public async ValueTask <UserJwtV2> Implicit_GrantV2(ImplicitV2 model) { var response = await Endpoints.Implicit_AuthV2(model); if (response.IsSuccessStatusCode) { return(await response.Content.ReadAsAsync <UserJwtV2>().ConfigureAwait(false)); } throw new HttpRequestException(response.RequestMessage.ToString(), new Exception(response.ToString())); }
public async ValueTask <HttpResponseMessage> Implicit_AuthV2(ImplicitV2 model) { string content = "?issuer=" + HttpUtility.UrlEncode(model.issuer) + "&client=" + HttpUtility.UrlEncode(model.client) + "&grant_type=" + model.grant_type + "&user="******"&redirect_uri=" + HttpUtility.UrlEncode(model.redirect_uri) + "&response_type=" + model.response_type + "&scope=" + HttpUtility.UrlEncode(model.scope) + "&state=" + HttpUtility.UrlEncode(model.state); return(await _http.GetAsync("oauth2/v2/ig" + content)); }
public IActionResult ImplicitV2_Grant([FromQuery] ImplicitV2 input) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } //clean out cruft from encoding... input.issuer = HttpUtility.UrlDecode(input.issuer); input.client = HttpUtility.UrlDecode(input.client); input.user = HttpUtility.UrlDecode(input.user); input.redirect_uri = HttpUtility.UrlDecode(input.redirect_uri); input.scope = HttpUtility.UrlDecode(input.scope); input.state = HttpUtility.UrlDecode(input.state); Guid issuerID; tbl_Issuer issuer; //check if identifier is guid. resolve to guid if not. if (Guid.TryParse(input.issuer, out issuerID)) { issuer = uow.Issuers.Get(x => x.Id == issuerID).SingleOrDefault(); } else { issuer = uow.Issuers.Get(x => x.Name == input.issuer).SingleOrDefault(); } if (issuer == null) { ModelState.AddModelError(MessageType.IssuerNotFound.ToString(), $"Issuer:{input.issuer}"); return(NotFound(ModelState)); } Guid audienceID; tbl_Audience audience; //check if identifier is guid. resolve to guid if not. if (Guid.TryParse(input.client, out audienceID)) { audience = uow.Audiences.Get(x => x.Id == audienceID, x => x.Include(u => u.tbl_Urls)).SingleOrDefault(); } else { audience = uow.Audiences.Get(x => x.Name == input.client, x => x.Include(u => u.tbl_Urls)).SingleOrDefault(); } if (audience == null) { ModelState.AddModelError(MessageType.AudienceNotFound.ToString(), $"Audience:{input.client}"); return(NotFound(ModelState)); } Guid userID; tbl_User user; //check if identifier is guid. resolve to guid if not. if (Guid.TryParse(input.user, out userID)) { user = uow.Users.Get(x => x.Id == userID).SingleOrDefault(); } else { user = uow.Users.Get(x => x.UserName == input.user).SingleOrDefault(); } if (user == null) { ModelState.AddModelError(MessageType.UserNotFound.ToString(), $"User:{input.user}"); return(NotFound(ModelState)); } //check that user is confirmed... //check that user is not locked... else if (uow.Users.IsLockedOut(user) || !user.EmailConfirmed || !user.PasswordConfirmed) { ModelState.AddModelError(MessageType.UserInvalid.ToString(), $"User:{user.Id}"); return(BadRequest(ModelState)); } //check if state is valid... var state = uow.States.Get(x => x.StateValue == input.state && x.StateType == ConsumerType.User.ToString() && x.ValidFromUtc <DateTime.UtcNow && x.ValidToUtc> DateTime.UtcNow).SingleOrDefault(); if (state == null || state.StateConsume == true || state.UserId != user.Id) { uow.AuthActivity.Create( map.Map <tbl_AuthActivity>(new AuthActivityV1() { UserId = user.Id, LoginType = GrantFlowType.ImplicitV2.ToString(), LoginOutcome = GrantFlowResultType.Failure.ToString(), })); uow.Commit(); ModelState.AddModelError(MessageType.StateInvalid.ToString(), $"User state:{input.state}"); return(BadRequest(ModelState)); } var redirect = new Uri(input.redirect_uri); //check if there is redirect url defined for client. if not then use base url for identity ui. if (audience.tbl_Urls.Any(x => x.UrlHost == null && x.UrlPath == redirect.AbsolutePath)) { redirect = new Uri(string.Format("{0}{1}{2}", conf["IdentityMeUrls:BaseUiUrl"], conf["IdentityMeUrls:BaseUiPath"], "/implicit-callback")); } else if (audience.tbl_Urls.Any(x => new Uri(x.UrlHost + x.UrlPath).AbsoluteUri == redirect.AbsoluteUri)) { } else { ModelState.AddModelError(MessageType.UriInvalid.ToString(), $"Uri:{input.redirect_uri}"); return(BadRequest(ModelState)); } //no reuse of state after this... state.StateConsume = true; uow.States.Update(state); //no refresh token as part of this flow... var imp_claims = uow.Users.GenerateAccessClaims(issuer, user); var imp = auth.ResourceOwnerPassword(issuer.Name, issuer.IssuerKey, conf["IdentityTenant:Salt"], new List <string>() { audience.Name }, imp_claims); uow.AuthActivity.Create( map.Map <tbl_AuthActivity>(new AuthActivityV1() { UserId = user.Id, LoginType = GrantFlowType.ImplicitV2.ToString(), LoginOutcome = GrantFlowResultType.Success.ToString(), })); uow.Commit(); var result = new Uri(redirect.AbsoluteUri + "#access_token=" + HttpUtility.UrlEncode(imp.RawData) + "&expires_in=" + HttpUtility.UrlEncode(((int)(new DateTimeOffset(imp.ValidTo).Subtract(DateTime.UtcNow)).TotalSeconds).ToString()) + "&grant_type=implicit" + "&token_type=bearer" + "&state=" + HttpUtility.UrlEncode(input.state)); return(RedirectPermanent(result.AbsoluteUri)); }