Compare commits
40 Commits
2.18.0
...
dependabot
| Author | SHA1 | Date | |
|---|---|---|---|
|
c469894b77 | ||
|
|
8b382b0429 | ||
|
|
8e6fedf25b | ||
|
|
13bbd8a89f | ||
|
|
4400102d13 | ||
|
|
c9e6d86bc8 | ||
|
|
4edd2ae28a | ||
|
|
1301c6c0d2 | ||
|
|
0c529e18fe | ||
|
|
334ba8664f | ||
|
|
c046b5d6e1 | ||
|
|
f018253a4f | ||
|
|
39ed336c4d | ||
|
|
6850514ca4 | ||
|
|
17ae5efa21 | ||
|
|
b86f2b65d3 | ||
|
|
c6586f2809 | ||
|
|
bc06288ea2 | ||
|
|
02fa70bbe3 | ||
|
|
d5d7c19a30 | ||
|
|
05cd9a4fab | ||
|
|
b4447fa319 | ||
|
|
c9dd2cc062 | ||
|
|
b64e7e5d3a | ||
|
|
b34579f54c | ||
|
|
22c830dbfb | ||
|
|
06457050a8 | ||
|
|
35ea1c9d79 | ||
|
|
900c80a98f | ||
|
|
f60e8b5ffa | ||
|
|
c74cd15808 | ||
|
|
26a690060a | ||
|
|
113692b2e0 | ||
|
|
88bf254a7b | ||
|
|
38aa4bbed2 | ||
|
|
29be30bfd7 | ||
|
|
b8055739ff | ||
|
|
7aeca07f08 | ||
|
|
fde4b5ebac | ||
|
|
d5b81fae9c |
14
Gemfile.lock
14
Gemfile.lock
@@ -1,17 +1,17 @@
|
||||
GEM
|
||||
remote: http://rubygems.org/
|
||||
specs:
|
||||
albacore (2.0.4)
|
||||
albacore (3.0.1)
|
||||
map (~> 6.5)
|
||||
nokogiri (~> 1.5)
|
||||
rake (> 10)
|
||||
rake (~> 10)
|
||||
semver2 (~> 3.4)
|
||||
map (6.6.0)
|
||||
mini_portile2 (2.0.0)
|
||||
nokogiri (1.6.7.2-x64-mingw32)
|
||||
mini_portile2 (~> 2.0.0.rc2)
|
||||
os (0.9.6)
|
||||
rake (11.1.1)
|
||||
mini_portile2 (2.3.0)
|
||||
nokogiri (1.8.2-x64-mingw32)
|
||||
mini_portile2 (~> 2.3.0)
|
||||
os (1.0.0)
|
||||
rake (10.5.0)
|
||||
semver2 (3.4.2)
|
||||
|
||||
PLATFORMS
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
Microsoft Visual Studio Solution File, Format Version 12.00
|
||||
Microsoft Visual Studio Solution File, Format Version 12.00
|
||||
# Visual Studio 15
|
||||
VisualStudioVersion = 15.0.26730.16
|
||||
VisualStudioVersion = 15.0.26730.12
|
||||
MinimumVisualStudioVersion = 10.0.40219.1
|
||||
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Owin.Security.Providers.ArcGISOnline", "src\Owin.Security.Providers.ArcGISOnline\Owin.Security.Providers.ArcGISOnline.csproj", "{8A49FAEF-D365-4D25-942C-1CAD03845A5E}"
|
||||
EndProject
|
||||
@@ -108,9 +108,13 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Owin.Security.Providers.Eve
|
||||
EndProject
|
||||
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Owin.Security.Providers.WSO2", "src\Owin.Security.Providers.WSO2\Owin.Security.Providers.WSO2.csproj", "{8FD3A9CB-E684-42C0-A8BF-7746FDD3D43C}"
|
||||
EndProject
|
||||
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Owin.Security.Providers.Podbean", "src\Owin.Security.Providers.Podbean\Owin.Security.Providers.Podbean.csproj", "{A7B95FD4-08AD-499F-B574-07560CC2A63F}"
|
||||
EndProject
|
||||
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Owin.Security.Providers.ArcGISPortal", "src\Owin.Security.Providers.ArcGISPortal\Owin.Security.Providers.ArcGISPortal.csproj", "{18547CA4-D7D3-43C2-81C2-A21FC8151A93}"
|
||||
EndProject
|
||||
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Owin.Security.Providers.Podbean", "src\Owin.Security.Providers.Podbean\Owin.Security.Providers.Podbean.csproj", "{A7B95FD4-08AD-499F-B574-07560CC2A63F}"
|
||||
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Owin.Security.Providers.Typeform", "src\Owin.Security.Providers.Typeform\Owin.Security.Providers.Typeform.csproj", "{C8862B45-E1D1-4AB7-A83D-3A2FD2A22526}"
|
||||
EndProject
|
||||
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Owin.Security.Providers.Google", "src\Owin.Security.Providers.Google\Owin.Security.Providers.Google.csproj", "{ED434959-8CF8-4CAB-83B3-E4A618327AB5}"
|
||||
EndProject
|
||||
Global
|
||||
GlobalSection(SolutionConfigurationPlatforms) = preSolution
|
||||
@@ -334,12 +338,23 @@ Global
|
||||
{A7B95FD4-08AD-499F-B574-07560CC2A63F}.Debug|Any CPU.Build.0 = Debug|Any CPU
|
||||
{A7B95FD4-08AD-499F-B574-07560CC2A63F}.Release|Any CPU.ActiveCfg = Release|Any CPU
|
||||
{A7B95FD4-08AD-499F-B574-07560CC2A63F}.Release|Any CPU.Build.0 = Release|Any CPU
|
||||
{18547CA4-D7D3-43C2-81C2-A21FC8151A93}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
|
||||
{18547CA4-D7D3-43C2-81C2-A21FC8151A93}.Debug|Any CPU.Build.0 = Debug|Any CPU
|
||||
{18547CA4-D7D3-43C2-81C2-A21FC8151A93}.Release|Any CPU.ActiveCfg = Release|Any CPU
|
||||
{18547CA4-D7D3-43C2-81C2-A21FC8151A93}.Release|Any CPU.Build.0 = Release|Any CPU
