.IdentityProviderRestrictions ?? filter; } filter = filter ?? Enumerable.Empty <string>(); return(filter); }
public virtual async Task <System.IO.Stream> Login(LoginViewModel model, SignInMessage message) { var client = await _clientStore.FindClientByIdAsync(message.ClientId); var name = client?.ClientName; return(await Render(model, "login", name)); }
public override object ReadJson(JsonReader reader, Type objectType, object existingValue, JsonSerializer serializer) { var source = serializer.Deserialize <ClientModel>(reader); var client = _clientStore.FindClientByIdAsync(source.ClientId).GetAwaiter().GetResult(); return(client); }
public async Task Invalid_GrantType_For_Client() { var client = await _clients.FindClientByIdAsync("client"); var validator = Factory.CreateTokenValidator(); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, "assertionType"); parameters.Add(Constants.TokenRequest.Assertion, "assertion"); parameters.Add(Constants.TokenRequest.Scope, "resource"); var result = await validator.ValidateRequestAsync(parameters, client); Assert.IsTrue(result.IsError); Assert.AreEqual(Constants.TokenErrors.UnauthorizedClient, result.Error); }
/// <summary> /// Gets the currently running client app to put it's name in the login page /// </summary> /// <param name="model"></param> /// <param name="message"></param> /// <returns></returns> public async Task <Stream> Login(LoginViewModel model, SignInMessage message) { var client = await clientStore.FindClientByIdAsync(message.ClientId); var name = client != null ? client.ClientName : null; return(await Render(model, "login", name)); }
public virtual async Task <System.IO.Stream> Login(IDictionary <string, object> env, LoginViewModel model, SignInMessage message) { var client = await clientStore.FindClientByIdAsync(message.ClientId); var name = client != null ? client.ClientName : null; return(await Render(model, "login", name)); }
public async Task <IActionResult> Callback() { // read external identity from the temporary cookie var result = await HttpContext.AuthenticateAsync(IdentityServer4.IdentityServerConstants.ExternalCookieAuthenticationScheme); if (result?.Succeeded != true) { throw new Exception("External authentication error"); } // lookup our user and external provider info var(user, provider, providerUserId, claims) = FindUserFromExternalProvider(result); if (user == null) { // this might be where you might initiate a custom workflow for user registration // in this sample we don't show how that would be done, as our sample implementation // simply auto-provisions new external user user = AutoProvisionUser(provider, providerUserId, claims); } // this allows us to collect any additonal claims or properties // for the specific prtotocols used and store them in the local auth cookie. // this is typically used to store data needed for signout from those protocols. var additionalLocalClaims = new List <Claim>(); var localSignInProps = new AuthenticationProperties(); ProcessLoginCallbackForOidc(result, additionalLocalClaims, localSignInProps); ProcessLoginCallbackForWsFed(result, additionalLocalClaims, localSignInProps); ProcessLoginCallbackForSaml2p(result, additionalLocalClaims, localSignInProps); // issue authentication cookie for user await _events.RaiseAsync(new UserLoginSuccessEvent(provider, providerUserId, user.SubjectId, user.Username)); await HttpContext.SignInAsync(user.SubjectId, user.Username, provider, localSignInProps, additionalLocalClaims.ToArray()); // delete temporary cookie used during external authentication await HttpContext.SignOutAsync(IdentityServer4.IdentityServerConstants.ExternalCookieAuthenticationScheme); // retrieve return URL var returnUrl = result.Properties.Items["returnUrl"] ?? "~/"; // check if external login is in the context of an OIDC request var context = await _interaction.GetAuthorizationContextAsync(returnUrl); if (context != null) { if (await _clientStore.FindClientByIdAsync(context.ClientId) != null) { // if the client is PKCE then we assume it's native, so this change in how to // return the response is for better UX for the end user. return(View("Redirect", new RedirectViewModel { RedirectUrl = returnUrl })); } } return(Redirect(returnUrl)); }
