/// <summary>
/// Initializes a new instance of the <see cref="AuthorizationRequest"/> class.
/// </summary>
internal AuthorizationRequest(ValidatedAuthorizeRequest request)
{
ClientId = request.ClientId;
DisplayMode = request.DisplayMode;
UiLocales = request.UiLocales;
LoginHint = request.LoginHint;
IdP = request.GetIdP();
Tenant = request.GetTenant();
// process acr values
var acrValues = request.GetAcrValues();
if (acrValues.Any())
{
AcrValues = acrValues;
}
// scopes
if (request.RequestedScopes.Any())
{
ScopesRequested = request.RequestedScopes;
}
Parameters = request.Raw;
}
public async Task <IEndpointResult> CreateLoginResultAsync(ValidatedAuthorizeRequest request)
{
var signin = new SignInRequest();
// let the login page know the client requesting authorization
signin.ClientId = request.ClientId;
// pass through display mode to signin service
if (request.DisplayMode.IsPresent())
{
signin.DisplayMode = request.DisplayMode;
}
// pass through ui locales to signin service
if (request.UiLocales.IsPresent())
{
signin.UiLocales = request.UiLocales;
}
// pass through login_hint
if (request.LoginHint.IsPresent())
{
signin.LoginHint = request.LoginHint;
}
// look for well-known acr value -- idp
var idp = request.GetIdP();
if (idp.IsPresent())
{
signin.IdP = idp;
}
// look for well-known acr value -- tenant
var tenant = request.GetTenant();
if (tenant.IsPresent())
{
signin.Tenant = tenant;
}
// process acr values
var acrValues = request.GetAcrValues();
if (acrValues.Any())
{
signin.AcrValues = acrValues;
}
var message = new Message <SignInRequest>(signin)
{
ResponseUrl = _context.GetIdentityServerBaseUrl().EnsureTrailingSlash() + Constants.RoutePaths.Oidc.AuthorizeAfterLogin,
AuthorizeRequestParameters = request.Raw.ToDictionary()
};
await _signInRequestStore.WriteAsync(message);
return(new LoginPageResult(message.Id));
}
/// <summary>
/// Initializes a new instance of the <see cref="AuthorizationRequest"/> class.
/// </summary>
internal AuthorizationRequest(ValidatedAuthorizeRequest request)
{
// let the login page know the client requesting authorization
ClientId = request.ClientId;
// pass through display mode to signin service
if (request.DisplayMode.IsPresent())
{
DisplayMode = request.DisplayMode;
}
// pass through ui locales to signin service
if (request.UiLocales.IsPresent())
{
UiLocales = request.UiLocales;
}
// pass through login_hint
if (request.LoginHint.IsPresent())
{
LoginHint = request.LoginHint;
}
// look for well-known acr value -- idp
var idp = request.GetIdP();
if (idp.IsPresent())
{
IdP = idp;
}
// look for well-known acr value -- tenant
var tenant = request.GetTenant();
if (tenant.IsPresent())
{
Tenant = tenant;
}
// process acr values
var acrValues = request.GetAcrValues();
if (acrValues.Any())
{
AcrValues = acrValues;
}
// scopes
if (request.RequestedScopes.Any())
{
ScopesRequested = request.RequestedScopes;
}
Parameters = request.Raw;
}
public override async Task <InteractionResponse> ProcessInteractionAsync(ValidatedAuthorizeRequest request, ConsentResponse consent = null)
{
var acr = request.GetAcrValues();
// check if client is from admin and get the impersonate data from acr and put into Claim and update cookies
// Question: how to update existing cookie with new claim
if (request?.Client?.ClientId == "mvc.implicit")
{
var acr = request.GetAcrValues();
// // TODO: Do some other behind the scenes check
// var claims = new[] { new Claim(JwtClaimTypes.Name, "Fred Blogs"), new Claim(JwtClaimTypes.FamilyName, "Blogs"), new
// Claim(JwtClaimTypes.GivenName, "Fred"), new Claim(JwtClaimTypes.Email, "*****@*****.**"), };
// var newPrincipal = IdentityServerPrincipal.Create("fred.blogs", "Fred Blogs", claims); request.Subject = newPrincipal;
// return new InteractionResponse();
}
return(await base.ProcessInteractionAsync(request, consent));
}
/// <summary>
/// Initializes a new instance of the <see cref="AuthorizationRequest"/> class.
/// </summary>
internal AuthorizationRequest(ValidatedAuthorizeRequest request)
{
ClientId = request.ClientId;
RedirectUri = request.RedirectUri;
DisplayMode = request.DisplayMode;
UiLocales = request.UiLocales;
IdP = request.GetIdP();
Tenant = request.GetTenant();
LoginHint = request.LoginHint;
PromptMode = request.PromptMode;
AcrValues = request.GetAcrValues();
ScopesRequested = request.RequestedScopes;
Parameters = request.Raw;
}
/// <summary>
/// Initializes a new instance of the <see cref="AuthorizationRequest"/> class.