|
||||
{C8862B45-E1D1-4AB7-A83D-3A2FD2A22526}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
|
||||
{C8862B45-E1D1-4AB7-A83D-3A2FD2A22526}.Debug|Any CPU.Build.0 = Debug|Any CPU
|
||||
{C8862B45-E1D1-4AB7-A83D-3A2FD2A22526}.Release|Any CPU.ActiveCfg = Release|Any CPU
|
||||
{C8862B45-E1D1-4AB7-A83D-3A2FD2A22526}.Release|Any CPU.Build.0 = Release|Any CPU
|
||||
{ED434959-8CF8-4CAB-83B3-E4A618327AB5}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
|
||||
{ED434959-8CF8-4CAB-83B3-E4A618327AB5}.Debug|Any CPU.Build.0 = Debug|Any CPU
|
||||
{ED434959-8CF8-4CAB-83B3-E4A618327AB5}.Release|Any CPU.ActiveCfg = Release|Any CPU
|
||||
{ED434959-8CF8-4CAB-83B3-E4A618327AB5}.Release|Any CPU.Build.0 = Release|Any CPU
|
||||
EndGlobalSection
|
||||
GlobalSection(SolutionProperties) = preSolution
|
||||
HideSolutionNode = FALSE
|
||||
EndGlobalSection
|
||||
GlobalSection(ExtensibilityGlobals) = postSolution
|
||||
|
||||
SolutionGuid = {EDFDB942-6583-4AD9-A868-B354B5BF07FC}
|
||||
EndGlobalSection
|
||||
EndGlobal
|
||||
|
||||
@@ -5,6 +5,7 @@ using Owin;
|
||||
using Owin.Security.Providers.Evernote;
|
||||
using Owin.Security.Providers.PayPal;
|
||||
using Owin.Security.Providers.ArcGISPortal;
|
||||
using Owin.Security.Providers.Typeform;
|
||||
|
||||
namespace OwinOAuthProvidersDemo
|
||||
{
|
||||
@@ -126,14 +127,50 @@ namespace OwinOAuthProvidersDemo
|
||||
// clientId: "",
|
||||
// clientSecret: "");
|
||||
|
||||
//in scenarios where a sandbox URL needs to be used
|
||||
//var salesforceOptions = new SalesforceAuthenticationOptions
|
||||
// Salesforce Option 1: don't specify explicit Endpoint config and use Production endpoint defaults
|
||||
//var salesforceOptions1 = new SalesforceAuthenticationOptions
|
||||
//{
|
||||
// ClientId = "",
|
||||
// ClientSecret = "",
|
||||
// Provider = new SalesforceAuthenticationProvider()
|
||||
// {
|
||||
// OnAuthenticated = async context =>
|
||||
// {
|
||||
// System.Diagnostics.Debug.WriteLine(context.AccessToken);
|
||||
// System.Diagnostics.Debug.WriteLine(context.RefreshToken);
|
||||
// System.Diagnostics.Debug.WriteLine(context.OrganizationId);
|
||||
// }
|
||||
// }
|
||||
//};
|
||||
|
||||
// Salesforce Option 2: ask for Sandbox environment; no need to know what those endpoints are
|
||||
//var salesforceOptions2 = new SalesforceAuthenticationOptions
|
||||
//{
|
||||
// Endpoints =
|
||||
// new SalesforceAuthenticationOptions.SalesforceAuthenticationEndpoints
|
||||
// {
|
||||
// AuthorizationEndpoint =
|
||||
// "https://ap1.salesforce.com/services/oauth2/authorize",
|
||||
// Environment = Owin.Security.Providers.Salesforce.Constants.SandboxEnvironment
|
||||
// },
|
||||
// ClientId = "",
|
||||
// ClientSecret = "",
|
||||
// Provider = new SalesforceAuthenticationProvider()
|
||||
// {
|
||||
// OnAuthenticated = async context =>
|
||||
// {
|
||||
// System.Diagnostics.Debug.WriteLine(context.AccessToken);
|
||||
// System.Diagnostics.Debug.WriteLine(context.RefreshToken);
|
||||
// System.Diagnostics.Debug.WriteLine(context.OrganizationId);
|
||||
// }
|
||||
// }
|
||||
//};
|
||||
|
||||
// Salesforce Option 3: explicitly specify endpoints (will take precedence over Environment choice)
|
||||
//var salesforceOptions3 = new SalesforceAuthenticationOptions
|
||||
//{
|
||||
// Endpoints =
|
||||
// new SalesforceAuthenticationOptions.SalesforceAuthenticationEndpoints
|
||||
// {
|
||||
// AuthorizationEndpoint = "https://ap1.salesforce.com/services/oauth2/authorize",
|
||||
// TokenEndpoint = "https://ap1.salesforce.com/services/oauth2/token"
|
||||
// },
|
||||
// ClientId = "",
|
||||
@@ -148,7 +185,7 @@ namespace OwinOAuthProvidersDemo
|
||||
// }
|
||||
// }
|
||||
//};
|
||||
//app.UseSalesforceAuthentication(salesforceOptions);
|
||||
//app.UseSalesforceAuthentication(salesforceOptions1);
|
||||
|
||||
////app.UseShopifyAuthentication("", "");
|
||||
|
||||
@@ -321,6 +358,17 @@ namespace OwinOAuthProvidersDemo
|
||||
// AppSecret = "",
|
||||
// DebugUsingRequestHeadersToBuildBaseUri = true
|
||||
//});
|
||||
|
||||
// WARNING:
|
||||
// Typeform doesn't supply the user's ID so use this provider for authorization only, not authentication
|
||||
// because each time you sign in with the same Typeform account it will yield a distinct UserId.
