/// <summary> /// The same as StartSignOut, but returns an ActionResult /// </summary> /// <param name="accessTokenResponse"> /// The token endpoint's access token response (when the user completed the sign in flow). /// We need the id_token that was returned in this response. /// </param> /// <param name="redirectUri"> /// The callback URI where the application will cleanup the user's session /// </param> /// <returns> /// A Redirect ActionResult, to redirect the user to SDB Connect IdG or, in special cases, to the redirectUri itself. /// </returns> public ActionResult StartMvcSignOut(AccessTokenResponse accessTokenResponse, string redirectUri) { var redirectResponse = base.StartSignOut(accessTokenResponse, redirectUri); return new RedirectResult(redirectResponse.Location.ToString()); }
/// <summary> /// Obtains the user's claims, from the userInfo endpoint, given the user's access_token /// </summary> /// <param name="accessTokenResponse"> /// The token endpoint's access token response (when the user completed the SignIn flow). /// We need the access_token that was returned in this response. /// </param> /// <returns> /// A future dictionary, mapping claim types to their values. /// The amount of claims, claim names and their value formats are all defined/configurable on SDB Connect IdG. /// /// Typically the claim names are returned according to the OpenIdConnect standard. /// For more information, see: http://openid.net/specs/openid-connect-basic-1_0-28.html#StandardClaims /// </returns> public async Task<IDictionary<string, string>> GetUserInfo(AccessTokenResponse accessTokenResponse) { using (var client = new HttpClient()) { var request = new HttpRequestMessage(HttpMethod.Get, _openIdSettings.UserInfoEndpoint); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessTokenResponse.AccessToken); // TODO process errors according to the OpenIdConnect standard var response = await client.SendAsync(request).ConfigureAwait(false); var claims = await response .EnsureSuccessStatusCode() .Content .ReadAsAsync<IDictionary<string, string>>() .ConfigureAwait(false); return claims; } }
/// <summary> /// Build the sign out endpoint URI /// </summary> /// <param name="accessTokenResponse"> /// The token endpoint's access token response (when the user completed the sign in flow). /// We need the id_token that was returned in this response. /// </param> /// <param name="redirectUri"> /// The callback URI where the application will cleanup the user's session /// </param> /// <returns> /// The generated URI to the sign out endpoint on SDB Connect IdG. /// </returns> private Uri GetIdentityGatewayOicSignOutEndpoint(AccessTokenResponse accessTokenResponse, string redirectUri) { var relativeUrl = string.Format( "?id_token_hint={0}&post_logout_redirect_uri={1}", accessTokenResponse.IdToken, redirectUri); return new Uri(_openIdSettings.AuthorizationEndpoint, relativeUrl); }
/// <summary> /// Starts the SignOut flow. /// You should start this step before cleaning up the user session, because this can be /// done in the final redirect. /// /// The steps are: /// 1. Redirect to SDB Connect IdG to perform the sign out at federation level /// 2. Callback to the application sign out redirect URI to cleanup at application level /// </summary> /// <param name="accessTokenResponse"> /// The token endpoint's access token response (when the user completed the sign in flow). /// We need the id_token that was returned in this response. /// </param> /// <param name="redirectUri"> /// The callback URI where the application will cleanup the user's session /// </param> /// <returns> /// An HTTP Redirect, to redirect the user to SDB Connect IdG or, in special cases, to the redirectUri itself. /// </returns> public HttpRedirectResponse StartSignOut(AccessTokenResponse accessTokenResponse, string redirectUri) { if (accessTokenResponse == null || accessTokenResponse.IdToken == null) { // when we have no id_token, like when the user session expires, we cannot sign-out at federation level. // in this particular case, we will not redirect to SDB Connect Identity Gateway. return new HttpRedirectResponse(redirectUri); } return new HttpRedirectResponse(GetIdentityGatewayOicSignOutEndpoint(accessTokenResponse, redirectUri)); }