// GET /{appName}/oauth/authorize // public ActionResult Index(string appName, AuthorizeRequest request) { Tracing.Start("OAuth2 Authorize Endoint"); // make sure application is registered var application = _config.FindApplication(appName); if (application == null) { Tracing.Error("Application not found: " + appName); return HttpNotFound(); } ValidatedRequest validatedRequest; try { validatedRequest = new AuthorizeRequestValidator().Validate(application, request); } catch (AuthorizeRequestValidationException ex) { Tracing.Error("Aborting OAuth2 authorization request"); return this.AuthorizeValidationError(ex); } if (validatedRequest.ShowConsent) { // show consent screen Tracing.Verbose("Showing consent screen"); return View("Consent", validatedRequest); } Tracing.Verbose("No consent configured for application/client"); return PerformGrant(validatedRequest); }
// GET /{appName}/oauth/authorize // public ActionResult Index(string appName, AuthorizeRequest request) { Tracing.Start("OAuth2 Authorize Endoint"); // make sure application is registered var application = _config.FindApplication(appName); if (application == null) { Tracing.Error("Application not found: " + appName); return(HttpNotFound()); } ValidatedRequest validatedRequest; try { validatedRequest = new AuthorizeRequestValidator().Validate(application, request); } catch (AuthorizeRequestValidationException ex) { Tracing.Error("Aborting OAuth2 authorization request"); return(this.AuthorizeValidationError(ex)); } if (validatedRequest.ShowConsent) { validatedRequest.RememberOptions = GetRememberOptions(application); // todo: check first if a remembered consent decision exists if (validatedRequest.ResponseType == OAuthConstants.ResponseTypes.Token) { var handle = _handleManager.Find( ClaimsPrincipal.Current.GetSubject(), validatedRequest.Client, validatedRequest.Application, validatedRequest.Scopes, StoredGrantType.ConsentDecision); if (handle != null) { Tracing.Verbose("Stored consent decision found."); return(PerformGrant(validatedRequest)); } } // show consent screen Tracing.Verbose("Showing consent screen"); return(View("Consent", validatedRequest)); } Tracing.Verbose("No consent configured for application/client"); // workaround for bug #139 validatedRequest.RequestedRefreshTokenExpiration = DateTime.UtcNow.AddYears(50); return(PerformGrant(validatedRequest)); }
// GET /{appName}/oauth/authorize // public ActionResult Index(string appName, AuthorizeRequest request) { Tracing.Start("OAuth2 Authorize Endoint"); // make sure application is registered var application = _config.FindApplication(appName); if (application == null) { Tracing.Error("Application not found: " + appName); return HttpNotFound(); } ValidatedRequest validatedRequest; try { validatedRequest = new AuthorizeRequestValidator().Validate(application, request); } catch (AuthorizeRequestValidationException ex) { Tracing.Error("Aborting OAuth2 authorization request"); return this.AuthorizeValidationError(ex); } if (validatedRequest.ShowConsent) { validatedRequest.RememberOptions = GetRememberOptions(application); // todo: check first if a remembered consent decision exists if (validatedRequest.ResponseType == OAuthConstants.ResponseTypes.Token) { var handle = _handleManager.Find( ClaimsPrincipal.Current.GetSubject(), validatedRequest.Client, validatedRequest.Application, validatedRequest.Scopes, StoredGrantType.ConsentDecision); if (handle != null) { Tracing.Verbose("Stored consent decision found."); return PerformGrant(validatedRequest); } } // show consent screen Tracing.Verbose("Showing consent screen"); return View("Consent", validatedRequest); } Tracing.Verbose("No consent configured for application/client"); // workaround for bug #139 validatedRequest.RequestedRefreshTokenExpiration = DateTime.UtcNow.AddYears(50); return PerformGrant(validatedRequest); }
public void ValidRequestMultipleScope() { var validator = new AuthorizeRequestValidator(_clientManager); var app = _testConfig.FindApplication("test"); var request = new AuthorizeRequest { client_id = "codeclient", response_type = "code", scope = "read search", redirect_uri = "https://prod.local" }; var result = validator.Validate(app, request); }
public void ValidRequestMultipleScope() { var validator = new AuthorizeRequestValidator(); var app = _testConfig.FindApplication("test"); var request = new AuthorizeRequest { client_id = "implicitclient", response_type = "token", scope = "read browse", redirect_uri = "https://test2.local" }; var result = validator.Validate(app, request); }
public void NoParameters() { var validator = new AuthorizeRequestValidator(); var app = _testConfig.FindApplication("test"); try { var result = validator.Validate(app, null); } catch (AuthorizeRequestResourceOwnerException ex) { // todo: inspect exception return; } Assert.Fail("No exception thrown."); }
public void NoParameters() { var validator = new AuthorizeRequestValidator(); var app = _testConfig.FindApplication("test"); try { var result = validator.Validate(app, null); } catch (AuthorizeRequestClientException ex) { Assert.IsTrue(ex.Error == OAuthConstants.Errors.InvalidRequest); return; } Assert.Fail("No exception thrown."); }