|
||||
//var typeformOptions = new Owin.Security.Providers.Typeform.TypeformAuthenticationOptions
|
||||
//{
|
||||
// ClientId = "",
|
||||
// ClientSecret = "",
|
||||
//};
|
||||
//typeformOptions.Scope.Add("forms:read");
|
||||
//app.UseTypeformAuthentication(typeformOptions);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -419,6 +419,13 @@ namespace OwinOAuthProvidersDemo.Controllers
|
||||
properties.Dictionary[ShopNameKey] = ShopName;
|
||||
}
|
||||
|
||||
// if use Salesforce as OAuth provider you can ask for Sandbox auth endpoint
|
||||
// for this particular request only
|
||||
//properties.Dictionary.Add(
|
||||
// Owin.Security.Providers.Salesforce.Constants.EnvironmentAuthenticationProperty,
|
||||
// Owin.Security.Providers.Salesforce.Constants.SandboxEnvironment
|
||||
// );
|
||||
|
||||
context.HttpContext.GetOwinContext().Authentication.Challenge(properties, LoginProvider);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -259,14 +259,14 @@
|
||||
<Project>{4fd7b873-1994-4990-aa40-c37060121494}</Project>
|
||||
<Name>Owin.Security.Providers.OpenIDBase</Name>
|
||||
</ProjectReference>
|
||||
<ProjectReference Include="..\src\Owin.Security.Providers.ArcGISPortal\Owin.Security.Providers.ArcGISPortal.csproj">
|
||||
<Project>{18547ca4-d7d3-43c2-81c2-a21fc8151a93}</Project>
|
||||
<Name>Owin.Security.Providers.ArcGISPortal</Name>
|
||||
</ProjectReference>
|
||||
<ProjectReference Include="..\src\Owin.Security.Providers.ArcGISOnline\Owin.Security.Providers.ArcGISOnline.csproj">
|
||||
<Project>{8a49faef-d365-4d25-942c-1cad03845a5e}</Project>
|
||||
<Name>Owin.Security.Providers.ArcGISOnline</Name>
|
||||
</ProjectReference>
|
||||
<ProjectReference Include="..\src\Owin.Security.Providers.ArcGISPortal\Owin.Security.Providers.ArcGISPortal.csproj">
|
||||
<Project>{18547ca4-d7d3-43c2-81c2-a21fc8151a93}</Project>
|
||||
<Name>Owin.Security.Providers.ArcGISPortal</Name>
|
||||
</ProjectReference>
|
||||
<ProjectReference Include="..\src\Owin.Security.Providers.Asana\Owin.Security.Providers.Asana.csproj">
|
||||
<Project>{f3e27220-1d8c-4037-94aa-7b7f4a12f351}</Project>
|
||||
<Name>Owin.Security.Providers.Asana</Name>
|
||||
@@ -431,6 +431,10 @@
|
||||
<Project>{c3cf8734-6aac-4f59-9a3e-1cba8582cd48}</Project>
|
||||
<Name>Owin.Security.Providers.Twitch</Name>
|
||||
</ProjectReference>
|
||||
<ProjectReference Include="..\src\Owin.Security.Providers.Typeform\Owin.Security.Providers.Typeform.csproj">
|
||||
<Project>{c8862b45-e1d1-4ab7-a83d-3a2fd2a22526}</Project>
|
||||
<Name>Owin.Security.Providers.Typeform</Name>
|
||||
</ProjectReference>
|
||||
<ProjectReference Include="..\src\Owin.Security.Providers.Untappd\Owin.Security.Providers.Untappd.csproj">
|
||||
<Project>{3e89eca3-f4e7-4181-b26b-8250d5151044}</Project>
|
||||
<Name>Owin.Security.Providers.Untappd</Name>
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
[](https://ci.appveyor.com/project/tparnell8/owinoauthproviders)
|
||||
|
||||
#OWIN OAuth Providers
|
||||
# OWIN OAuth Providers
|
||||
|
||||
Provides a set of extra authentication providers for OWIN ([Project Katana](http://katanaproject.codeplex.com/)). This project includes providers for:
|
||||
- OAuth
|
||||
|
||||
@@ -15,7 +15,7 @@ PACKAGES = File.expand_path("packages")
|
||||
TOOLS = File.expand_path("tools")
|
||||
NUGET = File.expand_path("#{TOOLS}/nuget")
|
||||
NUGET_EXE = File.expand_path("#{TOOLS}/nuget/nuget.exe")
|
||||
@version = "2.18.0"
|
||||
@version = "2.26.0"
|
||||
PROJECTS = Dir.glob('src/*').select{|dir| File.directory? dir }
|
||||
|
||||
desc 'Retrieve things'
|
||||
@@ -70,8 +70,8 @@ desc 'publish nugets'
|
||||
task :nuspec_publish do
|
||||
PROJECTS.each{|dir|
|
||||
Dir.chdir(dir) do
|
||||
sh "#{NUGET_EXE} push #{FileList["*.nupkg"].first}"
|
||||
sh "#{NUGET_EXE} push -Source https://api.nuget.org/v3/index.json #{FileList["*.nupkg"].first}"
|
||||
end
|
||||
}
|
||||
sh "#{NUGET_EXE} push #{FileList["*.nupkg"].first}"
|
||||
sh "#{NUGET_EXE} push -Source https://api.nuget.org/v3/index.json #{FileList["*.nupkg"].first}"
|
||||
end
|
||||
|
||||
@@ -10,12 +10,12 @@ namespace :nuget do
|
||||
begin
|
||||
FileUtils.mkdir_p("#{NUGET}")
|
||||
File.open("#{NUGET}/nuget.exe", "wb") do |file|
|
||||
file.write open('http://nuget.org/nuget.exe', {ssl_verify_mode: OpenSSL::SSL::VERIFY_NONE}).read
