public async static Task <LoginResult> RefreshTokenAsync(OidcSettings settings, string refreshToken) { var config = await LoadOpenIdConnectConfigurationAsync(settings); var tokenClient = new TokenClient( config.TokenEndpoint, settings.ClientId, settings.ClientSecret); var provider = JwkNetExtensions.CreateProvider(); var jwk = provider.ToJsonWebKey(); var tokenResponse = await tokenClient.RequestRefreshTokenPopAsync( refreshToken : refreshToken, algorithm : jwk.Alg, key : jwk.ToJwkString()); if (tokenResponse.IsError) { return(new LoginResult { ErrorMessage = tokenResponse.Error }); } else { return(new LoginResult { Success = true, AccessToken = tokenResponse.AccessToken, RefreshToken = tokenResponse.RefreshToken, IdentityToken = tokenResponse.IdentityToken, AccessTokenExpiration = DateTime.Now.AddSeconds(tokenResponse.ExpiresIn) }); } }
private async void refresh_Click(object sender, RoutedEventArgs e) { if (_config == null) { await LoadOpenIdConnectConfigurationAsync(); } var tokenClient = new TokenClient( _config.TokenEndpoint, _settings.ClientId, _settings.ClientSecret); _provider = JwkNetExtensions.CreateProvider(); var jwk = _provider.ToJsonWebKey(); var tokenResponse = await tokenClient.RequestRefreshTokenPopAsync( refreshToken : _result?.RefreshToken, algorithm : jwk.Alg, key : jwk.ToJwkString()); if (tokenResponse.IsError) { _result = new LoginResult { ErrorMessage = tokenResponse.Error }; } else { _result = new LoginResult { Success = true, AccessToken = tokenResponse.AccessToken, RefreshToken = tokenResponse.RefreshToken, IdentityToken = tokenResponse.IdentityToken, AccessTokenExpiration = DateTime.Now.AddSeconds(tokenResponse.ExpiresIn) }; } ShowTokenResult(); }
private async static Task <LoginResult> ValidateResponseAsync(AuthorizeResponse response, OidcSettings settings, OpenIdConnectConfiguration config, string expectedNonce, string verifier) { var tokenClaims = ValidateIdentityToken(response.IdentityToken, settings, config); if (tokenClaims == null) { return(new LoginResult { ErrorMessage = "Invalid identity token." }); } var nonce = tokenClaims.FirstOrDefault(c => c.Type == JwtClaimTypes.Nonce); if (nonce == null || !string.Equals(nonce.Value, expectedNonce, StringComparison.Ordinal)) { return(new LoginResult { ErrorMessage = "Inalid nonce." }); } var codeHash = tokenClaims.FirstOrDefault(c => c.Type == JwtClaimTypes.AuthorizationCodeHash); if (codeHash == null || ValidateCodeHash(codeHash.Value, response.Code) == false) { return(new LoginResult { ErrorMessage = "Invalid code." }); } var provider = JwkNetExtensions.CreateProvider(); var jwk = provider.ToJsonWebKey(); var tokenClient = new TokenClient( config.TokenEndpoint, settings.ClientId, settings.ClientSecret); var tokenResponse = await tokenClient.RequestAuthorizationCodePopAsync( code : response.Code, redirectUri : settings.RedirectUri, codeVerifier : settings.UsePkce?verifier : null, algorithm : jwk.Alg, key : jwk.ToJwkString()); if (tokenResponse.IsError) { return(new LoginResult { ErrorMessage = tokenResponse.Error }); } var profileClaims = new List <Claim>(); if (settings.LoadUserProfile) { var userInfoClient = new UserInfoClient( new Uri(config.UserInfoEndpoint), tokenResponse.AccessToken); var userInfoResponse = await userInfoClient.GetAsync(); profileClaims = userInfoResponse.GetClaimsIdentity().Claims.ToList(); } var principal = CreatePrincipal(tokenClaims, profileClaims, settings); return(new LoginResult { Success = true, User = principal, IdentityToken = response.IdentityToken, AccessToken = tokenResponse.AccessToken, RefreshToken = tokenResponse.RefreshToken, AccessTokenExpiration = DateTime.Now.AddSeconds(tokenResponse.ExpiresIn) }); }
private async Task <LoginResult> ValidateResponseAsync(AuthorizeResponse response) { // id_token validieren var tokenClaims = ValidateIdentityToken(response.IdentityToken); if (tokenClaims == null) { return(new LoginResult { ErrorMessage = "Invalid identity token." }); } // nonce validieren var nonce = tokenClaims.FirstOrDefault(c => c.Type == JwtClaimTypes.Nonce); if (nonce == null || !string.Equals(nonce.Value, _nonce, StringComparison.Ordinal)) { return(new LoginResult { ErrorMessage = "Inalid nonce." }); } // c_hash validieren var c_hash = tokenClaims.FirstOrDefault(c => c.Type == JwtClaimTypes.AuthorizationCodeHash); if (c_hash == null || ValidateCodeHash(c_hash.Value, response.Code) == false) { return(new LoginResult { ErrorMessage = "Invalid code." }); } _provider = JwkNetExtensions.CreateProvider(); var jwk = _provider.ToJsonWebKey(); // code eintauschen gegen tokens var tokenClient = new TokenClient( _config.TokenEndpoint, _settings.ClientId, _settings.ClientSecret); var tokenResponse = await tokenClient.RequestAuthorizationCodePopAsync( code : response.Code, redirectUri : _settings.RedirectUri, codeVerifier : _verifier, algorithm : jwk.Alg, key : jwk.ToJwkString()); if (tokenResponse.IsError) { return(new LoginResult { ErrorMessage = tokenResponse.Error }); } // optional userinfo aufrufen var profileClaims = new List <Claim>(); if (_settings.LoadUserProfile) { var userInfoClient = new UserInfoClient( new Uri(_config.UserInfoEndpoint), tokenResponse.AccessToken); var userInfoResponse = await userInfoClient.GetAsync(); profileClaims = userInfoResponse.GetClaimsIdentity().Claims.ToList(); } var principal = CreatePrincipal(tokenClaims, profileClaims); return(new LoginResult { Success = true, User = principal, IdentityToken = response.IdentityToken, AccessToken = tokenResponse.AccessToken, RefreshToken = tokenResponse.RefreshToken, AccessTokenExpiration = DateTime.Now.AddSeconds(tokenResponse.ExpiresIn) }); }