private Task <bool> SendErrorRedirectAsync( OAuthValidateClientRedirectUriContext clientContext, BaseValidatingContext <OAuthAuthorizationServerOptions> validatingContext) { if (clientContext == null) { throw new ArgumentNullException("clientContext"); } string error = validatingContext.HasError ? validatingContext.Error : Constants.Errors.InvalidRequest; string errorDescription = validatingContext.HasError ? validatingContext.ErrorDescription : null; string errorUri = validatingContext.HasError ? validatingContext.ErrorUri : null; if (!clientContext.IsValidated) { // write error in response body if client_id or redirect_uri have not been validated return(SendErrorPageAsync(error, errorDescription, errorUri)); } // redirect with error if client_id and redirect_uri have been validated string location = WebUtilities.AddQueryString(clientContext.RedirectUri, Constants.Parameters.Error, error); if (!string.IsNullOrEmpty(errorDescription)) { location = WebUtilities.AddQueryString(location, Constants.Parameters.ErrorDescription, errorDescription); } if (!string.IsNullOrEmpty(errorUri)) { location = WebUtilities.AddQueryString(location, Constants.Parameters.ErrorUri, errorUri); } // if a state parameter was provided, include it in the redirect location IList <string> stateValues = clientContext.Request.Query.GetValues(Constants.Parameters.State); if (stateValues != null && stateValues.Count == 1) { location = WebUtilities.AddQueryString(location, Constants.Parameters.State, stateValues[0]); } Response.Redirect(location); // request is handled, does not pass on to application return(Task.FromResult(true)); }
private async Task <bool> InvokeAuthorizeEndpointAsync() { var authorizeRequest = new AuthorizeEndpointRequest(Request.Query); var clientContext = new OAuthValidateClientRedirectUriContext( Context, Options, authorizeRequest.ClientId, authorizeRequest.RedirectUri); if (!String.IsNullOrEmpty(authorizeRequest.RedirectUri)) { bool acceptableUri = true; Uri validatingUri; if (!Uri.TryCreate(authorizeRequest.RedirectUri, UriKind.Absolute, out validatingUri)) { // The redirection endpoint URI MUST be an absolute URI // http://tools.ietf.org/html/rfc6749#section-3.1.2 acceptableUri = false; } else if (!String.IsNullOrEmpty(validatingUri.Fragment)) { // The endpoint URI MUST NOT include a fragment component. // http://tools.ietf.org/html/rfc6749#section-3.1.2 acceptableUri = false; } else if (!Options.AllowInsecureHttp && String.Equals(validatingUri.Scheme, Uri.UriSchemeHttp, StringComparison.OrdinalIgnoreCase)) { // The redirection endpoint SHOULD require the use of TLS // http://tools.ietf.org/html/rfc6749#section-3.1.2.1 acceptableUri = false; } if (!acceptableUri) { clientContext.SetError(Constants.Errors.InvalidRequest); return(await SendErrorRedirectAsync(clientContext, clientContext)); } } await Options.Provider.ValidateClientRedirectUriAsync(clientContext); if (!clientContext.IsValidated) { _logger.WriteVerbose("Unable to validate client information"); return(await SendErrorRedirectAsync(clientContext, clientContext)); } var validatingContext = new OAuthValidateAuthorizeRequestContext( Context, Options, authorizeRequest, clientContext); if (string.IsNullOrEmpty(authorizeRequest.ResponseType)) { _logger.WriteVerbose("Authorize endpoint request missing required response_type parameter"); validatingContext.SetError(Constants.Errors.InvalidRequest); } else if (!authorizeRequest.IsAuthorizationCodeGrantType && !authorizeRequest.IsImplicitGrantType) { _logger.WriteVerbose("Authorize endpoint request contains unsupported response_type parameter"); validatingContext.SetError(Constants.Errors.UnsupportedResponseType); } else { await Options.Provider.ValidateAuthorizeRequest(validatingContext); } if (!validatingContext.IsValidated) { // an invalid request is not processed further return(await SendErrorRedirectAsync(clientContext, validatingContext)); } _clientContext = clientContext; _authorizeEndpointRequest = authorizeRequest; var authorizeEndpointContext = new OAuthAuthorizeEndpointContext(Context, Options, authorizeRequest); await Options.Provider.AuthorizeEndpoint(authorizeEndpointContext); return(authorizeEndpointContext.IsRequestCompleted); }
/// <summary> /// Called to validate that the context.ClientId is a registered "client_id", and that the context.RedirectUri a "redirect_uri" /// registered for that client. This only occurs when processing the Authorize endpoint. The application MUST implement this /// call, and it MUST validate both of those factors before calling context.Validated. If the context.Validated method is called /// with a given redirectUri parameter, then IsValidated will only become true if the incoming redirect URI matches the given redirect URI. /// If context.Validated is not called the request will not proceed further. /// </summary> /// <param name="context">The context of the event carries information in and results out.</param> /// <returns>Task to enable asynchronous execution</returns> public virtual Task ValidateClientRedirectUriAsync(OAuthValidateClientRedirectUriContext context) { return(OnValidateClientRedirectUri.Invoke(context)); }