public override Task ReceiveAsync(AuthenticationTokenReceiveContext context) { var tokenValidator = new TokenValidator(); ClaimsPrincipal principal = tokenValidator.Validate(context.Token, _options); context.SetTicket(new AuthenticationTicket((ClaimsIdentity)principal.Identity, new AuthenticationProperties())); return base.ReceiveAsync(context); }
public override Task ReceiveAsync(AuthenticationTokenReceiveContext context) { var tokenValidator = new TokenValidator(); ClaimsPrincipal principal = tokenValidator.Validate(context.Token, _options); context.SetTicket(new AuthenticationTicket((ClaimsIdentity)principal.Identity, new AuthenticationProperties())); return(base.ReceiveAsync(context)); }
public override async Task AuthorizeEndpoint(OAuthAuthorizeEndpointContext context) { string uri = context.Request.Uri.ToString(); if (string.IsNullOrWhiteSpace(_options.JwtOptions.SupportedScope)) { Error(context, OAuthImplicitFlowError.ServerError, "no supported scope defined"); return; } if (!HasSupportedScope(context, _options.JwtOptions.SupportedScope)) { string errorDescription = string.Format("only {0} scope is supported", _options.JwtOptions.SupportedScope); Error(context, OAuthImplicitFlowError.Scope, errorDescription); return; } string rawJwt = await TryGetRawJwtTokenAsync(context); if (string.IsNullOrWhiteSpace(rawJwt)) { context.OwinContext.Authentication.Challenge(new AuthenticationProperties {RedirectUri = uri}); return; } var tokenValidator = new TokenValidator(); ClaimsPrincipal principal = tokenValidator.Validate(rawJwt, _options.JwtOptions); if (!principal.Identity.IsAuthenticated) { Error(context, OAuthImplicitFlowError.AccessDenied, "unauthorized user, unauthenticated"); return; } ClaimsIdentity claimsIdentity = await _options.TransformPrincipal(principal); if (!claimsIdentity.Claims.Any()) { Error(context, OAuthImplicitFlowError.AccessDenied, "unauthorized user"); return; } ConsentAnswer consentAnswer = await TryGetConsentAnswerAsync(context.Request); if (consentAnswer == ConsentAnswer.Rejected) { Error(context, OAuthImplicitFlowError.AccessDenied, "resource owner denied request"); return; } if (consentAnswer == ConsentAnswer.Missing) { Error(context, OAuthImplicitFlowError.ServerError, "missing consent answer"); return; } if (!(consentAnswer == ConsentAnswer.Accepted || consentAnswer == ConsentAnswer.Implicit)) { Error(context, OAuthImplicitFlowError.ServerError, string.Format("invalid consent answer '{0}'", consentAnswer.Display)); return; } string appJwtTokenAsBase64 = JwtTokenHelper.CreateSecurityTokenDescriptor(claimsIdentity.Claims, _options.JwtOptions) .CreateTokenAsBase64(); var builder = new UriBuilder(context.AuthorizeRequest.RedirectUri); const string tokenType = "bearer"; var fragmentStringBuilder = new StringBuilder(); fragmentStringBuilder.AppendFormat("access_token={0}&token_type={1}&state={2}&scope={3}", Uri.EscapeDataString(appJwtTokenAsBase64), Uri.EscapeDataString(tokenType), Uri.EscapeDataString(context.AuthorizeRequest.State ?? ""), Uri.EscapeDataString(_options.JwtOptions.SupportedScope)); if (consentAnswer == ConsentAnswer.Implicit) { fragmentStringBuilder.AppendFormat("&consent_type={0}", Uri.EscapeDataString(consentAnswer.Invariant)); } builder.Fragment = fragmentStringBuilder.ToString(); string redirectUri = builder.Uri.ToString(); context.Response.Redirect(redirectUri); context.RequestCompleted(); }