public override async Task <ExternalAuthUserInfo> GetUserInfo( string token) { OpenIdConnectAuthProviderApi connectAuthProviderApi = this; // ISSUE: explicit non-virtual call string additionalParam = connectAuthProviderApi.ProviderInfo.AdditionalParams["Authority"]; if (string.IsNullOrEmpty(additionalParam)) { throw new ApplicationException("Authentication:OpenId:Issuer configuration is required."); } ConfigurationManager <OpenIdConnectConfiguration> configurationManager = new ConfigurationManager <OpenIdConnectConfiguration>(additionalParam + "/.well-known/openid-configuration", (IConfigurationRetriever <OpenIdConnectConfiguration>) new OpenIdConnectConfigurationRetriever(), (IDocumentRetriever) new HttpDocumentRetriever()); JwtSecurityToken jwtSecurityToken = await connectAuthProviderApi.ValidateToken(token, additionalParam, (IConfigurationManager <OpenIdConnectConfiguration>) configurationManager, new CancellationToken()); string str1 = jwtSecurityToken.Claims.First(c => c.Type == "name").Value; string str2 = jwtSecurityToken.Claims.First(c => c.Type == "unique_name").Value; string[] strArray = str1.Split(' ', StringSplitOptions.None); return(new ExternalAuthUserInfo() { Provider = "OpenIdConnect", ProviderKey = jwtSecurityToken.Subject, Name = strArray[0], Surname = strArray.Length > 1 ? strArray[1] : strArray[0], EmailAddress = str2 }); }
private async Task <JwtSecurityToken> ValidateToken( string token, string issuer, IConfigurationManager <OpenIdConnectConfiguration> configurationManager, CancellationToken ct = default) { OpenIdConnectAuthProviderApi connectAuthProviderApi = this; if (string.IsNullOrEmpty(token)) { throw new ArgumentNullException(nameof(token)); } if (string.IsNullOrEmpty(issuer)) { throw new ArgumentNullException(nameof(issuer)); } ICollection <SecurityKey> signingKeys = (await configurationManager.GetConfigurationAsync(ct)).SigningKeys; SecurityToken validatedToken; // ISSUE: explicit non-virtual call ClaimsPrincipal claimsPrincipal = new JwtSecurityTokenHandler().ValidateToken(token, new TokenValidationParameters() { ValidateIssuer = bool.Parse(connectAuthProviderApi.ProviderInfo.AdditionalParams["ValidateIssuer"]), ValidIssuer = issuer, ValidateIssuerSigningKey = true, IssuerSigningKeys = (IEnumerable <SecurityKey>)signingKeys, ValidateLifetime = true, ClockSkew = TimeSpan.FromMinutes(5.0), ValidateAudience = false }, out validatedToken); // ISSUE: explicit non-virtual call if (connectAuthProviderApi.ProviderInfo.ClientId != claimsPrincipal.Claims.First <Claim>((Func <Claim, bool>)(c => c.Type == "aud")).Value) { throw new ApplicationException("ClientId couldn't verified."); } return((JwtSecurityToken)validatedToken); }