private OIDCTokenResponseMessage GetToken(OIDCAuthCodeResponseMessage authResponse, IOptions options, HttpSessionState session, string redirectUri)
{
OpenIDProviderData providerData = options.OpenIDProviders[session["op"] as string];
OIDCTokenRequestMessage tokenRequestMessage = new OIDCTokenRequestMessage();
tokenRequestMessage.Scope = authResponse.Scope;
tokenRequestMessage.State = authResponse.State;
tokenRequestMessage.Code = authResponse.Code;
tokenRequestMessage.ClientId = providerData.ClientInformation.ClientId;
tokenRequestMessage.ClientSecret = providerData.ClientInformation.ClientSecret;
tokenRequestMessage.RedirectUri = redirectUri;
tokenRequestMessage.GrantType = "authorization_code";
OIDCTokenResponseMessage response = rp.SubmitTokenRequest(providerData.ProviderMatadata.TokenEndpoint, tokenRequestMessage, providerData.ClientInformation);
OIDCIdToken idToken = response.GetIdToken(providerData.ProviderMatadata.Keys, tokenRequestMessage.ClientSecret);
rp.ValidateIdToken(idToken, providerData.ClientInformation, providerData.ProviderMatadata.Issuer, null);
return response;
}
public OIDCTokenResponseMessage GetToken(OIDCAuthCodeResponseMessage authResponse)
{
OIDCTokenRequestMessage tokenRequestMessage = new OIDCTokenRequestMessage();
tokenRequestMessage.Scope = authResponse.Scope;
tokenRequestMessage.State = authResponse.State;
tokenRequestMessage.Code = authResponse.Code;
tokenRequestMessage.ClientId = clientInformation.ClientId;
tokenRequestMessage.ClientSecret = clientInformation.ClientSecret;
tokenRequestMessage.RedirectUri = clientInformation.RedirectUris[0];
tokenRequestMessage.GrantType = "authorization_code";
OpenIdRelyingParty rp = new OpenIdRelyingParty();
OIDCTokenResponseMessage response = rp.SubmitTokenRequest(providerMetadata.TokenEndpoint, tokenRequestMessage, clientInformation);
OIDCIdToken idToken = response.GetIdToken(providerMetadata.Keys, tokenRequestMessage.ClientSecret);
rp.ValidateIdToken(idToken, clientInformation, providerMetadata.Issuer, null);
return response;
}
/// <summary>
/// Method called toparse an authentication code response from OP.
/// </summary>
/// <param name="queryString">The string reprsenting the authentication response provided
/// by the OP.</param>
/// <param name="scope">(optional) Eventual scope used for the call to be used for verification.</param>
/// <param name="state">(optional) Eventual state used for the call to be used for verification.</param>
/// <returns>A validated message containing answer frop OP.</returns>
public OIDCAuthCodeResponseMessage ParseAuthCodeResponse(string queryString, List<MessageScope> scope = null, string state = null)
{
OIDCAuthCodeResponseMessage responseMessage = new OIDCAuthCodeResponseMessage();
try
{
responseMessage.DeserializeFromQueryString(queryString);
}
catch (OIDCException)
{
OIDCResponseError error = new OIDCResponseError();
error.DeserializeFromQueryString(queryString);
throw new OIDCException("Error while parsing authorization response: " + error.Error + "\n" + error.ErrorDescription);
}
if (scope != null && responseMessage.Scope != null && responseMessage.Scope.Equals(scope))
{
throw new OIDCException("Error with authentication answer, wrong scope.");
}
if (state != null && responseMessage.State != state)
{
throw new OIDCException("Error with authentication answer, wrong state.");
}
return responseMessage;
}
private OIDCUserInfoResponseMessage GetUserInfo(OIDCAuthCodeResponseMessage authResponse, IOptions options, HttpSessionState session, string accessToken)
{
OpenIDProviderData providerData = options.OpenIDProviders[session["op"] as string];
OpenIdRelyingParty rp = new OpenIdRelyingParty();
OIDClaims requestClaims = new OIDClaims();
requestClaims.IdToken = new Dictionary<string, OIDClaimData>();
requestClaims.IdToken.Add("name", new OIDClaimData());
requestClaims.IdToken.Add("family_name", new OIDClaimData());
requestClaims.IdToken.Add("given_name", new OIDClaimData());
requestClaims.IdToken.Add("email", new OIDClaimData());
requestClaims.IdToken.Add("gender", new OIDClaimData());
OIDCUserInfoRequestMessage userInfoRequestMessage = new OIDCUserInfoRequestMessage();
userInfoRequestMessage.Scope = authResponse.Scope;
userInfoRequestMessage.State = authResponse.State;
userInfoRequestMessage.Claims = requestClaims;
var urlInfoUrl = providerData.ProviderMatadata.UserinfoEndpoint;
return rp.GetUserInfo(urlInfoUrl, userInfoRequestMessage, accessToken);
}