/// <inheritdoc/> public StartAuthenticationResponse StartAuthentication(string clientId, string authorizeUrl, string redirectUrl, string state, string nonce, string scope, int?maxAge, string acrValues, string encryptedMSISDN, AuthenticationOptions options) { Validation.RejectNullOrEmpty(clientId, "clientId"); Validation.RejectNullOrEmpty(authorizeUrl, "authorizeUrl"); Validation.RejectNullOrEmpty(redirectUrl, "redirectUrl"); Validation.RejectNullOrEmpty(state, "state"); Validation.RejectNullOrEmpty(nonce, "nonce"); options = options ?? new AuthenticationOptions(); options.Scope = scope ?? options.Scope; options.AcrValues = acrValues ?? options.AcrValues; options.MaxAge = maxAge ?? options.MaxAge; options.State = state; options.Nonce = nonce; options.LoginHint = options.LoginHint ?? (string.IsNullOrEmpty(encryptedMSISDN) ? null : string.Format("ENCR_MSISDN:{0}", encryptedMSISDN)); options.RedirectUrl = redirectUrl; options.ClientId = clientId; UriBuilder build = new UriBuilder(authorizeUrl); build.AddQueryParams(GetAuthenticationQueryParams(options)); return(new StartAuthenticationResponse() { Url = build.Uri.AbsoluteUri }); }
/// <inheritdoc/> public async Task <RequestTokenResponse> RequestHeadlessAuthentication(string clientId, string clientSecret, string authorizeUrl, string tokenUrl, string redirectUrl, string state, string nonce, string encryptedMsisdn, SupportedVersions versions, AuthenticationOptions options, CancellationToken cancellationToken = default(CancellationToken)) { options = options ?? new AuthenticationOptions(); bool shouldUseAuthorize = ShouldUseAuthorize(options); if (shouldUseAuthorize) { options.Prompt = "mobile"; } string authUrl = StartAuthentication(clientId, authorizeUrl, redirectUrl, state, nonce, encryptedMsisdn, versions, options).Url; Uri finalRedirect = null; try { finalRedirect = await _client.GetFinalRedirect(authUrl, redirectUrl, options.PollFrequencyInMs, options.MaxRedirects, cancellationToken); } catch (Exception e) when(e is System.Net.WebException || e is TaskCanceledException) { Log.Error("Headless authentication was cancelled", e); return(new RequestTokenResponse(new ErrorResponse { Error = Constants.ErrorCodes.AuthCancelled, ErrorDescription = "Headless authentication was cancelled or a timeout occurred" })); } catch (HttpRequestException e) { Log.Error("Headless authentication failed", e); throw new MobileConnectEndpointHttpException(e.Message, e); } var error = ErrorResponse.CreateFromUrl(finalRedirect.AbsoluteUri); if (error != null) { return(new RequestTokenResponse(error)); } var code = HttpUtils.ExtractQueryValue(finalRedirect.AbsoluteUri, "code"); return(await RequestTokenAsync(clientId, clientSecret, tokenUrl, redirectUrl, code)); }
/// <inheritdoc/> public StartAuthenticationResponse StartAuthentication(string clientId, string authorizeUrl, string redirectUrl, string state, string nonce, string encryptedMsisdn, SupportedVersions versions, AuthenticationOptions options) { Validate.RejectNullOrEmpty(clientId, "clientId"); Validate.RejectNullOrEmpty(authorizeUrl, "authorizeUrl"); Validate.RejectNullOrEmpty(redirectUrl, "redirectUrl"); Validate.RejectNullOrEmpty(state, "state"); Validate.RejectNullOrEmpty(nonce, "nonce"); options = options ?? new AuthenticationOptions(); options.Scope = options.Scope ?? ""; bool shouldUseAuthorize = ShouldUseAuthorize(options); if (shouldUseAuthorize) { Validate.RejectNullOrEmpty(options.Context, "options.Context"); Validate.RejectNullOrEmpty(options.ClientName, "options.ClientName"); } options.State = state; options.Nonce = nonce; options.LoginHintToken = options.LoginHintToken; if (options.LoginHintToken == null) { options.LoginHint = options.LoginHint ?? LoginHint.GenerateForEncryptedMsisdn(encryptedMsisdn); } options.RedirectUrl = redirectUrl; options.ClientId = clientId; string version; string coercedScope = CoerceAuthenticationScope(options.Scope, versions, shouldUseAuthorize, out version); Log.Info(() => $"scope={options.Scope} => coercedScope={coercedScope}"); options.Scope = coercedScope; UriBuilder build = new UriBuilder(authorizeUrl); build.AddQueryParams(GetAuthenticationQueryParams(options, shouldUseAuthorize, version)); Log.Info(() => $"Authentication URI={build.Uri.AbsoluteUri}"); return(new StartAuthenticationResponse() { Url = build.Uri.AbsoluteUri }); }
/// <inheritdoc/> public StartAuthenticationResponse StartAuthentication(string clientId, string authorizeUrl, string redirectUrl, string state, string nonce, string encryptedMsisdn, SupportedVersions versions, AuthenticationOptions options, string currentVersion) { Validate.RejectNullOrEmpty(clientId, "clientId"); Validate.RejectNullOrEmpty(authorizeUrl, "authorizeUrl"); Validate.RejectNullOrEmpty(redirectUrl, "redirectUrl"); Validate.RejectNullOrEmpty(state, "state"); Validate.RejectNullOrEmpty(nonce, "nonce"); options = options ?? new AuthenticationOptions(); options.Scope = options.Scope ?? ""; bool shouldUseAuthorize = options.Scope.ToLower().Equals(Constants.Scope.AUTHZ.ToLower()); if (shouldUseAuthorize) { Validate.RejectNullOrEmpty(options.Context, "options.Context"); Validate.RejectNullOrEmpty(options.ClientName, "options.ClientName"); Validate.RejectNullOrEmpty(options.BindingMessage, "options.BindingMessage"); } if (options != null) { KYCClaimsParameter kycClaims = options.KycClaims; if (kycClaims != null) { bool isNamePresent = false; bool isAddressPresent = false; if (currentVersion.Equals(DefaultOptions.V2_3) && options.Scope.Contains(Constants.Scope.KYCPLAIN)) { isNamePresent = StringUtils.requireNonEmpty("name || given_name and family_name", kycClaims.Name, kycClaims.GivenName, kycClaims.FamilyName); isAddressPresent = StringUtils.requireNonEmpty( "address || houseno_or_housename, postal_code, country, town", kycClaims.Address, kycClaims.HousenoOrHouseName, kycClaims.PostalCode, kycClaims.Country, kycClaims.Town); } if (currentVersion.Equals(DefaultOptions.V2_3) && options.Scope.Contains(Constants.Scope.KYCHASHED)) { isNamePresent = StringUtils.requireNonEmpty("name_hashed || given_name_hashed and family_name_hashed", kycClaims.NameHashed, kycClaims.GivenNameHashed, kycClaims.FamilyNameHashed); isAddressPresent = StringUtils.requireNonEmpty( "address_hashed || houseno_or_housename_hashed, postal_code_hashed, country_hashed, town_hashed", kycClaims.AddressHashed, kycClaims.HousenoOrHouseNameHashed, kycClaims.PostalCodeHashed, kycClaims.CountryHashed, kycClaims.TownHashed); } if ((isNamePresent & !isAddressPresent) | (!isNamePresent & isAddressPresent)) { throw new MobileConnectInvalidArgumentException("(split|concatenated, plain|hashed) name or address is empty"); } } } options.State = state; options.Nonce = nonce; if (options.LoginHintToken == null) { options.LoginHint = options.LoginHint ?? LoginHint.GenerateForEncryptedMsisdn(encryptedMsisdn); } options.RedirectUrl = redirectUrl; options.ClientId = clientId; UriBuilder build = new UriBuilder(authorizeUrl); build.AddQueryParams(GetAuthenticationQueryParams(options, shouldUseAuthorize, options.Version)); Log.Info(() => $"Authentication URI={build.Uri.AbsoluteUri}"); return(new StartAuthenticationResponse() { Url = build.Uri.AbsoluteUri }); }