public async Task Non_existing_RefreshToken() { var store = new InMemoryRefreshTokenStore(); var client = await _clients.FindClientByIdAsync("roclient"); var validator = Factory.CreateTokenValidator( refreshTokens: store); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, "refresh_token"); parameters.Add(Constants.TokenRequest.RefreshToken, "nonexistent"); var result = await validator.ValidateRequestAsync(parameters, client); Assert.IsTrue(result.IsError); Assert.AreEqual(Constants.TokenErrors.InvalidGrant, result.Error); }
/// <summary> /// Finds a client by id /// </summary> /// <param name="clientId">The client id</param> /// <returns> /// The client /// </returns> public async Task <Client> FindClientByIdAsync(string clientId) { var client = await _cache.GetAsync(clientId, _options.Caching.ClientStoreExpiration, async() => await _inner.FindClientByIdAsync(clientId), _logger); return(client); }
/// <summary> /// Finds a client by id /// </summary> /// <param name="clientId">The client id</param> /// <returns> /// The client /// </returns> public async Task <Client> FindClientByIdAsync(string clientId) { var key = $"{_scopedTenantRequestContext.Context.TenantName}.{clientId}"; var client = await _cache.GetAsync(key, _options.Caching.ClientStoreExpiration, () => _inner.FindClientByIdAsync(clientId), _logger); return(client); }
public virtual async Task <System.IO.Stream> Login(LoginViewModel model, SignInMessage message) { var client = await clientStore.FindClientByIdAsync(message.ClientId); var name = client != null ? client.ClientName : null; //model.Custom = new { customMessage = "Hello World!" }; model.Custom = message.Tenant; return(await Render(model, "login", name)); }
/// <summary> /// Custom validation logic for access tokens. /// </summary> /// <param name="result">The validation result so far.</param> /// <returns> /// The validation result /// </returns> public virtual async Task <TokenValidationResult> ValidateAccessTokenAsync(TokenValidationResult result) { if (result.IsError) { return(result); } // make sure user is still active (if sub claim is present) var subClaim = result.Claims.FirstOrDefault(c => c.Type == Constants.ClaimTypes.Subject); if (subClaim != null) { var principal = Principal.Create("tokenvalidator", result.Claims.ToArray()); if (result.ReferenceTokenId.IsPresent()) { principal.Identities.First().AddClaim(new Claim(Constants.ClaimTypes.ReferenceTokenId, result.ReferenceTokenId)); } var isActiveCtx = new IsActiveContext(principal, result.Client); await _users.IsActiveAsync(isActiveCtx); if (isActiveCtx.IsActive == false) { Logger.Warn("User marked as not active: " + subClaim.Value); result.IsError = true; result.Error = Constants.ProtectedResourceErrors.InvalidToken; result.Claims = null; return(result); } } // make sure client is still active (if client_id claim is present) var clientClaim = result.Claims.FirstOrDefault(c => c.Type == Constants.ClaimTypes.ClientId); if (clientClaim != null) { var client = await _clients.FindClientByIdAsync(clientClaim.Value); if (client == null || client.Enabled == false) { Logger.Warn("Client deleted or disabled: " + clientClaim.Value); result.IsError = true; result.Error = Constants.ProtectedResourceErrors.InvalidToken; result.Claims = null; return(result); } } return(result); }
