/// <summary> /// Initializes a new instance of the <see cref="AuthorizationRequest"/> class. /// </summary> internal AuthorizationRequest(ValidatedAuthorizeRequest request) { ClientId = request.ClientId; DisplayMode = request.DisplayMode; UiLocales = request.UiLocales; LoginHint = request.LoginHint; IdP = request.GetIdP(); Tenant = request.GetTenant(); // process acr values var acrValues = request.GetAcrValues(); if (acrValues.Any()) { AcrValues = acrValues; } // scopes if (request.RequestedScopes.Any()) { ScopesRequested = request.RequestedScopes; } Parameters = request.Raw; }
public async Task <IEndpointResult> CreateLoginResultAsync(ValidatedAuthorizeRequest request) { var signin = new SignInRequest(); // let the login page know the client requesting authorization signin.ClientId = request.ClientId; // pass through display mode to signin service if (request.DisplayMode.IsPresent()) { signin.DisplayMode = request.DisplayMode; } // pass through ui locales to signin service if (request.UiLocales.IsPresent()) { signin.UiLocales = request.UiLocales; } // pass through login_hint if (request.LoginHint.IsPresent()) { signin.LoginHint = request.LoginHint; } // look for well-known acr value -- idp var idp = request.GetIdP(); if (idp.IsPresent()) { signin.IdP = idp; } // look for well-known acr value -- tenant var tenant = request.GetTenant(); if (tenant.IsPresent()) { signin.Tenant = tenant; } // process acr values var acrValues = request.GetAcrValues(); if (acrValues.Any()) { signin.AcrValues = acrValues; } var message = new Message <SignInRequest>(signin) { ResponseUrl = _context.GetIdentityServerBaseUrl().EnsureTrailingSlash() + Constants.RoutePaths.Oidc.AuthorizeAfterLogin, AuthorizeRequestParameters = request.Raw.ToDictionary() }; await _signInRequestStore.WriteAsync(message); return(new LoginPageResult(message.Id)); }
/// <summary> /// Initializes a new instance of the <see cref="AuthorizationRequest"/> class. /// </summary> internal AuthorizationRequest(ValidatedAuthorizeRequest request) { // let the login page know the client requesting authorization ClientId = request.ClientId; // pass through display mode to signin service if (request.DisplayMode.IsPresent()) { DisplayMode = request.DisplayMode; } // pass through ui locales to signin service if (request.UiLocales.IsPresent()) { UiLocales = request.UiLocales; } // pass through login_hint if (request.LoginHint.IsPresent()) { LoginHint = request.LoginHint; } // look for well-known acr value -- idp var idp = request.GetIdP(); if (idp.IsPresent()) { IdP = idp; } // look for well-known acr value -- tenant var tenant = request.GetTenant(); if (tenant.IsPresent()) { Tenant = tenant; } // process acr values var acrValues = request.GetAcrValues(); if (acrValues.Any()) { AcrValues = acrValues; } // scopes if (request.RequestedScopes.Any()) { ScopesRequested = request.RequestedScopes; } Parameters = request.Raw; }
public override async Task <InteractionResponse> ProcessInteractionAsync(ValidatedAuthorizeRequest request, ConsentResponse consent = null) { var acr = request.GetAcrValues(); // check if client is from admin and get the impersonate data from acr and put into Claim and update cookies // Question: how to update existing cookie with new claim if (request?.Client?.ClientId == "mvc.implicit") { var acr = request.GetAcrValues(); // // TODO: Do some other behind the scenes check // var claims = new[] { new Claim(JwtClaimTypes.Name, "Fred Blogs"), new Claim(JwtClaimTypes.FamilyName, "Blogs"), new // Claim(JwtClaimTypes.GivenName, "Fred"), new Claim(JwtClaimTypes.Email, "*****@*****.**"), }; // var newPrincipal = IdentityServerPrincipal.Create("fred.blogs", "Fred Blogs", claims); request.Subject = newPrincipal; // return new InteractionResponse(); } return(await base.ProcessInteractionAsync(request, consent)); }
/// <summary> /// Initializes a new instance of the <see cref="AuthorizationRequest"/> class. /// </summary> internal AuthorizationRequest(ValidatedAuthorizeRequest request) { ClientId = request.ClientId; RedirectUri = request.RedirectUri; DisplayMode = request.DisplayMode; UiLocales = request.UiLocales; IdP = request.GetIdP(); Tenant = request.GetTenant(); LoginHint = request.LoginHint; PromptMode = request.PromptMode; AcrValues = request.GetAcrValues(); ScopesRequested = request.RequestedScopes; Parameters = request.Raw; }
/// <summary> /// Initializes a new instance of the <see cref="AuthorizationRequest"/> class. /// </summary> internal AuthorizationRequest(ValidatedAuthorizeRequest request) { Client = request.Client; RedirectUri = request.RedirectUri; DisplayMode = request.DisplayMode; UiLocales = request.UiLocales; IdP = request.GetIdP(); Tenant = request.GetTenant(); LoginHint = request.LoginHint; PromptModes = request.PromptModes; AcrValues = request.GetAcrValues(); ValidatedResources = request.ValidatedResources; Parameters = request.Raw; RequestObjectValues = request.RequestObjectValues; }