|
||||
file.write open('https://dist.nuget.org/win-x86-commandline/latest/nuget.exe', {ssl_verify_mode: OpenSSL::SSL::VERIFY_NONE}).read
|
||||
end
|
||||
rescue
|
||||
FileUtils.rm_rf("#{NUGET}/nuget.exe")
|
||||
File.open("#{NUGET}/nuget.exe", "wb") do |file|
|
||||
file.write open('https://dist.nuget.org/win-x86-commandline/v3.2.0/nuget.exe', {ssl_verify_mode: OpenSSL::SSL::VERIFY_NONE}).read
|
||||
file.write open('https://dist.nuget.org/win-x86-commandline/latest/nuget.exe', {ssl_verify_mode: OpenSSL::SSL::VERIFY_NONE}).read
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
@@ -105,7 +105,7 @@ namespace Owin.Security.Providers.Discord
|
||||
};
|
||||
if (!string.IsNullOrEmpty(context.Id))
|
||||
{
|
||||
context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.UserName, XmlSchemaString, Options.AuthenticationType));
|
||||
context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.Id, XmlSchemaString, Options.AuthenticationType));
|
||||
}
|
||||
if (!string.IsNullOrEmpty(context.UserName))
|
||||
{
|
||||
|
||||
@@ -39,7 +39,7 @@ namespace Owin.Security.Providers.Discord.Provider
|
||||
Discriminator = TryGetValue(user, "discriminator");
|
||||
Avatar = TryGetValue(user, "avatar");
|
||||
Email = TryGetValue(user, "email");
|
||||
Verified = TryGetValue(user, "verified") == "true";
|
||||
Verified = TryGetValue(user, "verified").ToLowerInvariant() == "true";
|
||||
}
|
||||
|
||||
public string RefreshToken { get; set; }
|
||||
|
||||
7
src/Owin.Security.Providers.Google/Constants.cs
Normal file
7
src/Owin.Security.Providers.Google/Constants.cs
Normal file
@@ -0,0 +1,7 @@
|
||||
namespace Owin.Security.Providers.Google
|
||||
{
|
||||
internal static class Constants
|
||||
{
|
||||
public const string DefaultAuthenticationType = "Google";
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,29 @@
|
||||
using System;
|
||||
|
||||
namespace Owin.Security.Providers.Google
|
||||
{
|
||||
public static class GoogleAuthenticationExtensions
|
||||
{
|
||||
public static IAppBuilder UseGoogleAuthentication(this IAppBuilder app,
|
||||
GoogleAuthenticationOptions options)
|
||||
{
|
||||
if (app == null)
|
||||
throw new ArgumentNullException(nameof(app));
|
||||
if (options == null)
|
||||
throw new ArgumentNullException(nameof(options));
|
||||
|
||||
app.Use(typeof(GoogleAuthenticationMiddleware), app, options);
|
||||
|
||||
return app;
|
||||
}
|
||||
|
||||
public static IAppBuilder UseGoogleAuthentication(this IAppBuilder app, string clientId, string clientSecret)
|
||||
{
|
||||
return app.UseGoogleAuthentication(new GoogleAuthenticationOptions
|
||||
{
|
||||
ClientId = clientId,
|
||||
ClientSecret = clientSecret
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,246 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Net.Http;
|
||||
using System.Security.Claims;
|
||||
using System.Threading.Tasks;
|
||||
using Microsoft.Owin.Infrastructure;
|
||||
using Microsoft.Owin.Logging;
|
||||
using Microsoft.Owin.Security;
|
||||
using Microsoft.Owin.Security.Infrastructure;
|
||||
using Newtonsoft.Json;
|
||||
using Newtonsoft.Json.Linq;
|
||||
using Owin.Security.Providers.Google.Provider;
|
||||
|
||||
namespace Owin.Security.Providers.Google
|
||||
{
|
||||
public class GoogleAuthenticationHandler : AuthenticationHandler<GoogleAuthenticationOptions>
|
||||
{
|
||||
private const string XmlSchemaString = "http://www.w3.org/2001/XMLSchema#string";
|
||||
private const string TokenEndpoint = "https://accounts.google.com/o/oauth2/token";
|
||||
// TODO: This url should come from here: https://accounts.google.com/.well-known/openid-configuration
|
||||
// TODO: as described by https://developers.google.com/identity/protocols/OpenIDConnect#discovery
|
||||
private const string UserInfoEndpoint = "https://www.googleapis.com/oauth2/v3/userinfo";
|
||||
|
||||
private readonly ILogger _logger;
|
||||
private readonly HttpClient _httpClient;
|
||||
|
||||
public GoogleAuthenticationHandler(HttpClient httpClient, ILogger logger)
|
||||
{
|
||||
_httpClient = httpClient;
|
||||
_logger = logger;
|
||||
}
|
||||
|
||||
protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
|
||||
{
|
||||
AuthenticationProperties properties = null;
|
||||
|
||||
try
|
||||
{
|
||||
string code = null;
|
||||