public void MissingRedirectUri() { var validator = new AuthorizeRequestValidator(); var app = _testConfig.FindApplication("test"); var request = new AuthorizeRequest { client_id = "codeclient", response_type = "code", scope = "read" }; try { var result = validator.Validate(app, request); } catch (AuthorizeRequestResourceOwnerException ex) { // todo: check error code return; } Assert.Fail("No exception thrown."); }
public void DisabledClient() { var validator = new AuthorizeRequestValidator(); var app = _testConfig.FindApplication("test"); var request = new AuthorizeRequest { client_id = "disabledclient", response_type = "code", scope = "read", redirect_uri = "https://prod.local" }; try { var result = validator.Validate(app, request); } catch (AuthorizeRequestResourceOwnerException ex) { return; } Assert.Fail("No exception thrown."); }
public void MalformedRedirectUri1() { var validator = new AuthorizeRequestValidator(_clientManager); var app = _testConfig.FindApplication("test"); var request = new AuthorizeRequest { client_id = "codeclient", response_type = "code", scope = "read", redirect_uri = "https:/prod.local" }; try { var result = validator.Validate(app, request); } catch (AuthorizeRequestResourceOwnerException ex) { // todo: check error code return; } Assert.Fail("No exception thrown."); }
public void UnauthorizedResponseType() { var validator = new AuthorizeRequestValidator(); var app = _testConfig.FindApplication("test"); var request = new AuthorizeRequest { client_id = "implicitclient", response_type = "code", scope = "read", redirect_uri = "https://test2.local" }; try { var result = validator.Validate(app, request); } catch (AuthorizeRequestClientException ex) { Assert.AreEqual(OAuthConstants.Errors.UnsupportedResponseType, ex.Error); return; } Assert.Fail("No exception thrown."); }
public void UnauthorizedRedirectUri() { var validator = new AuthorizeRequestValidator(); var app = _testConfig.FindApplication("test"); var request = new AuthorizeRequest { client_id = "implicitclient", response_type = "token", scope = "read", redirect_uri = "https://unauthorized.com" }; try { var result = validator.Validate(app, request); } catch (AuthorizeRequestResourceOwnerException ex) { // todo: check error code return; } Assert.Fail("No exception thrown."); }
public ActionResult HandleConsentResponse(string appName, string button, string[] scopes, AuthorizeRequest request, int? rememberDuration = null) { Tracing.Start("OAuth2 Authorize Endoint - Consent response"); // make sure application is registered var application = _config.FindApplication(appName); if (application == null) { Tracing.Error("Application not found: " + appName); return HttpNotFound(); } if (button == "no") { Tracing.Information("User denies access token request."); return new ClientErrorResult(new Uri(request.redirect_uri), OAuthConstants.Errors.AccessDenied, request.response_type, request.state); } if (button == "yes") { Tracing.Information("User allows access token request."); ValidatedRequest validatedRequest; try { validatedRequest = new AuthorizeRequestValidator().Validate(application, request); } catch (AuthorizeRequestValidationException ex) { Tracing.Error("Aborting OAuth2 authorization request"); return this.AuthorizeValidationError(ex); } if (scopes == null || scopes.Length == 0) { ModelState.AddModelError("", "Please choose at least one permission."); return View("Consent", validatedRequest); } // parse scopes form post and substitue scopes validatedRequest.Scopes.RemoveAll(x => !scopes.Contains(x.Name)); // store consent decision if // checkbox was checked // and storage is allowed // and flow == implicit if (validatedRequest.Application.AllowRememberConsentDecision && validatedRequest.ResponseType == OAuthConstants.ResponseTypes.Token && rememberDuration == -1) { var handle = StoredGrant.CreateConsentDecision( ClaimsPrincipal.Current.GetSubject(), validatedRequest.Client, validatedRequest.Application, validatedRequest.Scopes); _handleManager.Add(handle); Tracing.Information("Consent decision stored."); } // parse refresh token lifetime if // code flow is used // and refresh tokens are allowed if (validatedRequest.RequestingRefreshToken && rememberDuration != null && validatedRequest.Client.Flow == OAuthFlow.Code) { if (rememberDuration == -1) { validatedRequest.RequestedRefreshTokenExpiration = DateTime.UtcNow.AddYears(50); } else { validatedRequest.RequestedRefreshTokenExpiration = DateTime.UtcNow.AddHours(rememberDuration.Value); } Tracing.Information("Selected refresh token lifetime in hours: " + rememberDuration); } var grantResult = PerformGrant(validatedRequest); if (grantResult != null) return grantResult; } return new ClientErrorResult( new Uri(request.redirect_uri), OAuthConstants.Errors.InvalidRequest, request.response_type, request.state); }
