/// <summary>
/// Action invoked on being redirected from open identity provider.
/// </summary>
/// <returns>View after being redirected from open identity provider.</returns>
/// <exception cref="System.NotSupportedException">Thrown when email claim does not exist.</exception>
public ActionResult OAuthV2Redirect()
{
IdentityProviderClientConfigurationElement currentProvider = OpenIdConnectUtilities.GetCurrentProviderSettings();
// Check whether provider returned an error which could be a case if a user rejected a consent.
string errorCode = this.HttpContext.Request.Params["error"];
if (errorCode != null)
{
string message = string.Format(
CultureInfo.CurrentCulture,
"The provider {0} returned error code {1} while processing user's credentials.",
currentProvider.Name,
errorCode);
this.Response.Redirect("~", false);
this.HttpContext.ApplicationInstance.CompleteRequest();
return(null);
}
string authorizationCode = OpenIdConnectUtilities.ValidateRequestAndGetAuthorizationCode();
if (authorizationCode == null)
{
string message = "Unable to find the authorization code for the login request.";
SecurityException securityException = new SecurityException(message);
throw securityException;
}
string bodyParameters = string.Format(
CultureInfo.InvariantCulture,
"grant_type=authorization_code&code={0}&redirect_uri={1}&client_id={2}&client_secret={3}",
authorizationCode,
currentProvider.RedirectUrl,
currentProvider.ClientId,
currentProvider.ClientSecret);
OpenIdConnectConfiguration providerDiscoveryDocument = OpenIdConnectUtilities.GetDiscoveryDocument(currentProvider.Issuer);
string returnValuesJson = OpenIdConnectUtilities.HttpPost(new Uri(providerDiscoveryDocument.TokenEndpoint), bodyParameters);
TokenEndpointResponse tokenResponse = OpenIdConnectUtilities.DeserilizeJson <TokenEndpointResponse>(returnValuesJson);
JwtSecurityToken token = OpenIdConnectUtilities.GetIdToken(tokenResponse.IdToken);
Claim emailClaim = token.Claims.SingleOrDefault(c => string.Equals(c.Type, OpenIdConnectUtilities.Email, StringComparison.OrdinalIgnoreCase));
string email = null;
// IdentityServer does not return email claim.
if (emailClaim != null)
{
email = emailClaim.Value;
}
return(this.GetRedirectionBasedOnAssociatedCustomer(tokenResponse.IdToken, currentProvider.ProviderType, email));
}
/// <summary>
/// Action invoked on being redirected from open identity provider.
/// </summary>
/// <returns>View after being redirected from open identity provider.</returns>
/// <exception cref="System.NotSupportedException">Thrown when email claim does not exist.</exception>
public async Task <ActionResult> OAuthV2Redirect()
{
IdentityProviderClientConfigurationElement currentProvider = OpenIdConnectUtilities.GetCurrentProviderSettings();
// Check whether provider returned an error which could be a case if a user rejected a consent.
string errorCode = ControllerContext.HttpContext.Request.Params["error"];
if (errorCode != null)
{
string message = string.Format(
"The provider {0} returned error code {1} while processing user's credentials.", currentProvider.Name, errorCode);
System.Diagnostics.Trace.TraceWarning(message);
this.Response.Redirect("~", false);
this.HttpContext.ApplicationInstance.CompleteRequest();
return(null);
}
string authorizationCode = OpenIdConnectUtilities.ValidateRequestAndGetAuthorizationCode(this.HttpContext);
if (authorizationCode == null)
{
SecurityException securityException = new SecurityException("Unable to find the authorization code for the login request.");
RetailLogger.Log.OnlineStoreAuthorizationCodeNotFoundForLogOnRequest(securityException);
throw securityException;
}
string bodyParameters = string.Format(
"grant_type=authorization_code&code={0}&redirect_uri={1}&client_id={2}&client_secret={3}",
authorizationCode,
currentProvider.RedirectUrl,
currentProvider.ClientId,
currentProvider.ClientSecret);
OpenIdConnectConfiguration providerDiscoveryDocument = OpenIdConnectUtilities.GetDiscoveryDocument(currentProvider.Issuer);
string returnValuesJson = OpenIdConnectUtilities.HttpPost(new Uri(providerDiscoveryDocument.TokenEndpoint), bodyParameters);
TokenEndpointResponse tokenResponse = OpenIdConnectUtilities.DeserilizeJson <TokenEndpointResponse>(returnValuesJson);
JwtSecurityToken token = OpenIdConnectUtilities.GetIdToken(tokenResponse.IdToken);
Claim emailClaim = token.Claims.SingleOrDefault(c => string.Equals(c.Type, CookieConstants.Email, StringComparison.OrdinalIgnoreCase));
if (emailClaim == null)
{
RetailLogger.Log.OnlineStoreClaimNotFound(CookieConstants.Email, "Required for sign up using OpenIdAuth");
throw new SecurityException("Email claim does not exist.");
}
RedirectToRouteResult redirectResult = await this.GetRedirectionBasedOnAssociatedCustomer(this.HttpContext, tokenResponse.IdToken, currentProvider.ProviderType, emailClaim.Value);
return(redirectResult);
}
