public ActionResult ValidationEndpoint(string code, string state) { //use this for auth code workflow logger.Debug("Get OIDC for auth code workflow"); logger.Debug(" code = " + code + " state " + state); string error = null; string error_description = null; string token_type = null; string scope = null; string id_token_status = null; string idToken = null; string access_token_status = null; string accessToken = null; string refresh_token_status = null; string refreshToken = null; System.Security.Claims.ClaimsPrincipal jsonPayload = null; IRestResponse <TokenRequestResponse> response = null; OidcIdToken oidcIdToken = new OidcIdToken(); OidcAccessToken oidcAccessToken = new OidcAccessToken(); string basicAuth = appSettings["oidc.spintweb.clientId"] + ":" + appSettings["oidc.spintweb.clientSecret"]; var bytesBasicAuth = System.Text.Encoding.UTF8.GetBytes(basicAuth); string encodedBasicAuth = System.Convert.ToBase64String(bytesBasicAuth); try { //var client = new RestClient(MvcApplication.apiUrl + "/oauth2/v1/token"); var client = new RestClient(appSettings["oidc.authServer"] + "/v1/token"); var request = new RestRequest(Method.POST); request.AddHeader("Accept", "application/json"); request.AddHeader("Content-Type", "application/x-www-form-urlencoded"); request.AddHeader("Authorization", " Basic " + encodedBasicAuth); request.AddQueryParameter("grant_type", "authorization_code"); request.AddQueryParameter("code", code); request.AddQueryParameter("redirect_uri", appSettings["oidc.spintweb.RedirectUri"]); response = client.Execute <TokenRequestResponse>(request); if (response.Data != null) { error = response.Data.error; error_description = response.Data.error_description; token_type = response.Data.token_type; scope = response.Data.scope; } if (response.Data.id_token != null) { id_token_status = "id_token present"; idToken = response.Data.id_token; string issuer = appSettings["oidc.issuer"]; string audience = appSettings["oidc.spintweb.clientId"]; //jsonPayload = oktaOidcHelper.DecodeAndValidateIdToken(idToken, clientId, issuer, audience); jsonPayload = oktaOidcHelper.ValidateIdToken(idToken, issuer, audience); if (jsonPayload.Identity.IsAuthenticated) { TempData["errMessage"] = jsonPayload.ToString(); //System.IdentityModel.Tokens.Jwt.JwtSecurityToken tokenReceived = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(idToken); //oidcIdToken = Newtonsoft.Json.JsonConvert.DeserializeObject<OidcIdToken>(idToken); } else { TempData["errMessage"] = "Invalid ID Token!"; } TempData["idToken"] = idToken; } else { id_token_status = "id_token NOT present"; } if (response.Data.access_token != null) { accessToken = response.Data.access_token; access_token_status = "access_token present"; TempData["accessToken"] = response.Data.access_token; } else { access_token_status = "access_token NOT present"; } if (response.Data.refresh_token != null) { refreshToken = response.Data.refresh_token; refresh_token_status = "refresh_token present"; TempData["refreshToken"] = response.Data.refresh_token; } else { refresh_token_status = "refresh_token NOT present"; } } catch (Exception ex) { logger.Error(ex.ToString()); } if (error != null) { TempData["errMessage"] = "Error " + error_description; TempData["oktaOrg"] = apiUrl; return(RedirectToAction("UnprotectedLanding", "AltLanding")); } else { TempData["errMessage"] = "SUCCESS token_type = " + token_type + " scope = " + scope + " : " + id_token_status + " : " + access_token_status + " oktaId = " + oidcIdToken.sub; TempData["oktaOrg"] = apiUrl; return(RedirectToAction("AuthCodeLanding", "AltLanding")); } }
public ActionResult ValidationEndpoint() { //use this for implicit workflow logger.Debug("Post OIDC for implicit workflow"); string myState = Request["state"]; string idToken = Request["id_token"]; string accessToken = Request["access_token"]; string tokenType = Request["token_type"]; string expires = Request["expires_in"]; string scope = Request["scope"]; System.Security.Claims.ClaimsPrincipal jsonPayload = null; string accessTokenStatus = null; string idTokenStatus = null; OidcIdToken oidcIdToken = new OidcIdToken(); OidcIdTokenMin oidcIdTokeMin = new OidcIdTokenMin(); if (idToken != null) { idTokenStatus = " ID Token Present"; TempData["idToken"] = idToken; //string clientId = appSettings["oidc.spintnative.clientId"]; string issuer = appSettings["oidc.issuer"]; string audience = appSettings["oidc.spintweb.clientId"]; //jsonPayload = oktaOidcHelper.DecodeAndValidateIdToken(idToken, clientId, issuer, audience); jsonPayload = oktaOidcHelper.ValidateIdToken(idToken, issuer, audience); if (jsonPayload.Identity.IsAuthenticated) { TempData["errMessage"] = jsonPayload.ToString(); System.IdentityModel.Tokens.Jwt.JwtSecurityToken tokenReceived = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(idToken); //oidcIdToken = Newtonsoft.Json.JsonConvert.DeserializeObject<OidcIdToken>(tokenReceived.ToString()); } else { TempData["errMessage"] = "Invalid ID Token!"; } TempData["idToken"] = idToken; } else { idTokenStatus = " ID Token Not Found"; } if (accessToken != null) { accessTokenStatus = "access_token Present"; TempData["accessToken"] = accessToken; } else { accessTokenStatus = "access_token NOT Found"; } if (accessToken != null || idToken != null) { TempData["errMessage"] = "SUCCESS token_type = " + tokenType + " expires = " + expires + " scope = " + scope + " : " + idTokenStatus + " : " + accessTokenStatus + " oktaId = " + oidcIdToken.sub; TempData["oktaOrg"] = apiUrl; return(View("../AltLanding/ImplicitLanding", oidcIdTokeMin)); } else { TempData["errMessage"] = "Error token_type = " + tokenType + " expires = " + expires + " scope = " + scope + " : " + idTokenStatus + " : " + accessTokenStatus + " oktaId = " + oidcIdToken.sub; TempData["oktaOrg"] = apiUrl; return(View("../AltLanding/UnprotectedLanding")); } }
public ActionResult ResourceOwnerRoute() { string userName = Request["userName"]; string passWord = Request["passWord"]; //string authnlogin_but = Request["authnlogin_but"]; //string oidclogin_but = Request["oidclogin_but"]; //string oidc_but = Request["oidc_but"]; string location = Request["location"]; // set relayState string relayState = Request["relayState"]; TempData["relayState"] = relayState; string error = null; string error_description = null; string token_type = null; string scope = null; string id_token_status = null; string idToken = null; string access_token_status = null; string accessToken = null; string refresh_token_status = null; string refreshToken = null; System.Security.Claims.ClaimsPrincipal jsonPayload = null; IRestResponse <TokenRequestResponse> response = null; OidcIdTokenMin oidcIdToken = new OidcIdTokenMin(); OidcAccessToken oidcAccessToken = new OidcAccessToken(); string basicAuth = appSettings["oidc.spintnative.clientId"] + ":" + appSettings["oidc.spintnative.clientSecret"]; var bytesBasicAuth = System.Text.Encoding.UTF8.GetBytes(basicAuth); string encodedBasicAuth = System.Convert.ToBase64String(bytesBasicAuth); try { var client = new RestClient(appSettings["oidc.authServer"] + "/v1/token"); var request = new RestRequest(Method.POST); request.AddHeader("Accept", "application/json"); request.AddHeader("Content-Type", "application/x-www-form-urlencoded"); request.AddHeader("Authorization", " Basic " + encodedBasicAuth); request.AddQueryParameter("grant_type", "password"); request.AddQueryParameter("username", userName); request.AddQueryParameter("password", passWord); request.AddQueryParameter("scope", appSettings["oidc.scopes"]); response = client.Execute <TokenRequestResponse>(request); if (response.Data != null) { error = response.Data.error; error_description = response.Data.error_description; token_type = response.Data.token_type; scope = response.Data.scope; } if (response.Data.id_token != null) { idToken = response.Data.id_token; id_token_status = "id_token present"; TempData["idToken"] = response.Data.id_token; string issuer = appSettings["oidc.issuer"]; string audience = appSettings["oidc.spintnative.clientId"]; //jsonPayload = oktaOidcHelper.DecodeAndValidateIdToken(idToken, clientId, issuer, audience); jsonPayload = oktaOidcHelper.ValidateIdToken(idToken, issuer, audience); if (jsonPayload.Identity.IsAuthenticated) { TempData["errMessage"] = jsonPayload.ToString(); //System.IdentityModel.Tokens.Jwt.JwtSecurityToken tokenReceived = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(idToken); //oidcIdToken = Newtonsoft.Json.JsonConvert.DeserializeObject<OidcIdToken>(tokenReceived.ToString()); } else { TempData["errMessage"] = "Invalid ID Token!"; } TempData["idToken"] = idToken; } else { id_token_status = "id_token NOT present"; } if (response.Data.access_token != null) { accessToken = response.Data.access_token; access_token_status = "access_token present"; TempData["accessToken"] = response.Data.access_token; //System.IdentityModel.Tokens.JwtSecurityToken tokenReceived2 = new System.IdentityModel.Tokens.JwtSecurityToken(accessToken); } else { access_token_status = "access_token NOT present"; } if (response.Data.refresh_token != null) { refreshToken = response.Data.refresh_token; refresh_token_status = "refresh_token present"; } else { refresh_token_status = "refresh_token NOT present"; } } catch (Exception ex) { logger.Error(ex.ToString()); } if (accessToken != null || idToken != null) { TempData["errMessage"] = "OIDC_Get Oauth Resource Owner SUCCESS token_type = " + token_type + " scope = " + scope + " : " + id_token_status + " : " + access_token_status + " oktaId = " + oidcIdToken.sub; TempData["oktaOrg"] = apiUrl; return(View("../AltLanding/ResOwnerLanding", oidcIdToken)); } else { TempData["errMessage"] = "OIDC_Get Oauth Resource Owner error " + error_description; TempData["oktaOrg"] = apiUrl; return(View("../AltLanding/UnprotectedLanding")); } }//end resource owner workflow