public void GetAcrValues_should_return_snapshot_of_values() { var request = new ValidatedAuthorizeRequest() { Raw = new System.Collections.Specialized.NameValueCollection() }; request.AuthenticationContextReferenceClasses.Add("a"); request.AuthenticationContextReferenceClasses.Add("b"); request.AuthenticationContextReferenceClasses.Add("c"); var acrs = request.GetAcrValues(); foreach (var acr in acrs) { request.RemoveAcrValue(acr); } }
internal static AuthorizationRequest ToAuthorizationRequest(this ValidatedAuthorizeRequest request) { var authRequest = new AuthorizationRequest { Client = request.Client, RedirectUri = request.RedirectUri, DisplayMode = request.DisplayMode, UiLocales = request.UiLocales, IdP = request.GetIdP(), Tenant = request.GetTenant(), LoginHint = request.LoginHint, PromptModes = request.PromptModes, AcrValues = request.GetAcrValues() }; authRequest.Parameters.Add(request.Raw); return(authRequest); }
internal static AuthorizationRequest ToAuthorizationRequest(this ValidatedAuthorizeRequest request) { var authRequest = new AuthorizationRequest(); authRequest.Client = request.Client; authRequest.RedirectUri = request.RedirectUri; authRequest.DisplayMode = request.DisplayMode; authRequest.UiLocales = request.UiLocales; authRequest.IdP = request.GetIdP(); authRequest.Tenant = request.GetTenant(); authRequest.LoginHint = request.LoginHint; authRequest.PromptModes = request.PromptModes; authRequest.AcrValues = request.GetAcrValues(); authRequest.Client.AllowedScopes = request.RequestedScopes; authRequest.Parameters.Add(request.Raw); return(authRequest); }
public static AuthorizationRequest ToAuthorizatonRequest(this ValidatedAuthorizeRequest request) { var authRequest = new AuthorizationRequest { Client = request.Client, RedirectUri = request.RedirectUri, DisplayMode = request.DisplayMode, UiLocales = request.UiLocales, IdP = request.GetIdP(), Tenant = request.GetTenant(), LoginHint = request.LoginHint, PromptModes = request.PromptModes, AcrValues = request.GetAcrValues(), ValidatedResources = request.ValidatedResources }; authRequest.Parameters.Add(request.Raw); request.RequestObjectValues.Keys.ToList().ForEach(key => authRequest.RequestObjectValues.Add(key, request.RequestObjectValues[key])); return(authRequest); }
protected override async Task <InteractionResponse> ProcessLoginAsync(ValidatedAuthorizeRequest request) { var result = await base.ProcessLoginAsync(request); if (result.IsLogin || result.IsError) { return(result); } var acr = request.GetAcrValues().FirstOrDefault(x => x.StartsWith("impersonate:")); if (acr != null) { if (request.Subject.HasClaim("name", "alice")) { var target = acr.Split(':')[1]; if (target == "bob") { var newUser = new IdentityServerUser("88421113") { AdditionalClaims = { new Claim("orignal_sub", request.Subject.FindFirstValue("sub")), } }.CreatePrincipal(); // this issues a new authN cookie and will generate a new sid await _http.HttpContext.SignInAsync(newUser); // this updates the current authenticated request object model with that new user request.Subject = newUser; // this updates the current authenticated request object model with the new session id request.SessionId = await _session.GetSessionIdAsync(); } } } return(result); }
public override async Task <InteractionResponse> ProcessInteractionAsync(ValidatedAuthorizeRequest request, ConsentResponse consent = null) { var result = await base.ProcessLoginAsync(request); if (result.IsLogin || result.IsError) { return(result); } var acr = request.GetAcrValues().FirstOrDefault(x => x.StartsWith("impersonate:")); if (acr != null) { if (request.Subject.HasClaim("name", "alice")) { var target = acr.Split(':')[1]; if (target == "bob") { var newUser = new IdentityServerUser("2") { AdditionalClaims = { new Claim("orignal_sub", request.Subject.FindFirstValue("sub")), } }.CreatePrincipal(); await _http.HttpContext.SignInAsync(newUser); request.Subject = newUser; return(new InteractionResponse { RedirectUrl = "http://localhost:5002" }); } } } return(result); }
//[DebuggerStepThrough] internal static AuthorizationRequest ToAuthorizationRequest(this ValidatedAuthorizeRequest request) { var authRequest = new AuthorizationRequest { Client = new Client() { ClientId = request.ClientId /*, AllowedScopes = request.RequestedScopes*/ }, //ClientId = request.ClientId, RedirectUri = request.RedirectUri, DisplayMode = request.DisplayMode, UiLocales = request.UiLocales, IdP = request.GetIdP(), Tenant = request.GetTenant(), LoginHint = request.LoginHint, PromptModes = request.PromptModes, //PromptMode = request.PromptMode, AcrValues = request.GetAcrValues(), //ScopesRequested = request.RequestedScopes, }; //var authRequest = new AuthorizationRequest //{ // ClientId = request.ClientId, // RedirectUri = request.RedirectUri, // DisplayMode = request.DisplayMode, // UiLocales = request.UiLocales, // IdP = request.GetIdP(), // Tenant = request.GetTenant(), // LoginHint = request.LoginHint, // PromptMode = request.PromptMode, // AcrValues = request.GetAcrValues(), // ScopesRequested = request.RequestedScopes, //}; authRequest.Parameters.Add(request.Raw); return(authRequest); }