private static void ConfigureOpenIdConnect(OpenIdConnectOptions options)
        {
            var openIdConfiguration = new OpenIdConfiguration();

            _configuration.GetSection(nameof(OpenIdConfiguration)).Bind(openIdConfiguration);

            options.Authority            = openIdConfiguration.Authority;
            options.RequireHttpsMetadata = openIdConfiguration.RequireHttpsMetadata;

            options.ClientSecret = openIdConfiguration.ClientSecret;
            options.ClientId     = openIdConfiguration.ClientId;

            options.ResponseType = openIdConfiguration.ResponseType;

            options.Scope.Clear();
            foreach (var scope in openIdConfiguration.ScopesAsList)
            {
                options.Scope.Add(scope);
            }



            options.ClaimActions.Remove("amr");
            options.ClaimActions.MapJsonKey("website", "website");

            options.GetClaimsFromUserInfoEndpoint = openIdConfiguration.GetClaimsFromUserInfoEndpoint;
            options.SaveTokens = openIdConfiguration.SaveTokens;

            options.TokenValidationParameters = new TokenValidationParameters
            {
                NameClaimType = JwtClaimTypes.Name,
                RoleClaimType = ClaimTypes.Role
            };
        }
        private async Task HandleOpenIdConfigurationRequest(IOwinContext context)
        {
            var configuration = new OpenIdConfiguration
            {
                Issuer = string.Format(IssuerFormat, baseUri),
                AuthorizationEndpoint = string.Format(AuthorizationEndpointFormat, baseUri, tenant, defaultPolicy),
                TokenEndpoint         = string.Format(TokenEndpointFormat, baseUri, tenant, defaultPolicy),
                EndSessionEndpoint    = string.Format(EndSessionEndpointFormat, baseUri, tenant, defaultPolicy),
                JwksUri = string.Format(JwksUriFormat, baseUri, tenant, defaultPolicy),
                ResponseModeSupported = new List <string> {
                    "query", "fragment", "form_post"
                },
                ResponseTypeSupported = new List <string> {
                    "code", "code id_token", "code token", "code id_token token", "id_token", "id_token token", "token", "token id_token"
                },
                ScopesSupported = new List <string> {
                    "openid"
                },
                SubjectTypeSupported = new List <string> {
                    "pairwise"
                },
                IdTokenSigningAlgValuesSupported = new List <string> {
                    "RS256"
                },
                TokenEndpointAuthMethodsSuported = new List <string> {
                    "client_secret_post"
                },
                ClaimsSupported = new List <string> {
                    "name", "given_name", "family_name", "email", "sub", "idp", "alternativeSecurityId", "authenticationSource", "role"
                }
            };

            context.Response.StatusCode = 200;
            await context.Response.WriteAsync(JsonConvert.SerializeObject(configuration, Formatting.Indented));
        }
示例#3
0
 private async Task EnsureDirectoryIsSetAsync()
 {
     if (configuration == null)
     {
         configuration = JsonObject.Parse(
             text: await httpClient.GetStringAsync($"https://{host}/.well-known/openid-configuration")
             ).As <OpenIdConfiguration>();
     }
 }
        private async Task <BankClientProfile> PersistOpenBankingClient(
            BankClientProfile value,
            OpenIdConfiguration openIdConfiguration,
            OpenBankingClientRegistrationClaims registrationClaims,
            BankClientRegistrationData openBankingRegistrationData)
        {
            value.State = "ok";
            value.OpenIdConfiguration          = openIdConfiguration;
            value.BankClientRegistrationClaims =
                _mapper.Map <BankClientRegistrationClaims>(registrationClaims);
            value.BankClientRegistrationData = openBankingRegistrationData;

            await _bankClientProfileRepo.UpsertAsync(value);

            return(value);
        }
        public string GetOpenIdConfigJson()
        {
            OpenIdConfiguration openIdConfig = new OpenIdConfiguration
            {
                Issuer = MockRoutes.Url,
                ResponseTypesSupported = new List <string> {
                    "code id_token"
                }.ToArray(),
                                ScopesSupported = new List <string> {
                    "openid", "payments", "accounts", "fundsconfirmations", "profile"
                }
                .ToArray(),
                                ResponseModesSupported = new List <string> {
                    "fragment", "query", "form_post"
                }.ToArray(),
                                TokenEndpoint         = $"{MockRoutes.Url}{MockRoutes.Token}",
                                AuthorizationEndpoint = $"{MockRoutes.Url}{MockRoutes.Authorize}",
                                RegistrationEndpoint  = $"{MockRoutes.Url}{MockRoutes.Register}"
            };

            return(JsonConvert.SerializeObject(openIdConfig));
        }
 public ValidateTokenRequestHandler(OpenIdConfiguration configuration)
 {
     _configuration = configuration;
 }
        public async Task <BankClientProfileResponse> CreateAsync(BankClientProfilePublic bankClientProfile)
        {
            bankClientProfile.ArgNotNull(nameof(bankClientProfile));