public ActionResult Endpoint_Implicit() { //use this for implicit workflow logger.Debug("Post OIDC Endpoint_Implicit"); string myState = Request["state"]; string idToken = Request["id_token"]; string accessToken = Request["access_token"]; string refreshToken = Request["refresh_token"]; string tokenType = Request["token_type"]; string expires = Request["expires_in"]; string scope = Request["scope"]; System.Security.Claims.ClaimsPrincipal jsonPayload = null; System.IdentityModel.Tokens.Jwt.JwtSecurityToken tokenReceived = null; string accessTokenStatus = null; string idTokenStatus = null; if (idToken != null) { idTokenStatus = " ID Token Present"; string issuer = appSettings["oidc.issuer"]; string audience = appSettings["oidc.spintweb.clientId"]; jsonPayload = oktaOidcHelper.ValidateIdToken(idToken, issuer, audience); if (jsonPayload.Identity.IsAuthenticated) { TempData["errMessage"] = jsonPayload.ToString(); tokenReceived = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(idToken); } else { TempData["errMessage"] = "Invalid ID Token!"; } TempData["idToken"] = idToken; } else { idTokenStatus = " ID Token Not Found"; } if (accessToken != null) { accessTokenStatus = "access_token Present"; TempData["accessToken"] = accessToken; } else { accessTokenStatus = "access_token NOT Found"; } if (accessToken != null || idToken != null) { TempData["errMessage"] = "OIDC_Get Oauth Endpoint_Native SUCCESS = " + idTokenStatus + " : " + accessTokenStatus; TempData["oktaOrg"] = primaryOrgUrl; return(View("../AltLanding/ImplicitLanding", tokenReceived)); } else { TempData["errMessage"] = "OIDC_Get Oauth Endpoint_Native Error = " + idTokenStatus + " : " + accessTokenStatus; TempData["oktaOrg"] = primaryOrgUrl; return(View("../AltLanding/UnprotectedLanding")); } }
public ActionResult Endpoint_PKCE(string code, string state) { //use this for auth code with PKCE workflow logger.Debug("Get OIDC Endpoint_Code"); logger.Debug(" code = " + code + " state " + state); string error = null; string error_description = null; string token_type = null; string scope = null; string id_token_status = null; string idToken = null; string access_token_status = null; string accessToken = null; string refresh_token_status = null; string refreshToken = null; System.Security.Claims.ClaimsPrincipal jsonPayload = null; IRestResponse <TokenRequestResponse> response = null; OidcAccessToken oidcAccessToken = new OidcAccessToken(); string codeVerifier = cacheService.GetPasscode("myKey"); try { var client = new RestClient(appSettings["oidc.authServer"] + "/oauth2/v1/token"); var request = new RestRequest(Method.POST); request.AddHeader("Accept", "application/json"); request.AddHeader("Content-Type", "application/x-www-form-urlencoded"); request.AddQueryParameter("grant_type", "authorization_code"); request.AddQueryParameter("code", code); request.AddQueryParameter("code_verifier", codeVerifier); request.AddQueryParameter("redirect_uri", appSettings["oidc.spintnative.RedirectUri_PKCE"]); request.AddQueryParameter("client_id", appSettings["oidc.spintnative.clientId"]); response = client.Execute <TokenRequestResponse>(request); error = response.Data.error; error_description = response.Data.error_description; token_type = response.Data.token_type; scope = response.Data.scope; if (response.Data.id_token != null) { id_token_status = "id_token present"; idToken = response.Data.id_token; string issuer = appSettings["oidc.issuer"]; string audience = appSettings["oidc.spintweb.clientId"]; jsonPayload = oktaOidcHelper.ValidateIdToken(idToken, issuer, audience); if (jsonPayload.Identity.IsAuthenticated) { TempData["errMessage"] = jsonPayload.ToString(); } else { TempData["errMessage"] = "Invalid ID Token!"; } TempData["idToken"] = idToken; } else { id_token_status = "id_token NOT present"; } if (response.Data.access_token != null) { accessToken = response.Data.access_token; access_token_status = "access_token present"; TempData["accessToken"] = accessToken; } else { access_token_status = "access_token NOT present"; } if (response.Data.refresh_token != null) { refreshToken = response.Data.refresh_token; refresh_token_status = "refresh_token present"; TempData["refreshToken"] = refreshToken; } else { refresh_token_status = "refresh_token NOT present"; } } catch (Exception ex) { logger.Error(ex.ToString()); } if (error != null) { TempData["errMessage"] = "OIDC_Get Oauth Endpoint_Web error " + error_description; TempData["oktaOrg"] = apiUrl; return(RedirectToAction("UnprotectedLanding", "AltLanding")); } else { TempData["errMessage"] = "OIDC_Get Oauth Endpoint_Web SUCCESS = " + id_token_status + " : " + access_token_status; TempData["oktaOrg"] = apiUrl; return(RedirectToAction("AuthCodeLanding", "AltLanding")); } }