public async Task <ClientSecretValidationResult> ValidateAsync(HttpContext context)
{
var fail = new ClientSecretValidationResult()
{
IsError = true,
Error = OidcConstants.TokenErrors.InvalidClient,
};
if (!_plugins.Any())
{
await RaiseFailureEventAsync("unknown", "No client id found");
fail.ErrorDescription = "No IClientSecretValidatorPlugin were found!";
_logger.LogError(fail.ErrorDescription);
return(fail);
}
var parsedSecret = await _parser.ParseAsync(context);
if (parsedSecret == null)
{
await RaiseFailureEventAsync("unknown", "No client id found");
fail.ErrorDescription = "No client identifier found";
_logger.LogError(fail.ErrorDescription);
return(fail);
}
// load client
var client = await _clients.FindEnabledClientByIdAsync(parsedSecret.Id);
if (client == null)
{
await RaiseFailureEventAsync(parsedSecret.Id, "Unknown client");
fail.ErrorDescription = $"No client with id '{parsedSecret.Id}' found. aborting";
_logger.LogError(fail.ErrorDescription);
return(fail);
}
foreach (var plugin in _plugins)
{
var result = await plugin.ValidateAsync(context);
if (result.IsError)
{
return(result);
}
}
var success = new ClientSecretValidationResult
{
IsError = false,
Client = client,
Secret = parsedSecret
};
return(success);
}
/// <summary>
/// Validates the current request.
/// </summary>
/// <param name="context">The context.</param>
/// <returns></returns>
public async Task <ClientSecretValidationResult> ValidateAsync(HttpContext context)
{
_logger.LogDebug("Start client validation");
var fail = new ClientSecretValidationResult
{
IsError = true
};
var parsedSecret = await _parser.ParseAsync(context);
if (parsedSecret == null)
{
await RaiseFailureEventAsync("unknown", "No client id found");
_logger.LogError("No client identifier found");
return(fail);
}
// load client
var client = await _clients.FindEnabledClientByIdAsync(parsedSecret.Id);
if (client == null)
{
await RaiseFailureEventAsync(parsedSecret.Id, "Unknown client");
_logger.LogError("No client with id '{clientId}' found. aborting", parsedSecret.Id);
return(fail);
}
var form = (await context.Request.ReadFormAsync()).AsNameValueCollection();
var grantType = form.Get(OidcConstants.TokenRequest.GrantType);
if (grantType == OidcConstants.GrantTypes.RefreshToken)
{
// upcast;
ClientExtra clientExtra = client as ClientExtra;
if (!clientExtra.RequireRefreshClientSecret)
{
_logger.LogDebug("Public Client - skipping secret validation success");
_logger.LogDebug("Client validation success");
var success = new ClientSecretValidationResult
{
IsError = false,
Client = client,
Secret = parsedSecret
};
await RaiseSuccessEventAsync(client.ClientId, parsedSecret.Type);
return(success);
}
}
return(await StockClientSecretValidator.ValidateAsync(context));
}
public async Task <ClientRequestIdentity> GetClientRequestIdentityAsync(HttpContext httpContext)
{
var parsedSecret = await _parser.ParseAsync(httpContext);
if (parsedSecret != null)
{
var identity = new ClientRequestIdentity
{
Path = httpContext.Request.Path.ToString().ToLowerInvariant(),
HttpVerb = httpContext.Request.Method.ToLowerInvariant(),
ClientId = parsedSecret.Id
};
return(identity);
}
return(null);
}
/// <summary>
/// 登录校验密钥
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public async Task <ClientSecretValidationResult> ValidateAsync(HttpContext context)
{
var _signInManager = (SignInManager <ApplicationUser>)context.RequestServices.GetService(typeof(SignInManager <ApplicationUser>));
_logger.LogDebug("Start client validation");
//错误返回
var fail = new ClientSecretValidationResult
{
IsError = true
};
//根据上下文查找密钥
var parsedSecret = await _parser.ParseAsync(context);
if (parsedSecret == null)
{
await RaiseFailureEventAsync("unknown", "No client id found");
_logger.LogError("No client identifier found");
return(fail);
}
// 加载客户端配置
var client = await _clients.FindEnabledClientByIdAsync(parsedSecret.Id);
if (client == null)
{
await RaiseFailureEventAsync(parsedSecret.Id, "Unknown client");
_logger.LogError("No client with id '{clientId}' found. aborting", parsedSecret.Id);
return(fail);
}
SecretValidationResult secretValidationResult = null;
if (!client.RequireClientSecret || client.IsImplicitOnly())
{
_logger.LogDebug("Public Client - skipping secret validation success");
}
else
{
//验证客户端密钥
secretValidationResult = await _validator.ValidateAsync(parsedSecret, client.ClientSecrets);
if (secretValidationResult.Success == false)
{
await RaiseFailureEventAsync(client.ClientId, "Invalid client secret");
_logger.LogError("Client secret validation failed for client: {clientId}.", client.ClientId);
return(fail);
}
}
_logger.LogDebug("Client validation success");
//var user = await _signInManager.UserManager.FindByNameAsync(context.User.Identity.Name);
//var claimsPrincipal = await _signInManager.ClaimsFactory.CreateAsync(user);
var success = new ClientSecretValidationResult
{
IsError = false,
Client = client,
Secret = parsedSecret,
Confirmation = secretValidationResult?.Confirmation
};
await RaiseSuccessEventAsync(client.ClientId, parsedSecret.Type);
return(success);
}
/// <summary>
/// Validates the secret on the current request.
/// </summary>
/// <param name="context">The context.</param>
/// <returns></returns>
public async Task <ApiSecretValidationResult> ValidateAsync(HttpContext context)
{
_logger.LogTrace("Start API validation");
var fail = new ApiSecretValidationResult
{
IsError = true
};
var parsedSecret = await _parser.ParseAsync(context);
if (parsedSecret == null)
{
await RaiseFailureEventAsync("unknown", "No API id or secret found");
_logger.LogError("No API secret found");
return(fail);
}
// load API resource
var api = await _resources.FindApiResourceAsync(parsedSecret.Id);
if (api == null)
{
await RaiseFailureEventAsync(parsedSecret.Id, "Unknown API resource");
_logger.LogError("No API resource with that name found. aborting");
return(fail);
}
if (api.Enabled == false)
{
await RaiseFailureEventAsync(parsedSecret.Id, "API resource not enabled");
_logger.LogError("API resource not enabled. aborting.");
return(fail);
}
var result = await _validator.ValidateAsync(parsedSecret, api.ApiSecrets);
if (result.Success)
{
_logger.LogDebug("API resource validation success");
var success = new ApiSecretValidationResult
{
IsError = false,
Resource = api
};
await RaiseSuccessEventAsync(api.Name, parsedSecret.Type);
return(success);
}
await RaiseFailureEventAsync(api.Name, "Invalid API secret");
_logger.LogError("API validation failed.");
return(fail);
}