string state = null;
|
||||
|
||||
var query = Request.Query;
|
||||
var values = query.GetValues("code");
|
||||
if (values != null && values.Count == 1)
|
||||
{
|
||||
code = values[0];
|
||||
}
|
||||
values = query.GetValues("state");
|
||||
if (values != null && values.Count == 1)
|
||||
{
|
||||
state = values[0];
|
||||
}
|
||||
|
||||
properties = Options.StateDataFormat.Unprotect(state);
|
||||
if (properties == null)
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
// OAuth2 10.12 CSRF
|
||||
if (!ValidateCorrelationId(properties, _logger))
|
||||
{
|
||||
return new AuthenticationTicket(null, properties);
|
||||
}
|
||||
|
||||
var requestPrefix = Request.Scheme + "://" + Request.Host;
|
||||
var redirectUri = requestPrefix + Request.PathBase + Options.CallbackPath;
|
||||
|
||||
// Build up the body for the token request
|
||||
var body = new List<KeyValuePair<string, string>>
|
||||
{
|
||||
new KeyValuePair<string, string>("grant_type", "authorization_code"),
|
||||
new KeyValuePair<string, string>("code", code),
|
||||
new KeyValuePair<string, string>("redirect_uri", redirectUri),
|
||||
new KeyValuePair<string, string>("client_id", Options.ClientId),
|
||||
new KeyValuePair<string, string>("client_secret", Options.ClientSecret)
|
||||
};
|
||||
|
||||
// Request the token
|
||||
var tokenResponse =
|
||||
await _httpClient.PostAsync(TokenEndpoint, new FormUrlEncodedContent(body));
|
||||
tokenResponse.EnsureSuccessStatusCode();
|
||||
var text = await tokenResponse.Content.ReadAsStringAsync();
|
||||
|
||||
// Deserializes the token response
|
||||
dynamic response = JsonConvert.DeserializeObject<dynamic>(text);
|
||||
var accessToken = (string)response.access_token;
|
||||
var expires = (string) response.expires_in;
|
||||
string refreshToken = null;
|
||||
if (response.refresh_token != null)
|
||||
refreshToken = (string) response.refresh_token;
|
||||
|
||||
// Get the Google user
|
||||
var graphResponse = await _httpClient.GetAsync(
|
||||
UserInfoEndpoint + "?access_token=" + Uri.EscapeDataString(accessToken), Request.CallCancelled);
|
||||
graphResponse.EnsureSuccessStatusCode();
|
||||
text = await graphResponse.Content.ReadAsStringAsync();
|
||||
var userInfo = JObject.Parse(text);
|
||||
|
||||
var context = new GoogleAuthenticatedContext(Context, userInfo, accessToken, expires, refreshToken)
|
||||
{
|
||||
Identity = new ClaimsIdentity(
|
||||
Options.AuthenticationType,
|
||||
ClaimsIdentity.DefaultNameClaimType,
|
||||
ClaimsIdentity.DefaultRoleClaimType)
|
||||
};
|
||||
if (!string.IsNullOrEmpty(context.Id))
|
||||
{
|
||||
context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.Id, XmlSchemaString, Options.AuthenticationType));
|
||||
}
|
||||
if (!string.IsNullOrEmpty(context.UserName))
|
||||
{
|
||||
context.Identity.AddClaim(new Claim(ClaimsIdentity.DefaultNameClaimType, context.UserName, XmlSchemaString, Options.AuthenticationType));
|
||||
}
|
||||
if (!string.IsNullOrEmpty(context.Email))
|
||||
{
|
||||
context.Identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, XmlSchemaString, Options.AuthenticationType));
|
||||
}
|
||||
if (!string.IsNullOrEmpty(context.Name))
|
||||
{
|
||||
context.Identity.AddClaim(new Claim("urn:google:name", context.Name, XmlSchemaString, Options.AuthenticationType));
|
||||
}
|
||||
if (!string.IsNullOrEmpty(context.Link))
|
||||
{
|
||||
context.Identity.AddClaim(new Claim("urn:google:url", context.Link, XmlSchemaString, Options.AuthenticationType));
|
||||
}
|
||||
context.Properties = properties;
|
||||
|
||||
await Options.Provider.Authenticated(context);
|
||||
|
||||
return new AuthenticationTicket(context.Identity, context.Properties);
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
_logger.WriteError(ex.Message);
|
||||
}
|
||||
return new AuthenticationTicket(null, properties);
|
||||
}
|
||||
|
||||
protected override Task ApplyResponseChallengeAsync()
|
||||
{
|
||||
if (Response.StatusCode != 401)
|
||||
{
|
||||
return Task.FromResult<object>(null);
|
||||
}
|
||||
|
||||
var challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode);
|
||||
|
||||
if (challenge == null) return Task.FromResult<object>(null);
|
||||
var baseUri =
|
||||
Request.Scheme +
|
||||
Uri.SchemeDelimiter +
|
||||
Request.Host +
|
||||
Request.PathBase;
|
