private static void ConfigureOpenIdConnect(OpenIdConnectOptions options) { var openIdConfiguration = new OpenIdConfiguration(); _configuration.GetSection(nameof(OpenIdConfiguration)).Bind(openIdConfiguration); options.Authority = openIdConfiguration.Authority; options.RequireHttpsMetadata = openIdConfiguration.RequireHttpsMetadata; options.ClientSecret = openIdConfiguration.ClientSecret; options.ClientId = openIdConfiguration.ClientId; options.ResponseType = openIdConfiguration.ResponseType; options.Scope.Clear(); foreach (var scope in openIdConfiguration.ScopesAsList) { options.Scope.Add(scope); } options.ClaimActions.Remove("amr"); options.ClaimActions.MapJsonKey("website", "website"); options.GetClaimsFromUserInfoEndpoint = openIdConfiguration.GetClaimsFromUserInfoEndpoint; options.SaveTokens = openIdConfiguration.SaveTokens; options.TokenValidationParameters = new TokenValidationParameters { NameClaimType = JwtClaimTypes.Name, RoleClaimType = ClaimTypes.Role }; }
private async Task HandleOpenIdConfigurationRequest(IOwinContext context) { var configuration = new OpenIdConfiguration { Issuer = string.Format(IssuerFormat, baseUri), AuthorizationEndpoint = string.Format(AuthorizationEndpointFormat, baseUri, tenant, defaultPolicy), TokenEndpoint = string.Format(TokenEndpointFormat, baseUri, tenant, defaultPolicy), EndSessionEndpoint = string.Format(EndSessionEndpointFormat, baseUri, tenant, defaultPolicy), JwksUri = string.Format(JwksUriFormat, baseUri, tenant, defaultPolicy), ResponseModeSupported = new List <string> { "query", "fragment", "form_post" }, ResponseTypeSupported = new List <string> { "code", "code id_token", "code token", "code id_token token", "id_token", "id_token token", "token", "token id_token" }, ScopesSupported = new List <string> { "openid" }, SubjectTypeSupported = new List <string> { "pairwise" }, IdTokenSigningAlgValuesSupported = new List <string> { "RS256" }, TokenEndpointAuthMethodsSuported = new List <string> { "client_secret_post" }, ClaimsSupported = new List <string> { "name", "given_name", "family_name", "email", "sub", "idp", "alternativeSecurityId", "authenticationSource", "role" } }; context.Response.StatusCode = 200; await context.Response.WriteAsync(JsonConvert.SerializeObject(configuration, Formatting.Indented)); }
private async Task EnsureDirectoryIsSetAsync() { if (configuration == null) { configuration = JsonObject.Parse( text: await httpClient.GetStringAsync($"https://{host}/.well-known/openid-configuration") ).As <OpenIdConfiguration>(); } }
private async Task <BankClientProfile> PersistOpenBankingClient( BankClientProfile value, OpenIdConfiguration openIdConfiguration, OpenBankingClientRegistrationClaims registrationClaims, BankClientRegistrationData openBankingRegistrationData) { value.State = "ok"; value.OpenIdConfiguration = openIdConfiguration; value.BankClientRegistrationClaims = _mapper.Map <BankClientRegistrationClaims>(registrationClaims); value.BankClientRegistrationData = openBankingRegistrationData; await _bankClientProfileRepo.UpsertAsync(value); return(value); }
public string GetOpenIdConfigJson() { OpenIdConfiguration openIdConfig = new OpenIdConfiguration { Issuer = MockRoutes.Url, ResponseTypesSupported = new List <string> { "code id_token" }.ToArray(), ScopesSupported = new List <string> { "openid", "payments", "accounts", "fundsconfirmations", "profile" } .ToArray(), ResponseModesSupported = new List <string> { "fragment", "query", "form_post" }.ToArray(), TokenEndpoint = $"{MockRoutes.Url}{MockRoutes.Token}", AuthorizationEndpoint = $"{MockRoutes.Url}{MockRoutes.Authorize}", RegistrationEndpoint = $"{MockRoutes.Url}{MockRoutes.Register}" }; return(JsonConvert.SerializeObject(openIdConfig)); }