            // Load relevant objects
            SoftwareStatementProfile softwareStatementProfile =
                _softwareStatementProfileService.GetSoftwareStatementProfile(
                    bankClientProfile.SoftwareStatementProfileId);

            // STEP 1
            // Compute claims associated with Open Banking client

            // Get OpenID Connect configuration info
            OpenIdConfiguration openIdConfiguration =
                await GetOpenIdConfigurationAsync(bankClientProfile.IssuerUrl);

            new OpenBankingOpenIdConfigurationResponseValidator().Validate(openIdConfiguration)
            .RaiseErrorOnValidationError();

            // Create claims for client reg
            OpenBankingClientRegistrationClaims registrationClaims = Factories.CreateRegistrationClaims(
                issuerUrl: bankClientProfile.IssuerUrl,
                sProfile: softwareStatementProfile,
                concatScopes: false);
            BankClientRegistrationClaimsOverrides registrationClaimsOverrides =
                bankClientProfile.BankClientRegistrationClaimsOverrides;

            if (!(registrationClaimsOverrides is null))
            {
                if (!(registrationClaimsOverrides.RequestAudience is null))
                {
                    registrationClaims.Aud = registrationClaimsOverrides.RequestAudience;
                }
            }

            BankClientRegistrationClaims persistentRegistrationClaims =
                _mapper.Map <BankClientRegistrationClaims>(registrationClaims);

            // STEP 2
            // Check for existing Open Banking client for issuer URL
            // If we have an Open Banking client with the same issuer URL we will check if the claims match.
            // If they do, we will re-use this client.
            // Otherwise we will return an error as only support a single client per issuer URL at present.
            IQueryable <BankClientProfile> clientList = await _bankClientProfileRepo
                                                        .GetAsync(c => c.IssuerUrl == bankClientProfile.IssuerUrl);

            BankClientProfile existingClient = clientList
                                               .SingleOrDefault();

            if (existingClient is object)
            {
                if (existingClient.BankClientRegistrationClaims != persistentRegistrationClaims)
                {
                    throw new Exception(
                              "There is already a client for this issuer URL but it cannot be re-used because claims are different.");
                }
            }

            // STEP 3
            // Create new Open Banking client by posting JWT
            BankClientProfile client;

            if (existingClient is null)
            {
                JwtFactory jwtFactory = new JwtFactory();
                string     jwt        = jwtFactory.CreateJwt(
                    profile: softwareStatementProfile,
                    claims: registrationClaims,
                    useOpenBankingJwtHeaders: false);

                OpenBankingClientRegistrationResponse registrationResponse = await new HttpRequestBuilder()
                                                                             .SetMethod(HttpMethod.Post)
                                                                             .SetUri(openIdConfiguration.RegistrationEndpoint)
                                                                             .SetContent(jwt)
                                                                             .SetContentType("application/jwt")
                                                                             .Create()
                                                                             .RequestJsonAsync <OpenBankingClientRegistrationResponse>(
                    client: _apiClient,
                    requestContentIsJson: false);

                BankClientRegistrationData openBankingClientResponse = new BankClientRegistrationData
                {
                    ClientId              = registrationResponse.ClientId,
                    ClientIdIssuedAt      = registrationResponse.ClientIdIssuedAt,
                    ClientSecret          = registrationResponse.ClientSecret,
                    ClientSecretExpiresAt = registrationResponse.ClientSecretExpiresAt
                };

                // Create and store Open Banking client
                BankClientProfile newClient = _mapper.Map <BankClientProfile>(bankClientProfile);
                client = await PersistOpenBankingClient(
                    value : newClient,
                    openIdConfiguration : openIdConfiguration,
                    registrationClaims : registrationClaims,
                    openBankingRegistrationData : openBankingClientResponse);

                await _dbMultiEntityMethods.SaveChangesAsync();
            }
            else
            {
                client = existingClient;
            }

            // Return
            return(new BankClientProfileResponse(client));
        }
 public HandleAuthorizationRequestHandler(OpenIdConfiguration configuration)
 {
     _configuration = configuration;
 }