/// </summary>
internal AuthorizationRequest(ValidatedAuthorizeRequest request)
{
Client = request.Client;
RedirectUri = request.RedirectUri;
DisplayMode = request.DisplayMode;
UiLocales = request.UiLocales;
IdP = request.GetIdP();
Tenant = request.GetTenant();
LoginHint = request.LoginHint;
PromptModes = request.PromptModes;
AcrValues = request.GetAcrValues();
ValidatedResources = request.ValidatedResources;
Parameters = request.Raw;
RequestObjectValues = request.RequestObjectValues;
}
public void GetAcrValues_should_return_snapshot_of_values()
{
var request = new ValidatedAuthorizeRequest()
{
Raw = new System.Collections.Specialized.NameValueCollection()
};
request.AuthenticationContextReferenceClasses.Add("a");
request.AuthenticationContextReferenceClasses.Add("b");
request.AuthenticationContextReferenceClasses.Add("c");
var acrs = request.GetAcrValues();
foreach (var acr in acrs)
{
request.RemoveAcrValue(acr);
}
}
internal static AuthorizationRequest ToAuthorizationRequest(this ValidatedAuthorizeRequest request)
{
var authRequest = new AuthorizationRequest
{
Client = request.Client,
RedirectUri = request.RedirectUri,
DisplayMode = request.DisplayMode,
UiLocales = request.UiLocales,
IdP = request.GetIdP(),
Tenant = request.GetTenant(),
LoginHint = request.LoginHint,
PromptModes = request.PromptModes,
AcrValues = request.GetAcrValues()
};
authRequest.Parameters.Add(request.Raw);
return(authRequest);
}
internal static AuthorizationRequest ToAuthorizationRequest(this ValidatedAuthorizeRequest request)
{
var authRequest = new AuthorizationRequest();
authRequest.Client = request.Client;
authRequest.RedirectUri = request.RedirectUri;
authRequest.DisplayMode = request.DisplayMode;
authRequest.UiLocales = request.UiLocales;
authRequest.IdP = request.GetIdP();
authRequest.Tenant = request.GetTenant();
authRequest.LoginHint = request.LoginHint;
authRequest.PromptModes = request.PromptModes;
authRequest.AcrValues = request.GetAcrValues();
authRequest.Client.AllowedScopes = request.RequestedScopes;
authRequest.Parameters.Add(request.Raw);
return(authRequest);
}
public static AuthorizationRequest ToAuthorizatonRequest(this ValidatedAuthorizeRequest request)
{
var authRequest = new AuthorizationRequest
{
Client = request.Client,
RedirectUri = request.RedirectUri,
DisplayMode = request.DisplayMode,
UiLocales = request.UiLocales,
IdP = request.GetIdP(),
Tenant = request.GetTenant(),
LoginHint = request.LoginHint,
PromptModes = request.PromptModes,
AcrValues = request.GetAcrValues(),
ValidatedResources = request.ValidatedResources
};
authRequest.Parameters.Add(request.Raw);
request.RequestObjectValues.Keys.ToList().ForEach(key => authRequest.RequestObjectValues.Add(key, request.RequestObjectValues[key]));
return(authRequest);
}
protected override async Task <InteractionResponse> ProcessLoginAsync(ValidatedAuthorizeRequest request)
{
var result = await base.ProcessLoginAsync(request);
if (result.IsLogin || result.IsError)
{
return(result);
}
var acr = request.GetAcrValues().FirstOrDefault(x => x.StartsWith("impersonate:"));
if (acr != null)
{
if (request.Subject.HasClaim("name", "alice"))
{
var target = acr.Split(':')[1];
if (target == "bob")
{
var newUser = new IdentityServerUser("88421113")
{
AdditionalClaims =
{
new Claim("orignal_sub", request.Subject.FindFirstValue("sub")),
}
}.CreatePrincipal();
// this issues a new authN cookie and will generate a new sid
await _http.HttpContext.SignInAsync(newUser);
// this updates the current authenticated request object model with that new user
request.Subject = newUser;
// this updates the current authenticated request object model with the new session id
request.SessionId = await _session.GetSessionIdAsync();
}
}
}
return(result);
}
public override async Task <InteractionResponse> ProcessInteractionAsync(ValidatedAuthorizeRequest request, ConsentResponse consent = null)
{
var result = await base.ProcessLoginAsync(request);
if (result.IsLogin || result.IsError)
{
return(result);
}
var acr = request.GetAcrValues().FirstOrDefault(x => x.StartsWith("impersonate:"));
if (acr != null)
{
if (request.Subject.HasClaim("name", "alice"))
{
var target = acr.Split(':')[1];
if (target == "bob")
{
var newUser = new IdentityServerUser("2")
{
AdditionalClaims =
{
new Claim("orignal_sub", request.Subject.FindFirstValue("sub")),
}
}.CreatePrincipal();
await _http.HttpContext.SignInAsync(newUser);
request.Subject = newUser;
return(new InteractionResponse
{
RedirectUrl = "http://localhost:5002"
});
}
}
}
return(result);
}
//[DebuggerStepThrough]
internal static AuthorizationRequest ToAuthorizationRequest(this ValidatedAuthorizeRequest request)
{
var authRequest = new AuthorizationRequest
{
Client = new Client()
{
ClientId = request.ClientId /*, AllowedScopes = request.RequestedScopes*/
},
//ClientId = request.ClientId,
RedirectUri = request.RedirectUri,
DisplayMode = request.DisplayMode,
UiLocales = request.UiLocales,
IdP = request.GetIdP(),
Tenant = request.GetTenant(),
LoginHint = request.LoginHint,
PromptModes = request.PromptModes,
//PromptMode = request.PromptMode,
AcrValues = request.GetAcrValues(),
//ScopesRequested = request.RequestedScopes,
};
//var authRequest = new AuthorizationRequest
//{
// ClientId = request.ClientId,
// RedirectUri = request.RedirectUri,
// DisplayMode = request.DisplayMode,
// UiLocales = request.UiLocales,
// IdP = request.GetIdP(),
// Tenant = request.GetTenant(),
// LoginHint = request.LoginHint,
// PromptMode = request.PromptMode,
// AcrValues = request.GetAcrValues(),
// ScopesRequested = request.RequestedScopes,
//};
authRequest.Parameters.Add(request.Raw);
return(authRequest);
}