public async Task <IActionResult> Index() { List <Client> clients = _dbContext.Clients.AsNoTracking().ToList(); List <IdentityServer4.Models.Client> auxList = new List <IdentityServer4.Models.Client>(); foreach (var item in clients) { var client = await _clientStore.FindClientByIdAsync(item.ClientId); auxList.Add(client); } BaseListViewModel <ClientViewModel> vm = new BaseListViewModel <ClientViewModel>() { Data = _mapper.Map <List <ClientViewModel> >(auxList) }; return(View(vm)); }
public async Task <IActionResult> Login([FromBody] LoginViewModel viewModel) { if (viewModel == null) { return(StatusCode(400)); } if (string.IsNullOrEmpty(viewModel.PassWord) || string.IsNullOrEmpty(viewModel.UserName)) { return(StatusCode(400)); } if (!string.IsNullOrEmpty(viewModel.returnUri)) { AuthorizationRequest authorizationRequest = await _IdentityInteractionServce.GetAuthorizationContextAsync(viewModel.returnUri); if (authorizationRequest == null) { return(Json(new { state = "401", Message = "参数错误" })); } if (await _ClientStore.FindClientByIdAsync(authorizationRequest.ClientId) == null) { return(Json(new { state = "401", Message = "参数错误" })); } forum.DAL.Entity.User user = null; //try //{ user = _user.GetAccount(viewModel.UserName, MD5Helper.GetMD5(viewModel.PassWord)); //} //catch(ArgumentException ) //{ // return Json(new { state = "401", Message = "账号或密码为空" }); //} //catch(Exception ex) //{ // return Json(new { state = "500", Message = "出现错误,请重新刷新页面" }); //} if (user != null) { Claim[] claims = new Claim[] { new Claim(ClaimTypes.Name, user.Nickname), new Claim(ClaimTypes.OtherPhone, user.Phone), new Claim(ClaimTypes.PrimarySid, user.ID) }; await HttpContext.SignInAsync(viewModel.UserName, claims); return(Json(new { state = "302", location = viewModel.returnUri })); } return(Json(new { state = "401", Message = "账号或密码错误" })); } return(View()); }
/// <summary> /// Finds a client by id /// </summary> /// <param name="clientId">The client id</param> /// <returns> /// The client /// </returns> public async Task <Client> FindClientByIdAsync(string clientId) { using var activity = Tracing.StoreActivitySource.StartActivity("CachingClientStore.FindClientById"); activity?.SetTag(Tracing.Properties.ClientId, clientId); var client = await _cache.GetOrAddAsync(clientId, _options.Caching.ClientStoreExpiration, async() => await _inner.FindClientByIdAsync(clientId)); return(client); }
public async Task <IActionResult> Get(string clientId) { IdentityServer4.Models.Client client = await _clientStore.FindClientByIdAsync(clientId); if (client == null) { return(NotFound()); } return(Ok(client.Properties)); }
public async Task <Client> FindEnabledClientByIdAsync(string clientId) { var client = await clientStore.FindClientByIdAsync(clientId); if (client != null && client.Enabled == true) { return(client); } return(null); }
public async Task <IActionResult> Suspend([FromForm] string clientId) { var client = await _clients.FindClientByIdAsync(clientId); client.AllowedScopes.Remove("openactive-openbooking"); await _events.RaiseAsync(new GrantsRevokedEvent(User.GetSubjectId(), clientId)); await BookingPartnerTable.UpdateScope(clientId, "openid profile openactive-ordersfeed", true); return(Redirect("/booking-partners/seller-admin")); }
/// <summary> /// Finds the enabled client by identifier. /// </summary> /// <param name="store">The store.</param> /// <param name="clientId">The client identifier.</param> /// <returns></returns> public static async Task <Client> FindEnabledClientByIdAsync(this IClientStore store, string clientId) { var client = await store.FindClientByIdAsync(clientId); if (client != null && client.Enabled) { return(client); } return(null); }
