private static bool CreateUser(string authToken, string userName, string password, string emailAddress, SimpleNameValueCollection profile, bool updateIfExists) { var service = new UserManagementServiceClient(); var result = service.CreateUser(authToken, userName, password, emailAddress, profile, updateIfExists); if (result.CallSuccess) return true; Console.WriteLine(result.FailureMessage); return false; }
public static SimpleNameValueCollection AsNameValueCollection(this IDictionary <string, StringValues> collection) { var nv = new SimpleNameValueCollection(); foreach (var field in collection) { nv.Add(field.Key, field.Value.First()); } return(nv); }
public async Task <TokenRequestValidationResult> ValidateRequestAsync(SimpleNameValueCollection parameters) { _logger.LogDebug("Start token request validation"); _validatedRequest = new ValidatedTokenRequest { Raw = parameters ?? throw new ArgumentNullException(nameof(parameters)) }; ///////////////////////////////////////////// // check grant type ///////////////////////////////////////////// var clientId = parameters.Get(OidcConstants.TokenRequest.ClientId); if (clientId.IsMissing()) { LogError("ClientId is missing"); return(Invalid(OidcConstants.TokenErrors.UnsupportedGrantType)); } _validatedRequest.ClientId = clientId; ///////////////////////////////////////////// // check grant type ///////////////////////////////////////////// var grantType = parameters.Get(OidcConstants.TokenRequest.GrantType); if (grantType.IsMissing()) { LogError("Grant type is missing"); return(Invalid(OidcConstants.TokenErrors.UnsupportedGrantType)); } if (grantType.Length > _options.InputLengthRestrictions.GrantType) { LogError("Grant type is too long"); return(Invalid(OidcConstants.TokenErrors.UnsupportedGrantType)); } _validatedRequest.GrantType = grantType; switch (grantType) { case OidcConstants.GrantTypes.AuthorizationCode: return(await RunValidationAsync(ValidateAuthorizationCodeRequestAsync, parameters)); default: return(Invalid(OidcConstants.TokenErrors.InvalidGrant)); } }
/// <summary> /// A utility method used to construct a user's profile. /// </summary> /// <param name="profile">A list of profile properties.</param> /// <returns></returns> private static SimpleNameValueCollection BuildProfile(IList<KeyValuePair<string, string>> profile) { SimpleNameValueCollection userProfile = null; if (profile != null) { var profileProperties = new SimpleNameValue[profile.Count()]; for (var i = 0; i < profile.Count(); i++) { var property = profile[i]; profileProperties[i] = new SimpleNameValue { Name = property.Key, Value = property.Value }; } userProfile = new SimpleNameValueCollection { NameValueList = profileProperties }; } return userProfile; }
public static Dictionary <string, string> ToScrubbedDictionary(this SimpleNameValueCollection collection, params string[] nameFilter) { var dict = new Dictionary <string, string>(); if (collection == null || collection.Count == 0) { return(dict); } foreach (string name in collection.AllKeys) { var value = collection.Get(name); if (value != null) { if (nameFilter.Contains(name)) { value = "***REDACTED***"; } dict.Add(name, value); } } return(dict); }
public static Dictionary <string, string> ToDictionary(this SimpleNameValueCollection collection) { return(collection.ToScrubbedDictionary()); }
private async Task <TokenRequestValidationResult> ValidateAuthorizationCodeRequestAsync(SimpleNameValueCollection parameters) { _logger.LogDebug("Start validation of authorization code token request"); ///////////////////////////////////////////// // validate authorization code ///////////////////////////////////////////// var code = parameters.Get(OidcConstants.TokenRequest.Code); if (code.IsMissing()) { LogError("Authorization code is missing"); return(Invalid(OidcConstants.TokenErrors.InvalidGrant)); } if (code.Length > _options.InputLengthRestrictions.AuthorizationCode) { LogError("Authorization code is too long"); return(Invalid(OidcConstants.TokenErrors.InvalidGrant)); } _validatedRequest.AuthorizationCodeHandle = code; _validatedRequest.IdTokenResponse = await _oidcPipelineStore.GetDownstreamIdTokenResponseAsync(code); if (_validatedRequest.IdTokenResponse == null) { LogError("Invalid authorization code", new { code }); return(Invalid(OidcConstants.TokenErrors.InvalidGrant)); } await _oidcPipelineStore.DeleteStoredCacheAsync(code); ///////////////////////////////////////////// // validate client binding ///////////////////////////////////////////// if (_validatedRequest.IdTokenResponse.Request.ClientId != _validatedRequest.ClientId) { LogError("Client is trying to use a code from a different client", new { clientId = _validatedRequest.ClientId, codeClient = _validatedRequest.IdTokenResponse.Request.ClientId }); return(Invalid(OidcConstants.TokenErrors.InvalidGrant)); } ///////////////////////////////////////////// // validate redirect_uri ///////////////////////////////////////////// var redirectUri = parameters.Get(OidcConstants.TokenRequest.RedirectUri); if (redirectUri.IsMissing()) { LogError("Redirect URI is missing"); return(Invalid(OidcConstants.TokenErrors.UnauthorizedClient)); } if (redirectUri.Equals(_validatedRequest.IdTokenResponse.Request.RedirectUri, StringComparison.Ordinal) == false) { LogError("Invalid redirect_uri", new { redirectUri, expectedRedirectUri = _validatedRequest.IdTokenResponse.Request.RedirectUri }); return(Invalid(OidcConstants.TokenErrors.UnauthorizedClient)); } ///////////////////////////////////////////// // validate PKCE parameters ///////////////////////////////////////////// var codeVerifier = parameters.Get(OidcConstants.TokenRequest.CodeVerifier); if (_validatedRequest.IdTokenResponse.Request.CodeChallenge.IsPresent()) { _logger.LogDebug("Client required a proof key for code exchange. Starting PKCE validation"); var proofKeyResult = ValidateAuthorizationCodeWithProofKeyParameters(codeVerifier, _validatedRequest.IdTokenResponse); if (proofKeyResult.IsError) { return(proofKeyResult); } _validatedRequest.CodeVerifier = codeVerifier; } else { if (codeVerifier.IsPresent()) { LogError("Unexpected code_verifier: {codeVerifier}. This happens when the client is trying to use PKCE, but it is not enabled. Set RequirePkce to true.", codeVerifier); return(Invalid(OidcConstants.TokenErrors.InvalidGrant)); } } _logger.LogDebug("Validation of authorization code token request success"); return(Valid()); }
private async Task <TokenRequestValidationResult> RunValidationAsync(Func <SimpleNameValueCollection, Task <TokenRequestValidationResult> > validationFunc, SimpleNameValueCollection parameters) { // run standard validation var result = await validationFunc(parameters); if (!result.IsError) { LogSuccess(); } return(result); }
public static DownstreamAuthorizationRequest ToDownstreamAuthorizationRequest(this SimpleNameValueCollection values) { var extraNames = new List <string>(); foreach (var item in values.AllKeys) { if (!WellKnownOIDCValues.Contains(item)) { extraNames.Add(item); } } var idTokenAuthorizationRequest = new DownstreamAuthorizationRequest { client_id = values.Get(OidcConstants.AuthorizeRequest.ClientId), client_secret = values.Get("client_secret"), nonce = values.Get(OidcConstants.AuthorizeRequest.Nonce), response_mode = values.Get(OidcConstants.AuthorizeRequest.ResponseMode), redirect_uri = values.Get(OidcConstants.AuthorizeRequest.RedirectUri), response_type = values.Get(OidcConstants.AuthorizeRequest.ResponseType), state = values.Get(OidcConstants.AuthorizeRequest.State), scope = values.Get(OidcConstants.AuthorizeRequest.Scope) }; if (extraNames.Any()) { idTokenAuthorizationRequest.ExtraValues = new NameValueCollection(); } foreach (var extraName in extraNames) { idTokenAuthorizationRequest.ExtraValues.Set(extraName, values.Get(extraName)); } return(idTokenAuthorizationRequest); }
private static void UpdateUserProfile(string authToken, string userIdentity, SimpleNameValueCollection profile) { var service = new UserManagementServiceClient(); var result = service.UpdateUserProfile(authToken, userIdentity, profile); }