||||
|
||||
var currentUri =
|
||||
baseUri +
|
||||
Request.Path +
|
||||
Request.QueryString;
|
||||
|
||||
var redirectUri =
|
||||
baseUri +
|
||||
Options.CallbackPath;
|
||||
|
||||
var properties = challenge.Properties;
|
||||
if (string.IsNullOrEmpty(properties.RedirectUri))
|
||||
{
|
||||
properties.RedirectUri = currentUri;
|
||||
}
|
||||
|
||||
// OAuth2 10.12 CSRF
|
||||
GenerateCorrelationId(properties);
|
||||
|
||||
// comma separated
|
||||
var scope = string.Join(" ", Options.Scope);
|
||||
|
||||
var state = Options.StateDataFormat.Protect(properties);
|
||||
|
||||
var authorizationEndpoint =
|
||||
"https://accounts.google.com/o/oauth2/auth" +
|
||||
"?response_type=code" +
|
||||
"&client_id=" + Uri.EscapeDataString(Options.ClientId) +
|
||||
"&redirect_uri=" + Uri.EscapeDataString(redirectUri) +
|
||||
"&scope=" + Uri.EscapeDataString(scope) +
|
||||
"&state=" + Uri.EscapeDataString(state);
|
||||
|
||||
// Check if offline access was requested
|
||||
if (Options.RequestOfflineAccess)
|
||||
authorizationEndpoint += "&access_type=offline";
|
||||
|
||||
Response.Redirect(authorizationEndpoint);
|
||||
|
||||
return Task.FromResult<object>(null);
|
||||
}
|
||||
|
||||
public override async Task<bool> InvokeAsync()
|
||||
{
|
||||
return await InvokeReplyPathAsync();
|
||||
}
|
||||
|
||||
private async Task<bool> InvokeReplyPathAsync()
|
||||
{
|
||||
if (!Options.CallbackPath.HasValue || Options.CallbackPath != Request.Path) return false;
|
||||
// TODO: error responses
|
||||
|
||||
var ticket = await AuthenticateAsync();
|
||||
if (ticket == null)
|
||||
{
|
||||
_logger.WriteWarning("Invalid return state, unable to redirect.");
|
||||
Response.StatusCode = 500;
|
||||
return true;
|
||||
}
|
||||
|
||||
var context = new GoogleReturnEndpointContext(Context, ticket)
|
||||
{
|
||||
SignInAsAuthenticationType = Options.SignInAsAuthenticationType,
|
||||
RedirectUri = ticket.Properties.RedirectUri
|
||||
};
|
||||
|
||||
await Options.Provider.ReturnEndpoint(context);
|
||||
|
||||
if (context.SignInAsAuthenticationType != null &&
|
||||
context.Identity != null)
|
||||
{
|
||||
var grantIdentity = context.Identity;
|
||||
if (!string.Equals(grantIdentity.AuthenticationType, context.SignInAsAuthenticationType, StringComparison.Ordinal))
|
||||
{
|
||||
grantIdentity = new ClaimsIdentity(grantIdentity.Claims, context.SignInAsAuthenticationType, grantIdentity.NameClaimType, grantIdentity.RoleClaimType);
|
||||
}
|
||||
Context.Authentication.SignIn(context.Properties, grantIdentity);
|
||||
}
|
||||
|
||||
if (context.IsRequestCompleted || context.RedirectUri == null) return context.IsRequestCompleted;
|
||||
var redirectUri = context.RedirectUri;
|
||||
if (context.Identity == null)
|
||||
{
|
||||
// add a redirect hint that sign-in failed in some way
|
||||
redirectUri = WebUtilities.AddQueryString(redirectUri, "error", "access_denied");
|
||||
}
|
||||
Response.Redirect(redirectUri);
|
||||
context.RequestCompleted();
|
||||
|
||||
return context.IsRequestCompleted;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,83 @@
|
||||
using System;
|
||||
using System.Globalization;
|
||||
using System.Net.Http;
|
||||
using Microsoft.Owin;
|
||||
using Microsoft.Owin.Logging;
|
||||
using Microsoft.Owin.Security;
|
||||
using Microsoft.Owin.Security.DataHandler;
|
||||
using Microsoft.Owin.Security.DataProtection;
|
||||
using Microsoft.Owin.Security.Infrastructure;
|
||||
using Owin.Security.Providers.Google.Provider;
|
||||
|
||||
namespace Owin.Security.Providers.Google
|
||||
{
|
||||
public class GoogleAuthenticationMiddleware : AuthenticationMiddleware<GoogleAuthenticationOptions>
|
||||
{
|
||||
private readonly HttpClient _httpClient;
|
||||
private readonly ILogger _logger;
|
||||
|
||||
public GoogleAuthenticationMiddleware(OwinMiddleware next, IAppBuilder app,
|
||||
GoogleAuthenticationOptions options)
|
||||
: base(next, options)
|
||||
{
|
||||
if (string.IsNullOrWhiteSpace(Options.ClientId))
|
||||
throw new ArgumentException(string.Format(CultureInfo.CurrentCulture,
|
||||
Resources.Exception_OptionMustBeProvided, "ClientId"));
|
||||
if (string.IsNullOrWhiteSpace(Options.ClientSecret))
|
||||
throw new ArgumentException(string.Format(CultureInfo.CurrentCulture,
|
||||