public ActionResult HandleConsentResponse(string appName, string button, string[] scopes, AuthorizeRequest request, int?rememberDuration = null) { Tracing.Start("OAuth2 Authorize Endoint - Consent response"); // make sure application is registered var application = _config.FindApplication(appName); if (application == null) { Tracing.Error("Application not found: " + appName); return(HttpNotFound()); } if (button == "no") { Tracing.Information("User denies access token request."); return(new ClientErrorResult(new Uri(request.redirect_uri), OAuthConstants.Errors.AccessDenied, request.response_type, request.state)); } if (button == "yes") { Tracing.Information("User allows access token request."); ValidatedRequest validatedRequest; try { validatedRequest = new AuthorizeRequestValidator().Validate(application, request); } catch (AuthorizeRequestValidationException ex) { Tracing.Error("Aborting OAuth2 authorization request"); return(this.AuthorizeValidationError(ex)); } if (scopes == null || scopes.Length == 0) { ModelState.AddModelError("", "Please choose at least one permission."); return(View("Consent", validatedRequest)); } // parse scopes form post and substitue scopes validatedRequest.Scopes.RemoveAll(x => !scopes.Contains(x.Name)); // store consent decision if // checkbox was checked // and storage is allowed // and flow == implicit if (validatedRequest.Application.AllowRememberConsentDecision && validatedRequest.ResponseType == OAuthConstants.ResponseTypes.Token && rememberDuration == -1) { var handle = StoredGrant.CreateConsentDecision( ClaimsPrincipal.Current.GetSubject(), validatedRequest.Client, validatedRequest.Application, validatedRequest.Scopes); _handleManager.Add(handle); Tracing.Information("Consent decision stored."); } // parse refresh token lifetime if // code flow is used // and refresh tokens are allowed if (validatedRequest.RequestingRefreshToken && rememberDuration != null && validatedRequest.Client.Flow == OAuthFlow.Code) { if (rememberDuration == -1) { validatedRequest.RequestedRefreshTokenExpiration = DateTime.UtcNow.AddYears(50); } else { validatedRequest.RequestedRefreshTokenExpiration = DateTime.UtcNow.AddHours(rememberDuration.Value); } Tracing.Information("Selected refresh token lifetime in hours: " + rememberDuration); } var grantResult = PerformGrant(validatedRequest); if (grantResult != null) { return(grantResult); } } return(new ClientErrorResult( new Uri(request.redirect_uri), OAuthConstants.Errors.InvalidRequest, request.response_type, request.state)); }
public void UnauthorizedScopeSingle() { var validator = new AuthorizeRequestValidator(); var app = _testConfig.FindApplication("test"); var request = new AuthorizeRequest { client_id = "implicitclient", response_type = "token", scope = "write", redirect_uri = "https://test2.local" }; try { var result = validator.Validate(app, request); } catch (AuthorizeRequestClientException ex) { Assert.IsTrue(ex.Error == OAuthConstants.Errors.InvalidScope); return; } Assert.Fail("No exception thrown."); }
public void UnauthorizedScopeMultiple() { var validator = new AuthorizeRequestValidator(_clientManager); var app = _testConfig.FindApplication("test"); var request = new AuthorizeRequest { client_id = "codeclient", response_type = "code", scope = "read write", redirect_uri = "https://prod.local" }; try { var result = validator.Validate(app, request); } catch (AuthorizeRequestClientException ex) { Assert.AreEqual(OAuthConstants.Errors.InvalidScope, ex.Error); return; } Assert.Fail("No exception thrown."); }
public ActionResult HandleConsentResponse(string appName, string button, string[] scopes, AuthorizeRequest request, int? rememberDuration = null) { Tracing.Start("OAuth2 Authorize Endoint - Consent response"); // make sure application is registered var application = _config.FindApplication(appName); if (application == null) { Tracing.Error("Application not found: " + appName); return HttpNotFound(); } if (button == "no") { Tracing.Information("User denies access token request."); return new ClientErrorResult(new Uri(request.redirect_uri), OAuthConstants.Errors.AccessDenied, request.response_type, request.state); } if (button == "yes") { Tracing.Information("User allows access token request."); ValidatedRequest validatedRequest; try { validatedRequest = new AuthorizeRequestValidator().Validate(application, request); } catch (AuthorizeRequestValidationException ex) { Tracing.Error("Aborting OAuth2 authorization request"); return this.AuthorizeValidationError(ex); } if (scopes == null || scopes.Length == 0) { ModelState.AddModelError("", "Please choose at least one permission."); return View("Consent", validatedRequest); } // todo: parse scopes form post and substitue scopes validatedRequest.Scopes.RemoveAll(x => !scopes.Contains(x.Name)); var grantResult = PerformGrant(validatedRequest); if (grantResult != null) return grantResult; } return new ClientErrorResult( new Uri(request.redirect_uri), OAuthConstants.Errors.InvalidRequest, request.response_type, request.state); }
public void NonSslRedirectUri() { var validator = new AuthorizeRequestValidator(); var app = _testConfig.FindApplication("test"); var request = new AuthorizeRequest { client_id = "codeclient", response_type = "code", scope = "read", redirect_uri = "http://prod.local" }; try { var result = validator.Validate(app, request); } catch (AuthorizeRequestClientException ex) { Assert.IsTrue(ex.Error == OAuthConstants.Errors.InvalidRequest); return; } Assert.Fail("No exception thrown."); }