private async Task <OAuthValidateClientCredentialsContext> AuthenticateClient(AuthorizationCodeAccessTokenRequest authorizationCodeAccessTokenRequest)
{
_logger.WriteVerbose("AuthenticateClient");
string clientId = null;
string clientSecret = null;
string redirectUri = null;
if (authorizationCodeAccessTokenRequest != null)
{
clientId = authorizationCodeAccessTokenRequest.ClientId;
redirectUri = authorizationCodeAccessTokenRequest.RedirectUri;
}
string authorization = Request.GetHeader("Authorization");
if (!string.IsNullOrWhiteSpace(authorization) && authorization.StartsWith("Basic ", StringComparison.OrdinalIgnoreCase))
{
byte[] data = Convert.FromBase64String(authorization.Substring("Basic ".Length).Trim());
string text = Encoding.UTF8.GetString(data);
int delimiterIndex = text.IndexOf(':');
if (delimiterIndex >= 0)
{
string name = text.Substring(0, delimiterIndex);
string password = text.Substring(delimiterIndex + 1);
if (clientId != null && !string.Equals(clientId, name, StringComparison.Ordinal))
{
return(null);
}
clientId = name;
clientSecret = password;
}
}
var lookupClientIdContext = new OAuthValidateClientCredentialsContext(
Request.Environment,
clientId,
clientSecret,
redirectUri);
await Options.Provider.ValidateClientCredentials(lookupClientIdContext);
return(lookupClientIdContext);
}
private async Task <bool> InvokeAuthorizeEndpoint()
{
_logger.WriteVerbose("InvokeAuthorizeEndpoint");
var authorizeRequest = new AuthorizeRequest(Request.GetQuery());
var clientIdContext = new OAuthValidateClientCredentialsContext(
Request.Environment,
authorizeRequest.ClientId,
null,
authorizeRequest.RedirectUri);
await Options.Provider.ValidateClientCredentials(clientIdContext);
if (clientIdContext.IsValidated)
{
authorizeRequest.RedirectUri = clientIdContext.RedirectUri;
_authorizeRequest = authorizeRequest;
}
var authorizeEndpointContext = new OAuthAuthorizeEndpointContext(Request.Environment);
await Options.Provider.AuthorizeEndpoint(authorizeEndpointContext);
return(authorizeEndpointContext.IsRequestCompleted);
}
private async Task OnValidateClientCredentials(OAuthValidateClientCredentialsContext context)
{
if (context.ClientId == "123456")
{
context.ClientFound("abcdef", "http://localhost:18002/Katana.Sandbox.WebClient/ClientApp.aspx");
}
else if (context.ClientId == "7890ab")
{
context.ClientFound("7890ab", "http://localhost:18002/Katana.Sandbox.WebClient/ClientPageSignIn.html");
}
}
public virtual Task ValidateClientCredentials(OAuthValidateClientCredentialsContext context)
{
return(OnValidateClientCredentials.Invoke(context));
}
public virtual Task ValidateClientCredentials(OAuthValidateClientCredentialsContext context)
{
return OnValidateClientCredentials.Invoke(context);
}
private async Task InvokeTokenEndpoint()
{
_logger.WriteVerbose("InvokeTokenEndpoint");
var form = await Request.ReadForm();
AccessTokenRequest accessTokenRequest = AccessTokenRequest.Create(form.Get);
var authorizationCodeAccessTokenRequest = accessTokenRequest as AuthorizationCodeAccessTokenRequest;
var clientCredentialsAccessTokenRequest = accessTokenRequest as ClientCredentialsAccessTokenRequest;
var resourceOwnerPasswordCredentialsAccessTokenRequest = accessTokenRequest as ResourceOwnerPasswordCredentialsAccessTokenRequest;
OAuthValidateClientCredentialsContext lookupClientId = await AuthenticateClient(authorizationCodeAccessTokenRequest);
if (!lookupClientId.IsValidated)
{
// TODO: actual error
_logger.WriteError("clientID is not valid.");
return;
}
AuthenticationTicket ticket;
if (authorizationCodeAccessTokenRequest != null)
{
AuthenticationTicket code = Options.AccessCodeHandler.Unprotect(authorizationCodeAccessTokenRequest.Code);
// TODO - fire event
ticket = code;
}
else if (resourceOwnerPasswordCredentialsAccessTokenRequest != null)
{
var resourceOwnerCredentialsContext = new OAuthValidateResourceOwnerCredentialsContext(
Request.Environment,
resourceOwnerPasswordCredentialsAccessTokenRequest.Username,
resourceOwnerPasswordCredentialsAccessTokenRequest.Password,
resourceOwnerPasswordCredentialsAccessTokenRequest.Scope);
Options.Provider.ValidateResourceOwnerCredentials(resourceOwnerCredentialsContext);
if (resourceOwnerCredentialsContext.IsValidated)
{
ticket = new AuthenticationTicket(
resourceOwnerCredentialsContext.Identity,
resourceOwnerCredentialsContext.Extra);
}
else
{
_logger.WriteError("resourceOwnerCredentialsContext is not valid.");
throw new NotImplementedException("real error");
}
}
else
{
_logger.WriteError("null authorizationCodeAccessTokenRequest and null resourceOwnerPasswordCredentialsTokenRequest");
throw new NotImplementedException("real error");
}
var tokenEndpointContext = new OAuthTokenEndpointContext(
Request.Environment,
ticket,
accessTokenRequest);
await Options.Provider.TokenEndpoint(tokenEndpointContext);
if (!tokenEndpointContext.TokenIssued)
{
_logger.WriteError("Token was not issued to tokenEndpointContext");
throw new NotImplementedException("real error");
}
string accessToken = Options.AccessTokenHandler.Protect(new AuthenticationTicket(tokenEndpointContext.Identity, tokenEndpointContext.Extra));
var memory = new MemoryStream();
byte[] body;
using (var writer = new JsonTextWriter(new StreamWriter(memory)))
{
writer.WriteStartObject();
writer.WritePropertyName("access_token");
writer.WriteValue(accessToken);
writer.WritePropertyName("token_type");
writer.WriteValue("bearer");
writer.WritePropertyName("expires_in");
writer.WriteValue(3600);
writer.WriteEndObject();
writer.Flush();
body = memory.ToArray();
}
Response.ContentType = "application/json;charset=UTF-8";
Response.SetHeader("Cache-Control", "no-store");
Response.SetHeader("Pragma", "no-cache");
Response.SetHeader("Content-Length", memory.ToArray().Length.ToString(CultureInfo.InvariantCulture));
await Response.Body.WriteAsync(body, 0, body.Length);
}