Resources.Exception_OptionMustBeProvided, "ClientSecret"));
|
||||
|
||||
_logger = app.CreateLogger<GoogleAuthenticationMiddleware>();
|
||||
|
||||
if (Options.Provider == null)
|
||||
Options.Provider = new GoogleAuthenticationProvider();
|
||||
|
||||
if (Options.StateDataFormat == null)
|
||||
{
|
||||
var dataProtector = app.CreateDataProtector(
|
||||
typeof (GoogleAuthenticationMiddleware).FullName,
|
||||
Options.AuthenticationType, "v1");
|
||||
Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
|
||||
}
|
||||
|
||||
if (string.IsNullOrEmpty(Options.SignInAsAuthenticationType))
|
||||
Options.SignInAsAuthenticationType = app.GetDefaultSignInAsAuthenticationType();
|
||||
|
||||
_httpClient = new HttpClient(ResolveHttpMessageHandler(Options))
|
||||
{
|
||||
Timeout = Options.BackchannelTimeout,
|
||||
MaxResponseContentBufferSize = 1024*1024*10
|
||||
};
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Provides the <see cref="T:Microsoft.Owin.Security.Infrastructure.AuthenticationHandler" /> object for processing
|
||||
/// authentication-related requests.
|
||||
/// </summary>
|
||||
/// <returns>
|
||||
/// An <see cref="T:Microsoft.Owin.Security.Infrastructure.AuthenticationHandler" /> configured with the
|
||||
/// <see cref="T:Owin.Security.Providers.GooglePlus.GooglePlusAuthenticationOptions" /> supplied to the constructor.
|
||||
/// </returns>
|
||||
protected override AuthenticationHandler<GoogleAuthenticationOptions> CreateHandler()
|
||||
{
|
||||
return new GoogleAuthenticationHandler(_httpClient, _logger);
|
||||
}
|
||||
|
||||
private static HttpMessageHandler ResolveHttpMessageHandler(GoogleAuthenticationOptions options)
|
||||
{
|
||||
var handler = options.BackchannelHttpHandler ?? new WebRequestHandler();
|
||||
|
||||
// If they provided a validator, apply it or fail.
|
||||
if (options.BackchannelCertificateValidator == null) return handler;
|
||||
// Set the cert validate callback
|
||||
var webRequestHandler = handler as WebRequestHandler;
|
||||
if (webRequestHandler == null)
|
||||
{
|
||||
throw new InvalidOperationException(Resources.Exception_ValidatorHandlerMismatch);
|
||||
}
|
||||
webRequestHandler.ServerCertificateValidationCallback = options.BackchannelCertificateValidator.Validate;
|
||||
|
||||
return handler;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,110 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Net.Http;
|
||||
using Microsoft.Owin;
|
||||
using Microsoft.Owin.Security;
|
||||
using Owin.Security.Providers.Google.Provider;
|
||||
|
||||
namespace Owin.Security.Providers.Google
|
||||
{
|
||||
public class GoogleAuthenticationOptions : AuthenticationOptions
|
||||
{
|
||||
/// <summary>
|
||||
/// Gets or sets the a pinned certificate validator to use to validate the endpoints used
|
||||
/// in back channel communications belonging to Google.
|
||||
/// </summary>
|
||||
/// <value>
|
||||
/// The pinned certificate validator.
|
||||
/// </value>
|
||||
/// <remarks>
|
||||
/// If this property is null then the default certificate checks are performed,
|
||||
/// validating the subject name and if the signing chain is a trusted party.
|
||||
/// </remarks>
|
||||
public ICertificateValidator BackchannelCertificateValidator { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// The HttpMessageHandler used to communicate with Google.
|
||||
/// This cannot be set at the same time as BackchannelCertificateValidator unless the value
|
||||
/// can be downcast to a WebRequestHandler.
|
||||
/// </summary>
|
||||
public HttpMessageHandler BackchannelHttpHandler { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets timeout value in milliseconds for back channel communications with Google.
|
||||
/// </summary>
|
||||
/// <value>
|
||||
/// The back channel timeout in milliseconds.
|
||||
/// </value>
|
||||
public TimeSpan BackchannelTimeout { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// The request path within the application's base path where the user-agent will be returned.
|
||||
/// The middleware will process this request when it arrives.
|
||||
/// Default value is "/signin-google".
|
||||
/// </summary>
|
||||
public PathString CallbackPath { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Get or sets the text that the user can display on a sign in user interface.