public async Task <ClientSecretValidationResult> ValidateAsync() { Logger.Debug("Start client validation"); var fail = new ClientSecretValidationResult { IsError = true }; var parsedSecret = await _parser.ParseAsync(_environment.Environment); if (parsedSecret == null) { await RaiseFailureEvent("unknown", "No client id or secret found"); Logger.Info("No client secret found"); return(fail); } // load client var client = await _clients.FindClientByIdAsync(parsedSecret.Id); if (client == null) { await RaiseFailureEvent(parsedSecret.Id, "Unknown client"); Logger.Info("No client with that id found. aborting"); return(fail); } var result = await _validator.ValidateAsync(parsedSecret, client.ClientSecrets); if (result.Success) { Logger.Info("Client validation success"); var success = new ClientSecretValidationResult { IsError = false, Client = client }; await RaiseSuccessEvent(client.ClientId); return(success); } await RaiseFailureEvent(client.ClientId, "Invalid client secret"); Logger.Info("Client validation failed."); return(fail); }
public async Task <ClientSecretValidationResult> ValidateAsync(HttpContext context) { _logger.LogTrace("Start client validation"); var fail = new ClientSecretValidationResult { IsError = true }; var parsedSecret = await _parser.ParseAsync(context); if (parsedSecret == null) { await RaiseFailureEvent("unknown", "No client id or secret found"); _logger.LogInformation("No client secret found"); return(fail); } // load client var client = await _clients.FindClientByIdAsync(parsedSecret.Id); if (client == null) { await RaiseFailureEvent(parsedSecret.Id, "Unknown client"); _logger.LogInformation("No client with that id found. aborting"); return(fail); } var result = await _validator.ValidateAsync(parsedSecret, client.ClientSecrets); if (result.Success) { _logger.LogInformation("Client validation success"); var success = new ClientSecretValidationResult { IsError = false, Client = client }; await RaiseSuccessEvent(client.ClientId); return(success); } await RaiseFailureEvent(client.ClientId, "Invalid client secret"); _logger.LogWarning("Client validation failed client {clientId}.", client.ClientId); return(fail); }
public virtual async Task <System.IO.Stream> Login(LoginViewModel model, SignInMessage message) { var client = await clientStore.FindClientByIdAsync(message.ClientId); var name = client != null ? client.ClientName : null; // return await Render(model, "login", name); model.ClientName = name; var stream = StringToStream(RazorExtensions.RenderCustomView("login", "home", model)); return(stream); }
public WsFederationSigninValidatorTests() { var goodClient = new Client() { ProtocolType = IdentityServerConstants.ProtocolTypes.WsFederation, RedirectUris = new List <string> { "http://wreply" } }; _clientStore.FindClientByIdAsync("http://wtrealm").Returns(goodClient); var noWsFedClient = new Client() { RedirectUris = new List <string> { "http://wreply" } }; _clientStore.FindClientByIdAsync("http://noWsFedSupport").Returns(noWsFedClient); }
/// <summary> /// Gets the client permissions asynchronous. /// </summary> /// <param name="subject">The subject identifier.</param> /// <returns> /// A list of client permissions /// </returns> /// <exception cref="System.ArgumentNullException">subject</exception> public virtual async Task <IEnumerable <ClientPermission> > GetClientPermissionsAsync(string subject) { if (String.IsNullOrWhiteSpace(subject)) { throw new ArgumentNullException("subject"); } var consents = await this.permissionsStore.LoadAllAsync(subject); var scopesNeeded = consents.Select(x => x.Scopes).SelectMany(x => x).Distinct(); var scopes = await scopeStore.FindScopesAsync(scopesNeeded); var list = new List <ClientPermission>(); foreach (var consent in consents) { var client = await clientStore.FindClientByIdAsync(consent.ClientId); if (client != null) { var identityScopes = from s in scopes where s.Type == ScopeType.Identity && consent.Scopes.Contains(s.Name) select new ClientPermissionDescription { DisplayName = s.DisplayName ?? localizationService.GetScopeDisplayName(s.Name), Description = s.Description ?? localizationService.GetScopeDescription(s.Name) }; var resourceScopes = from s in scopes where s.Type == ScopeType.Resource && consent.Scopes.Contains(s.Name) select new ClientPermissionDescription { DisplayName = s.DisplayName ?? localizationService.GetScopeDisplayName(s.Name), Description = s.Description ?? localizationService.GetScopeDescription(s.Name) }; list.Add(new ClientPermission { ClientId = client.ClientId, ClientName = client.ClientName, ClientUrl = client.ClientUri, ClientLogoUrl = client.LogoUri, IdentityPermissions = identityScopes, ResourcePermissions = resourceScopes }); } } return(list); }
public void FetchCompleteClient() { IClientStore store = Fixture.GetService <IClientStore>(); Client client = CreateClient(); Client result = store.FindClientByIdAsync(client.ClientId).Result; Assert.Null(result); Provider.AddClientAsync(client).Wait(); Dictionary <string, string> argProps = new Dictionary <string, string>() { { "prop1", "aaa" }, { "prop2", "bbb" } }; List <Secret> argsSecret = new List <Secret>() { CreateSecret(), CreateSecret() }; List <Claim> argsClaim = new List <Claim>() { new Claim("claim1", "val1"), new Claim("claim2", "val2") }; result = store.FindClientByIdAsync(client.ClientId).Result; Assert.NotNull(result); Assert.Equal(new List <Claim>(), result.Claims); Provider.SetClientPropsAsync(result, argProps).Wait(); Provider.SetClientSecretsAsync(result, argsSecret).Wait(); Provider.SetClientClaimsAsync(result, argsClaim).Wait(); result = store.FindClientByIdAsync(client.ClientId).Result; Assert.NotNull(result); Assert.Equal(argsClaim.Select(p => new Tuple <string, string>(p.Type, p.Value)), result.Claims.Select(p => new Tuple <string, string>(p.Type, p.Value))); Assert.Equal(argsSecret, result.ClientSecrets); Assert.Equal(argProps, result.Properties); }
public void CanCreateAndUpdateAndDeleteClient() { IClientStore store = Fixture.GetService <IClientStore>(); Client client = CreateClient(); Client result = store.FindClientByIdAsync(client.ClientId).Result; Assert.Null(result); Provider.AddClientAsync(client).Wait(); result = store.FindClientByIdAsync(client.ClientId).Result; Assert.NotNull(result); Assert.Equal(new string[] { "aaa", "bbb" }, result.RedirectUris); Assert.Equal("test", result.ClientName); Assert.Equal(AccessTokenType.Reference, result.AccessTokenType); result.ClientName = "test2"; result.RedirectUris.Add("ccc"); result.RedirectUris.Remove("bbb"); Provider.UpdateClientAsync(result).Wait(); result = store.FindClientByIdAsync(client.ClientId).Result; Assert.NotNull(result); Assert.Equal(new string[] { "aaa", "ccc" }, result.RedirectUris); Assert.Equal("test2", result.ClientName); List <Client> results = Provider.GetAllClientsAsync().Result.ToList(); Assert.Equal(1, results.Count); Assert.Equal(result.ClientId, results.First().ClientId); Provider.RemoveClientAsync(result).Wait(); result = store.FindClientByIdAsync(client.ClientId).Result; Assert.Null(result); }
public async Task OnGetAsync(string id) { if (String.IsNullOrEmpty(id)) { ModelState.AddModelError("", "Emtpy ID."); } CurrentClient = await _clientStore.FindClientByIdAsync(id); if (CurrentClient == null) { ModelState.AddModelError("", "Could not find the requested client"); } }
public virtual AuthorizationCode Read(BinaryReader reader) { if (reader == null) { throw new ArgumentNullException(nameof(reader)); } var code = new AuthorizationCode { IsOpenId = reader.ReadBoolean(), RedirectUri = reader.ReadString(), Nonce = reader.ReadString(), WasConsentShown = reader.ReadBoolean(), SessionId = reader.ReadString(), CreationTime = DateTimeOffset.FromUnixTimeMilliseconds(reader.ReadInt64()), }; // get the client var clientId = reader.ReadString(); code.Client = _clientStore.FindClientByIdAsync(clientId).Result; // Read the number of identities stored // in the serialized payload. var count = reader.ReadInt32(); if (count > 0) { var identities = new ClaimsIdentity[count]; for (var index = 0; index != count; ++index) { identities[index] = ReadIdentity(reader); } code.Subject = new ClaimsPrincipal(identities); } var scopeCount = reader.ReadInt32(); if (scopeCount > 0) { var scopeNames = new List <string>(scopeCount); for (var index = 0; index != scopeCount; ++index) { scopeNames.Add(reader.ReadString()); } code.RequestedScopes = _scopeStore.FindScopesAsync(scopeNames).Result; } return(code); }
