/// <summary> /// Action invoked on being redirected from open identity provider. /// </summary> /// <returns>View after being redirected from open identity provider.</returns> /// <exception cref="System.NotSupportedException">Thrown when email claim does not exist.</exception> public ActionResult OAuthV2Redirect() { IdentityProviderClientConfigurationElement currentProvider = OpenIdConnectUtilities.GetCurrentProviderSettings(); // Check whether provider returned an error which could be a case if a user rejected a consent. string errorCode = this.HttpContext.Request.Params["error"]; if (errorCode != null) { string message = string.Format( CultureInfo.CurrentCulture, "The provider {0} returned error code {1} while processing user's credentials.", currentProvider.Name, errorCode); this.Response.Redirect("~", false); this.HttpContext.ApplicationInstance.CompleteRequest(); return(null); } string authorizationCode = OpenIdConnectUtilities.ValidateRequestAndGetAuthorizationCode(); if (authorizationCode == null) { string message = "Unable to find the authorization code for the login request."; SecurityException securityException = new SecurityException(message); throw securityException; } string bodyParameters = string.Format( CultureInfo.InvariantCulture, "grant_type=authorization_code&code={0}&redirect_uri={1}&client_id={2}&client_secret={3}", authorizationCode, currentProvider.RedirectUrl, currentProvider.ClientId, currentProvider.ClientSecret); OpenIdConnectConfiguration providerDiscoveryDocument = OpenIdConnectUtilities.GetDiscoveryDocument(currentProvider.Issuer); string returnValuesJson = OpenIdConnectUtilities.HttpPost(new Uri(providerDiscoveryDocument.TokenEndpoint), bodyParameters); TokenEndpointResponse tokenResponse = OpenIdConnectUtilities.DeserilizeJson <TokenEndpointResponse>(returnValuesJson); JwtSecurityToken token = OpenIdConnectUtilities.GetIdToken(tokenResponse.IdToken); Claim emailClaim = token.Claims.SingleOrDefault(c => string.Equals(c.Type, OpenIdConnectUtilities.Email, StringComparison.OrdinalIgnoreCase)); string email = null; // IdentityServer does not return email claim. if (emailClaim != null) { email = emailClaim.Value; } return(this.GetRedirectionBasedOnAssociatedCustomer(tokenResponse.IdToken, currentProvider.ProviderType, email)); }
/// <summary> /// Action invoked on being redirected from open identity provider. /// </summary> /// <returns>View after being redirected from open identity provider.</returns> /// <exception cref="System.NotSupportedException">Thrown when email claim does not exist.</exception> public async Task <ActionResult> OAuthV2Redirect() { IdentityProviderClientConfigurationElement currentProvider = OpenIdConnectUtilities.GetCurrentProviderSettings(); // Check whether provider returned an error which could be a case if a user rejected a consent. string errorCode = ControllerContext.HttpContext.Request.Params["error"]; if (errorCode != null) { string message = string.Format( "The provider {0} returned error code {1} while processing user's credentials.", currentProvider.Name, errorCode); System.Diagnostics.Trace.TraceWarning(message); this.Response.Redirect("~", false); this.HttpContext.ApplicationInstance.CompleteRequest(); return(null); } string authorizationCode = OpenIdConnectUtilities.ValidateRequestAndGetAuthorizationCode(this.HttpContext); if (authorizationCode == null) { SecurityException securityException = new SecurityException("Unable to find the authorization code for the login request."); RetailLogger.Log.OnlineStoreAuthorizationCodeNotFoundForLogOnRequest(securityException); throw securityException; } string bodyParameters = string.Format( "grant_type=authorization_code&code={0}&redirect_uri={1}&client_id={2}&client_secret={3}", authorizationCode, currentProvider.RedirectUrl, currentProvider.ClientId, currentProvider.ClientSecret); OpenIdConnectConfiguration providerDiscoveryDocument = OpenIdConnectUtilities.GetDiscoveryDocument(currentProvider.Issuer); string returnValuesJson = OpenIdConnectUtilities.HttpPost(new Uri(providerDiscoveryDocument.TokenEndpoint), bodyParameters); TokenEndpointResponse tokenResponse = OpenIdConnectUtilities.DeserilizeJson <TokenEndpointResponse>(returnValuesJson); JwtSecurityToken token = OpenIdConnectUtilities.GetIdToken(tokenResponse.IdToken); Claim emailClaim = token.Claims.SingleOrDefault(c => string.Equals(c.Type, CookieConstants.Email, StringComparison.OrdinalIgnoreCase)); if (emailClaim == null) { RetailLogger.Log.OnlineStoreClaimNotFound(CookieConstants.Email, "Required for sign up using OpenIdAuth"); throw new SecurityException("Email claim does not exist."); } RedirectToRouteResult redirectResult = await this.GetRedirectionBasedOnAssociatedCustomer(this.HttpContext, tokenResponse.IdToken, currentProvider.ProviderType, emailClaim.Value); return(redirectResult); }