/// <summary> /// Method that returns the IDToken decoding the JWT. /// </summary> /// <param name="OPKeys">The OP keys.</param> /// <param name="ClientSecret">The client secret (to be used as key).</param> /// <param name="RPKeys">The RP keys.</param> /// <returns>The IdToken as an object.</returns> public OIDCIdToken GetIdToken(List <OIDCKey> OPKeys = null, string ClientSecret = null, List <OIDCKey> RPKeys = null) { string jsonToken = CheckSignatureAndDecryptJWT(IdToken, OPKeys, ClientSecret, RPKeys); Dictionary <string, object> o = Deserializer.DeserializeFromJson <Dictionary <string, object> >(jsonToken); OIDCIdToken idToken = new OIDCIdToken(); idToken.DeserializeFromDictionary(o); return(idToken); }
private Dictionary<string, object> PerformSelfIssuedAuthentication(OIDCAuthorizationRequestMessage requestMessage, X509Certificate2 certificate) { OIDCIdToken idToken = new OIDCIdToken(); idToken.Iss = "https://self-issued.me"; idToken.Sub = Convert.ToBase64String(Encoding.UTF8.GetBytes(certificate.Thumbprint)); idToken.Aud = new List<string>() { requestMessage.RedirectUri }; idToken.Nonce = requestMessage.Nonce; idToken.Exp = DateTime.MaxValue; idToken.Iat = DateTime.MaxValue; idToken.SubJkw = KeyManager.GetOIDCKey(certificate, "RSA", "AQAB", "sig"); if (requestMessage.Scope.Contains(MessageScope.Profile)) { idToken.GivenName = "Myself"; idToken.FamilyName = "User"; idToken.Name = idToken.GivenName + " " + idToken.FamilyName; } if (requestMessage.Scope.Contains(MessageScope.Email)) { idToken.Email = "*****@*****.**"; } if (requestMessage.Scope.Contains(MessageScope.Address)) { idToken.Address = new OIDCAddress(); idToken.Address.Country = "Italy"; idToken.Address.PostalCode = "20100"; idToken.Address.StreetAddress = "Via Test, 1"; idToken.Address.Locality = "Milano"; } if (requestMessage.Scope.Contains(MessageScope.Phone)) { idToken.PhoneNumber = "0"; } idToken.Validate(); Dictionary<string, object> responseMessage = new Dictionary<string, object>(); responseMessage["id_token"] = JWT.Encode(idToken.SerializeToJsonString(), null, JwsAlgorithm.none); responseMessage["state"] = requestMessage.State; return responseMessage; }
/// <summary> /// Method that returns the IDToken decoding the JWT. /// </summary> /// <param name="OPKeys">The OP keys.</param> /// <param name="ClientSecret">The client secret (to be used as key).</param> /// <param name="RPKeys">The RP keys.</param> /// <returns>The IdToken as an object.</returns> public OIDCIdToken GetIdToken(List<OIDCKey> OPKeys = null, string ClientSecret = null, List<OIDCKey> RPKeys = null) { string jsonToken = CheckSignatureAndDecryptJWT(IdToken, OPKeys, ClientSecret, RPKeys); Dictionary<string, object> o = Deserializer.DeserializeFromJson<Dictionary<string, object>>(jsonToken); OIDCIdToken idToken = new OIDCIdToken(); idToken.DeserializeFromDictionary(o); return idToken; }
/// <summary> /// Method that validates the IdToken with specific rules /// </summary> /// <param name="idToken"></param> /// <param name="clientInformation"></param> /// <param name="providerMetadata"></param> /// <param name="nonce"></param> public void ValidateIdToken(OIDCIdToken idToken, OIDCClientInformation clientInformation, string Issuer, string Nonce) { if (idToken.Iss.Trim('/') != Issuer.Trim('/')) { throw new OIDCException("Wrong issuer for the token."); } if (Issuer != "https://self-issued.me" && !idToken.Aud.Contains(clientInformation.ClientId)) { throw new OIDCException("Intended audience of the token does not include client_id."); } if (idToken.Aud.Count > 1 && idToken.Azp == null) { throw new OIDCException("Multiple audience but no authorized party specified."); } if (idToken.Azp != null && idToken.Azp != clientInformation.ClientId) { throw new OIDCException("The authorized party does not match client_id."); } if (idToken.Exp < DateTime.UtcNow - new TimeSpan(0, 10, 0)) { throw new OIDCException("The token is expired."); } if (idToken.Iat < DateTime.Now - new TimeSpan(24, 0, 0)) { throw new OIDCException("The token has ben issued more than a day ago."); } if (Nonce != null && idToken.Nonce != Nonce) { throw new OIDCException("Wrong nonce value in token."); } }
public static string successPage(string authCode, string accessToken, OIDCIdToken idToken, OIDCUserInfoResponseMessage userInfoResponse) { string stringIdToken = idToken.serializeToJsonString(); string userInfoString = userInfoResponse.serializeToJsonString(); String successPage = File.ReadAllText(Path.Combine(Client.ROOT_PATH, "success_page.html")); return String.Format(successPage, authCode, accessToken, stringIdToken, userInfoString); }