public ValidateTokenRequestHandler(OpenIdConfiguration configuration) { _configuration = configuration; }
public async Task <BankClientProfileResponse> CreateAsync(BankClientProfilePublic bankClientProfile) { bankClientProfile.ArgNotNull(nameof(bankClientProfile)); // Load relevant objects SoftwareStatementProfile softwareStatementProfile = _softwareStatementProfileService.GetSoftwareStatementProfile( bankClientProfile.SoftwareStatementProfileId); // STEP 1 // Compute claims associated with Open Banking client // Get OpenID Connect configuration info OpenIdConfiguration openIdConfiguration = await GetOpenIdConfigurationAsync(bankClientProfile.IssuerUrl); new OpenBankingOpenIdConfigurationResponseValidator().Validate(openIdConfiguration) .RaiseErrorOnValidationError(); // Create claims for client reg OpenBankingClientRegistrationClaims registrationClaims = Factories.CreateRegistrationClaims( issuerUrl: bankClientProfile.IssuerUrl, sProfile: softwareStatementProfile, concatScopes: false); BankClientRegistrationClaimsOverrides registrationClaimsOverrides = bankClientProfile.BankClientRegistrationClaimsOverrides; if (!(registrationClaimsOverrides is null)) { if (!(registrationClaimsOverrides.RequestAudience is null)) { registrationClaims.Aud = registrationClaimsOverrides.RequestAudience; } } BankClientRegistrationClaims persistentRegistrationClaims = _mapper.Map <BankClientRegistrationClaims>(registrationClaims); // STEP 2 // Check for existing Open Banking client for issuer URL // If we have an Open Banking client with the same issuer URL we will check if the claims match. // If they do, we will re-use this client. // Otherwise we will return an error as only support a single client per issuer URL at present. IQueryable <BankClientProfile> clientList = await _bankClientProfileRepo .GetAsync(c => c.IssuerUrl == bankClientProfile.IssuerUrl); BankClientProfile existingClient = clientList .SingleOrDefault(); if (existingClient is object) { if (existingClient.BankClientRegistrationClaims != persistentRegistrationClaims) { throw new Exception( "There is already a client for this issuer URL but it cannot be re-used because claims are different."); } } // STEP 3 // Create new Open Banking client by posting JWT BankClientProfile client; if (existingClient is null) { JwtFactory jwtFactory = new JwtFactory(); string jwt = jwtFactory.CreateJwt( profile: softwareStatementProfile, claims: registrationClaims, useOpenBankingJwtHeaders: false); OpenBankingClientRegistrationResponse registrationResponse = await new HttpRequestBuilder() .SetMethod(HttpMethod.Post) .SetUri(openIdConfiguration.RegistrationEndpoint) .SetContent(jwt) .SetContentType("application/jwt") .Create() .RequestJsonAsync <OpenBankingClientRegistrationResponse>( client: _apiClient, requestContentIsJson: false); BankClientRegistrationData openBankingClientResponse = new BankClientRegistrationData { ClientId = registrationResponse.ClientId, ClientIdIssuedAt = registrationResponse.ClientIdIssuedAt, ClientSecret = registrationResponse.ClientSecret, ClientSecretExpiresAt = registrationResponse.ClientSecretExpiresAt }; // Create and store Open Banking client BankClientProfile newClient = _mapper.Map <BankClientProfile>(bankClientProfile); client = await PersistOpenBankingClient( value : newClient, openIdConfiguration : openIdConfiguration, registrationClaims : registrationClaims, openBankingRegistrationData : openBankingClientResponse); await _dbMultiEntityMethods.SaveChangesAsync(); } else { client = existingClient; } // Return return(new BankClientProfileResponse(client)); }
public HandleAuthorizationRequestHandler(OpenIdConfiguration configuration) { _configuration = configuration; }