internal static async Task<Token> FromDbFormat(StoredToken token, IClientStore clientStore) { return new Token { Audience = token.Audience, Client = await clientStore.FindClientByIdAsync(token.Client), Type = token.Type, CreationTime = token.CreationTime, Issuer = token.Issuer, Lifetime = token.Lifetime, Version = token.Version, Claims = (from c in token.Claims select Data.StoredClientClaim.FromDbFormat(c)).ToList() }; }
public async Task Invalid_GrantType_For_Client() { var client = await _clients.FindClientByIdAsync("roclient"); var validator = Factory.CreateTokenRequestValidator(); var parameters = new NameValueCollection(); parameters.Add(Constants.TokenRequest.GrantType, Constants.GrantTypes.ClientCredentials); parameters.Add(Constants.TokenRequest.Scope, "resource"); var result = await validator.ValidateRequestAsync(parameters, client); result.IsError.Should().BeTrue(); result.Error.Should().Be(Constants.TokenErrors.UnauthorizedClient); }
public async Task <IActionResult> Login(string returnUrl = "/") { var context = await _interaction.GetAuthorizationContextAsync(returnUrl); if (context != null) { var client = await _clientStore.FindClientByIdAsync(context.ClientId); if (!client.EnableLocalLogin) { return(await ExternalLogin("EDevlet", returnUrl)); } } if (!_ipAddressValidator.IsIpAddressInternal()) { return(await ExternalLogin("EDevlet", returnUrl)); } return(View(new LoginModel() { ReturnUrl = System.Net.WebUtility.UrlEncode(returnUrl), IsLocalContext = context == null })); }
private static async Task<AuthorizationCode> Version1( BsonDocument doc, IClientStore clientStore, IScopeStore scopeStore) { var code = new AuthorizationCode(); code.CreationTime = doc.GetValueOrDefault("creationTime", code.CreationTime); code.IsOpenId = doc.GetValueOrDefault("isOpenId", code.IsOpenId); code.RedirectUri = doc.GetValueOrDefault("redirectUri", code.RedirectUri); code.WasConsentShown = doc.GetValueOrDefault("wasConsentShown", code.WasConsentShown); code.Nonce = doc.GetValueOrDefault("nonce", code.Nonce); var claimsPrincipal = new ClaimsPrincipal(); IEnumerable<ClaimsIdentity> identities = doc.GetValueOrDefault("subject", sub => { string authenticationType = sub.GetValueOrDefault("authenticationType", (string)null); var claims = sub.GetNestedValueOrDefault("claimSet", ClaimSetSerializer.Deserialize, new Claim[] { }); ClaimsIdentity identity = authenticationType == null ? new ClaimsIdentity(claims) : new ClaimsIdentity(claims, authenticationType); return identity; }, new ClaimsIdentity[] { }); claimsPrincipal.AddIdentities(identities); code.Subject = claimsPrincipal; var clientId = doc["_clientId"].AsString; code.Client = await clientStore.FindClientByIdAsync(clientId); if (code.Client == null) { throw new InvalidOperationException("Client not found when deserializing authorization code. Client id: " + clientId); } var scopes = doc.GetValueOrDefault( "requestedScopes", (IEnumerable<string>)new string[] { }).ToArray(); code.RequestedScopes = await scopeStore.FindScopesAsync(scopes); if (scopes.Count() > code.RequestedScopes.Count()) { throw new InvalidOperationException("Scopes not found when deserializing authorization code. Scopes: " + string.Join(", ",scopes.Except(code.RequestedScopes.Select(x=>x.Name)))); } return code; }