private async void refresh_Click(object sender, RoutedEventArgs e)
{
if (_config == null)
{
await LoadOpenIdConnectConfigurationAsync();
}
var tokenClient = new TokenClient(
_config.TokenEndpoint,
_settings.ClientId,
_settings.ClientSecret);
_provider = RsaPublicKeyJwk.CreateProvider();
var jwk = new RsaPublicKeyJwk("key_id", _provider);
var tokenResponse = await tokenClient.RequestRefreshTokenPopAsync(
refreshToken : _result?.RefreshToken,
algorithm : jwk.alg,
key : jwk.ToJwkString());
if (tokenResponse.IsError)
{
_result = new LoginResult {
ErrorMessage = tokenResponse.Error
};
}
else
{
_result = new LoginResult
{
Success = true,
AccessToken = tokenResponse.AccessToken,
RefreshToken = tokenResponse.RefreshToken,
IdentityToken = tokenResponse.IdentityToken,
AccessTokenExpiration = DateTime.Now.AddSeconds(tokenResponse.ExpiresIn)
};
}
ShowTokenResult();
}
private async Task <LoginResult> ValidateResponseAsync(AuthorizeResponse response)
{
// id_token validieren
var tokenClaims = ValidateIdentityToken(response.IdentityToken);
if (tokenClaims == null)
{
return(new LoginResult {
ErrorMessage = "Invalid identity token."
});
}
// nonce validieren
var nonce = tokenClaims.FirstOrDefault(c => c.Type == JwtClaimTypes.Nonce);
if (nonce == null || !string.Equals(nonce.Value, _nonce, StringComparison.Ordinal))
{
return(new LoginResult {
ErrorMessage = "Inalid nonce."
});
}
// c_hash validieren
var c_hash = tokenClaims.FirstOrDefault(c => c.Type == JwtClaimTypes.AuthorizationCodeHash);
if (c_hash == null || ValidateCodeHash(c_hash.Value, response.Code) == false)
{
return(new LoginResult {
ErrorMessage = "Invalid code."
});
}
_provider = RsaPublicKeyJwk.CreateProvider();
var jwk = new RsaPublicKeyJwk("key_id", _provider);
// code eintauschen gegen tokens
var tokenClient = new TokenClient(
_config.TokenEndpoint,
_settings.ClientId,
_settings.ClientSecret);
var tokenResponse = await tokenClient.RequestAuthorizationCodePopAsync(
code : response.Code,
redirectUri : _settings.RedirectUri,
codeVerifier : _verifier,
algorithm : jwk.alg,
key : jwk.ToJwkString());
if (tokenResponse.IsError)
{
return(new LoginResult {
ErrorMessage = tokenResponse.Error
});
}
// optional userinfo aufrufen
var profileClaims = new List <Claim>();
if (_settings.LoadUserProfile)
{
var userInfoClient = new UserInfoClient(
new Uri(_config.UserInfoEndpoint),
tokenResponse.AccessToken);
var userInfoResponse = await userInfoClient.GetAsync();
profileClaims = userInfoResponse.GetClaimsIdentity().Claims.ToList();
}
var principal = CreatePrincipal(tokenClaims, profileClaims);
return(new LoginResult
{
Success = true,
User = principal,
IdentityToken = response.IdentityToken,
AccessToken = tokenResponse.AccessToken,
RefreshToken = tokenResponse.RefreshToken,
AccessTokenExpiration = DateTime.Now.AddSeconds(tokenResponse.ExpiresIn)
});
}