public static async Task <GoogleUserProfile> Authorize(string token, ILog logger)
{
var debugSetting = WebConfigurationManager.AppSettings["debug"];
var debug = bool.Parse(debugSetting);
if (debug)
{
logger.Info($"Token: {token}");
}
var client = new HttpClient();
var url = string.Format(Endpoint, token);
var response = client.GetAsync(url);
var data = await response.Result.Content.ReadAsStringAsync();
TokenResponse tokenResponse;
try
{
tokenResponse = JsonConvert.DeserializeObject <TokenResponse>(data);
}
catch (JsonSerializationException)
{
return(null);
}
//EXP(iry) should not be passed
var unixNow = TimeConversion.GetUnixNow();
if (tokenResponse.Exp < unixNow)
{
logger.Info($"Token expired.");
return(null);
}
//AUD(ience) has to be valid ClientId of our application
if (tokenResponse.Aud == null)
{
return(null);
}
if (tokenResponse.Aud.Contains(ClientIdIos) || tokenResponse.Aud.Contains(ClientIdAndroid) || tokenResponse.Aud.Contains(ClientIdWeb))
{
var email = Regex.Match(tokenResponse.Email, "@(.*)$");
if (email.Success && email.Groups[1].Value == "hr.nl")
{
//If everything is okay: login
logger.Info($"Logged in!");
return(new GoogleUserProfile(tokenResponse));
}
logger.Info("Not an @hr.nl email address");
return(null);
}
//If validation fails, return null
logger.Info("Invalid audience.");
return(null);
}
