/// <summary> /// Method that queries the OP server to obtain the OpenID configuration. /// </summary> /// <param name="hostname">The hostname of the OP to be queried.</param> /// <param name="expectedIssuer">(optional) the issuer expected from the OP configuration. /// This information can come, for instance, from a previous issuer discovery process /// via webfinger.</param> /// <returns>An oject describing all relevant properties of the OP.</returns> /// <exception cref="OpenIDClient.OIDCException">Thrown when the returned message from server /// is not valid or if wrong issuer is found in the answer.</exception> public OIDCProviderMetadata ObtainProviderInformation(string hostname, string expectedIssuer = null) { string query = "/.well-known/openid-configuration"; WebRequest webRequest = WebRequest.Create(hostname + query); Dictionary <string, object> o = WebOperations.GetUrlContent(webRequest); OIDCProviderMetadata providerMetadata = new OIDCProviderMetadata(o); if (expectedIssuer != null && !expectedIssuer.Equals(providerMetadata.Issuer)) { throw new OIDCException("Wrong issuer, discarding configuration"); } return(providerMetadata); }
/// <summary> /// Method that queries the OP server to obtain the OpenID configuration. /// </summary> /// <param name="hostname">The hostname of the OP to be queried.</param> /// <param name="expectedIssuer">(optional) the issuer expected from the OP configuration. /// This information can come, for instance, from a previous issuer discovery process /// via webfinger.</param> /// <returns>An oject describing all relevant properties of the OP.</returns> /// <exception cref="OpenIDClient.OIDCException">Thrown when the returned message from server /// is not valid or if wrong issuer is found in the answer.</exception> public OIDCProviderMetadata ObtainProviderInformation(string hostname, string expectedIssuer = null) { string query = "/.well-known/openid-configuration"; WebRequest webRequest = WebRequest.Create(hostname + query); Dictionary<string,object> o = WebOperations.GetUrlContent(webRequest); OIDCProviderMetadata providerMetadata = new OIDCProviderMetadata(o); if (expectedIssuer != null && !expectedIssuer.Equals(providerMetadata.Issuer)) { throw new OIDCException("Wrong issuer, discarding configuration"); } return providerMetadata; }
public void GetProviderMetadata() { string hostname = GetBaseUrl("/"); OpenIdRelyingParty rp = new OpenIdRelyingParty(); providerMetadata = rp.ObtainProviderInformation(hostname); }
public void ValidateIdToken(OIDCIdToken idToken, OIDCClientInformation clientInformation, OIDCProviderMetadata providerMetadata, string nonce) { if (idToken.Iss.Trim('/') != providerMetadata.Issuer.Trim('/')) { throw new OIDCException("Wrong issuer for the token."); } if (!idToken.Aud.Contains(clientInformation.ClientId)) { throw new OIDCException("Intended audience of the token does not include client_id."); } if (idToken.Aud.Count > 1 && idToken.Azp == null) { throw new OIDCException("Multiple audience but no authorized party specified."); } if (idToken.Azp != null && idToken.Azp != clientInformation.ClientId) { throw new OIDCException("The authorized party does not match client_id."); } if (idToken.Exp < DateTime.UtcNow - new TimeSpan(0, 10, 0)) { throw new OIDCException("The token is expired."); } if (idToken.Iat < DateTime.Now - new TimeSpan(24, 0, 0)) { throw new OIDCException("The token has ben issued more than a day ago."); } if (nonce != null && idToken.Nonce != nonce) { throw new OIDCException("Wrong nonce value in token."); } }