public ActionResult ValidateAuthToken(string access_token)
{
if (string.IsNullOrEmpty(access_token))
{
return(BadRequest("Invalid token"));
}
IPrincipal principal = _manager.ValidateAuthenticationToken(access_token, _certificateFilePath);
if (principal != null)
{
var tokens = new List <AuthenticationToken>()
{
new AuthenticationToken()
{
Name = "access_token",
Value = access_token
}
};
var prop = new Microsoft.AspNetCore.Authentication.AuthenticationProperties();
prop.IsPersistent = true;
prop.StoreTokens(tokens);
HttpContext.SignInAsync(principal as ClaimsPrincipal, prop);
}
return(RedirectToAction("Profile", "User"));
}
private AuthenticationProperties GenerateAuthenticationProperties(AuthenticateResult info)
{
//if the external provider issued an id_token, we'll keep it for signout
AuthenticationProperties props = null;
var id_token = info.Properties.GetTokenValue("id_token");
if (id_token != null)
{
props = new Microsoft.AspNetCore.Authentication.AuthenticationProperties();
props.StoreTokens(new[] { new AuthenticationToken {
Name = "id_token", Value = id_token
} });
}
return(props);
}
private void ProcessLoginCallbackForOidc(AuthenticateResult externalResult, List <Claim> localClaims, AuthenticationProperties localSignInProps)
{
// if the external system sent a session id claim, copy it over
// so we can use it for single sign-out
var sid = externalResult.Principal.Claims.FirstOrDefault(x => x.Type == JwtClaimTypes.SessionId);
if (sid != null)
{
localClaims.Add(new Claim(JwtClaimTypes.SessionId, sid.Value));
}
// if the external provider issued an id_token, we'll keep it for signout
var id_token = externalResult.Properties.GetTokenValue("id_token");
if (id_token != null)
{
localSignInProps.StoreTokens(new[] { new AuthenticationToken {
Name = "id_token", Value = id_token
} });
}
}
public void CanStoreMultipleTokens()
{
var props = new AuthenticationProperties();
var tokens = new List <AuthenticationToken>();
var tok1 = new AuthenticationToken {
Name = "One", Value = "1"
};
var tok2 = new AuthenticationToken {
Name = "Two", Value = "2"
};
var tok3 = new AuthenticationToken {
Name = "Three", Value = "3"
};
tokens.Add(tok1);
tokens.Add(tok2);
tokens.Add(tok3);
props.StoreTokens(tokens);
Assert.Equal("1", props.GetTokenValue("One"));
Assert.Equal("2", props.GetTokenValue("Two"));
Assert.Equal("3", props.GetTokenValue("Three"));
Assert.Equal(3, props.GetTokens().Count());
}
public async Task <IActionResult> ExternalLoginCallback(string returnUrl)
{
// read external identity from the temporary cookie
var info = await HttpContext.Authentication.GetAuthenticateInfoAsync(IdentityServer4.IdentityServerConstants.ExternalCookieAuthenticationScheme);
var tempUser = info?.Principal;
if (tempUser == null)
{
throw new Exception("External authentication error");
}
// retrieve claims of the external user
var claims = tempUser.Claims.ToList();
// try to determine the unique id of the external user - the most common claim type for that are the sub claim and the NameIdentifier
// depending on the external provider, some other claim type might be used
var userIdClaim = claims.FirstOrDefault(x => x.Type == JwtClaimTypes.Subject);
if (userIdClaim == null)
{
userIdClaim = claims.FirstOrDefault(x => x.Type == ClaimTypes.NameIdentifier);
}
if (userIdClaim == null)
{
throw new Exception("Unknown userid");
}
// remove the user id claim from the claims collection and move to the userId property
// also set the name of the external authentication provider
claims.Remove(userIdClaim);
var provider = info.Properties.Items["scheme"];
var userId = userIdClaim.Value;
// check if the external user is already provisioned
var user = _users.FindByExternalProvider(provider, userId);
if (user == null)
{
// this sample simply auto-provisions new external user
// another common approach is to start a registrations workflow first
user = _users.AutoProvisionUser(provider, userId, claims);
}
var additionalClaims = new List <Claim>();
// if the external system sent a session id claim, copy it over
var sid = claims.FirstOrDefault(x => x.Type == JwtClaimTypes.SessionId);
if (sid != null)
{
additionalClaims.Add(new Claim(JwtClaimTypes.SessionId, sid.Value));
}
// if the external provider issued an id_token, we'll keep it for signout
AuthenticationProperties props = null;
var id_token = info.Properties.GetTokenValue("id_token");
if (id_token != null)
{
props = new AuthenticationProperties();
props.StoreTokens(new[] { new AuthenticationToken {
Name = "id_token", Value = id_token
} });
}
// issue authentication cookie for user
await _events.RaiseAsync(new UserLoginSuccessEvent(provider, userId, user.SubjectId, user.Username));
await HttpContext.Authentication.SignInAsync(user.SubjectId, user.Username, provider, props, additionalClaims.ToArray());
// delete temporary cookie used during external authentication
await HttpContext.Authentication.SignOutAsync(IdentityServer4.IdentityServerConstants.ExternalCookieAuthenticationScheme);
// validate return URL and redirect back to authorization endpoint or a local page
if (_interaction.IsValidReturnUrl(returnUrl) || Url.IsLocalUrl(returnUrl))
{
return(Redirect(returnUrl));
}
return(Redirect("~/"));
}