public async Task<AuthorizeResponse> CreateCodeFlowResponseAsync(ValidatedAuthorizeRequest request) { _logger.LogInformation("Creating Authorization Code Flow response."); var code = await CreateCodeAsync(request); var response = new AuthorizeResponse { Request = request, RedirectUri = request.RedirectUri, Code = code, State = request.State }; if (request.IsOpenIdRequest) { response.SessionState = GenerateSessionStateValue(request); } return response; }
internal static string BuildUri(AuthorizeResponse response) { var uri = response.RedirectUri; var query = response.ToNameValueCollection().ToQueryString(); if (response.Request.ResponseMode == OidcConstants.ResponseModes.Query) { uri = uri.AddQueryString(query); } else { uri = uri.AddHashFragment(query); } if (response.IsError && !uri.Contains("#")) { // https://tools.ietf.org/html/draft-bradley-oauth-open-redirector-00 uri += "#_=_"; } return uri; }
public AuthorizeRedirectResult(AuthorizeResponse response) : base(response) { }
Task<IEndpointResult> CreateAuthorizeResultAsync(AuthorizeResponse response) { var request = response.Request; IEndpointResult result = null; if (request.ResponseMode == Constants.ResponseModes.Query || request.ResponseMode == Constants.ResponseModes.Fragment) { result = new AuthorizeRedirectResult(response); } if (request.ResponseMode == Constants.ResponseModes.FormPost) { result = new AuthorizeFormPostResult(response); } if (result != null) { if (response.IsError == false) { _logger.LogDebug("Adding client {0} to client list cookie for subject {1}", request.ClientId, request.Subject.GetSubjectId()); _clientListCookie.AddClient(request.ClientId); } return Task.FromResult(result); } _logger.LogError("Unsupported response mode."); throw new InvalidOperationException("Unsupported response mode"); }
public async Task<IEndpointResult> CreateErrorResultAsync(ErrorTypes errorType, string error, ValidatedAuthorizeRequest request) { if (errorType == ErrorTypes.Client && request == null) { throw new ArgumentNullException(nameof(request), "Request must be passed when error type is Client."); } AuthorizeResponse response = null; if (errorType == ErrorTypes.Client) { response = new AuthorizeResponse { Request = request, IsError = true, Error = error, State = request.State, RedirectUri = request.RedirectUri }; // do some early checks to see if we will end up not generating an error page if (error == Constants.AuthorizeErrors.AccessDenied) { return await CreateAuthorizeResultAsync(response); } if (request.PromptMode == Constants.PromptModes.None && request.Client.AllowPromptNone == true && (error == Constants.AuthorizeErrors.LoginRequired || error == Constants.AuthorizeErrors.ConsentRequired || error == Constants.AuthorizeErrors.InteractionRequired) ) { // todo: verify these are the right conditions to allow // redirecting back to client // https://tools.ietf.org/html/draft-bradley-oauth-open-redirector-00 return await CreateAuthorizeResultAsync(response); } else { //_logger.LogWarning("Rendering error page due to prompt=none, client does not allow prompt mode none, response is query, and "); } } // we now know we must show error page var msg = _localizationService.GetMessage(error); if (msg.IsMissing()) { msg = error; } var errorModel = new ErrorMessage { RequestId = _context.GetRequestId(), ErrorCode = error, ErrorDescription = msg }; if (errorType == ErrorTypes.Client) { // if this is a client error, we need to build up the // response back to the client, and provide it in the // error view model so the UI can build the link/form errorModel.ReturnInfo = new ClientReturnInfo { ClientId = request.ClientId, }; if (request.ResponseMode == Constants.ResponseModes.Query || request.ResponseMode == Constants.ResponseModes.Fragment) { errorModel.ReturnInfo.Uri = request.RedirectUri = AuthorizeRedirectResult.BuildUri(response); } else if (request.ResponseMode == Constants.ResponseModes.FormPost) { errorModel.ReturnInfo.Uri = request.RedirectUri; errorModel.ReturnInfo.PostBody = AuthorizeFormPostResult.BuildFormBody(response); } else { _logger.LogError("Unsupported response mode."); throw new InvalidOperationException("Unsupported response mode"); } } var message = new Message<ErrorMessage>(errorModel); await _errorMessageStore.WriteAsync(message); return new ErrorPageResult(message.Id); }
internal static string BuildFormBody(AuthorizeResponse response) { return response.ToNameValueCollection().ToFormPost(); }
public AuthorizeFormPostResult(AuthorizeResponse response) : base(response) { }
public async Task<AuthorizeResponse> CreateImplicitFlowResponseAsync(ValidatedAuthorizeRequest request, string authorizationCode = null) { _logger.LogInformation("Creating Implicit Flow response."); string accessTokenValue = null; int accessTokenLifetime = 0; var responseTypes = request.ResponseType.FromSpaceSeparatedString(); if (responseTypes.Contains(Constants.ResponseTypes.Token)) { var tokenRequest = new TokenCreationRequest { Subject = request.Subject, Client = request.Client, Scopes = request.ValidatedScopes.GrantedScopes, ValidatedRequest = request }; var accessToken = await _tokenService.CreateAccessTokenAsync(tokenRequest); accessTokenLifetime = accessToken.Lifetime; accessTokenValue = await _tokenService.CreateSecurityTokenAsync(accessToken); } string jwt = null; if (responseTypes.Contains(Constants.ResponseTypes.IdToken)) { var tokenRequest = new TokenCreationRequest { ValidatedRequest = request, Subject = request.Subject, Client = request.Client, Scopes = request.ValidatedScopes.GrantedScopes, Nonce = request.Raw.Get(Constants.AuthorizeRequest.Nonce), IncludeAllIdentityClaims = !request.AccessTokenRequested, AccessTokenToHash = accessTokenValue, AuthorizationCodeToHash = authorizationCode }; var idToken = await _tokenService.CreateIdentityTokenAsync(tokenRequest); jwt = await _tokenService.CreateSecurityTokenAsync(idToken); } var response = new AuthorizeResponse { Request = request, RedirectUri = request.RedirectUri, AccessToken = accessTokenValue, AccessTokenLifetime = accessTokenLifetime, IdentityToken = jwt, State = request.State, Scope = request.ValidatedScopes.GrantedScopes.ToSpaceSeparatedString(), }; if (request.IsOpenIdRequest) { response.SessionState = GenerateSessionStateValue(request); } return response; }
public AuthorizeResult(AuthorizeResponse response) { Response = response; }