|
||||
/// </summary>
|
||||
public string Caption
|
||||
{
|
||||
get { return Description.Caption; }
|
||||
set { Description.Caption = value; }
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the Google supplied Client ID
|
||||
/// </summary>
|
||||
public string ClientId { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the Google supplied Client Secret
|
||||
/// </summary>
|
||||
public string ClientSecret { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the <see cref="IGoogleAuthenticationProvider" /> used in the authentication events
|
||||
/// </summary>
|
||||
public IGoogleAuthenticationProvider Provider { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets whether to request offline access. If offline access is requested the <see cref="GoogleAuthenticatedContext"/> will contain a Refresh Token.
|
||||
/// </summary>
|
||||
public bool RequestOfflineAccess { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// A list of permissions to request.
|
||||
/// </summary>
|
||||
public IList<string> Scope { get; private set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the name of another authentication middleware which will be responsible for actually issuing a user
|
||||
/// <see cref="System.Security.Claims.ClaimsIdentity" />.
|
||||
/// </summary>
|
||||
public string SignInAsAuthenticationType { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the type used to secure data handled by the middleware.
|
||||
/// </summary>
|
||||
public ISecureDataFormat<AuthenticationProperties> StateDataFormat { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Initializes a new <see cref="GoogleAuthenticationOptions" />
|
||||
/// </summary>
|
||||
public GoogleAuthenticationOptions()
|
||||
: base("Google")
|
||||
{
|
||||
Caption = Constants.DefaultAuthenticationType;
|
||||
CallbackPath = new PathString("/signin-google");
|
||||
AuthenticationMode = AuthenticationMode.Passive;
|
||||
Scope = new List<string>
|
||||
{
|
||||
"openid",
|
||||
"profile",
|
||||
"email"
|
||||
};
|
||||
BackchannelTimeout = TimeSpan.FromSeconds(60);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,104 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
|
||||
<PropertyGroup>
|
||||
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
|
||||
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
|
||||
<ProjectGuid>{ED434959-8CF8-4CAB-83B3-E4A618327AB5}</ProjectGuid>
|
||||
<OutputType>Library</OutputType>
|
||||
<AppDesignerFolder>Properties</AppDesignerFolder>
|
||||
<RootNamespace>Owin.Security.Providers.Google</RootNamespace>
|
||||
<AssemblyName>Owin.Security.Providers.Google</AssemblyName>
|
||||
<TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
|
||||
<FileAlignment>512</FileAlignment>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
|
||||
<DebugSymbols>true</DebugSymbols>
|
||||
<DebugType>full</DebugType>
|
||||
<Optimize>false</Optimize>
|
||||
<OutputPath>bin\Debug\</OutputPath>
|
||||
<DefineConstants>DEBUG;TRACE</DefineConstants>
|
||||
<ErrorReport>prompt</ErrorReport>
|
||||
<WarningLevel>4</WarningLevel>
|
||||
<LangVersion>6</LangVersion>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
|
||||
<DebugType>pdbonly</DebugType>
|
||||
<Optimize>true</Optimize>
|
||||
<OutputPath>bin\Release\</OutputPath>
|
||||
<DefineConstants>TRACE</DefineConstants>
|
||||
<ErrorReport>prompt</ErrorReport>
|
||||
<WarningLevel>4</WarningLevel>
|
||||
<LangVersion>6</LangVersion>
|
||||
</PropertyGroup>
|
||||
<ItemGroup>
|
||||
<Reference Include="Microsoft.Owin, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
|
||||
<HintPath>..\..\packages\Microsoft.Owin.3.0.1\lib\net45\Microsoft.Owin.dll</HintPath>
|
||||
<Private>True</Private>
|
||||
</Reference>
|
||||
<Reference Include="Microsoft.Owin.Security, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
|
||||
<HintPath>..\..\packages\Microsoft.Owin.Security.3.0.1\lib\net45\Microsoft.Owin.Security.dll</HintPath>
|
||||
<Private>True</Private>
|
||||
</Reference>
|
||||
<Reference Include="Newtonsoft.Json, Version=8.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
|
||||
<HintPath>..\..\packages\Newtonsoft.Json.8.0.3\lib\net45\Newtonsoft.Json.dll</HintPath>
|
||||
<Private>True</Private>
|
||||
</Reference>
|
||||
<Reference Include="Owin, Version=1.0.0.0, Culture=neutral, PublicKeyToken=f0ebd12fd5e55cc5, processorArchitecture=MSIL">
|
||||
<HintPath>..\..\packages\Owin.1.0\lib\net40\Owin.dll</HintPath>
|
||||
<Private>True</Private>
|
||||
</Reference>
|
||||
<Reference Include="System" />
|
||||
<Reference Include="System.Core" />
|
||||
<Reference Include="System.Net.Http.WebRequest" />
|
||||
<Reference Include="System.Xml.Linq" />
|
||||
<Reference Include="System.Data.DataSetExtensions" />
|
||||
<Reference Include="Microsoft.CSharp" />
|
||||
<Reference Include="System.Data" />
|
||||
<Reference Include="System.Net.Http" />
|
||||
<Reference Include="System.Xml" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<Compile Include="Properties\AssemblyInfo.cs" />
|
||||
<Compile Include="Constants.cs" />
|
||||
<Compile Include="GoogleAuthenticationExtensions.cs" />
|
||||
<Compile Include="GoogleAuthenticationHandler.cs" />
|
||||
<Compile Include="GoogleAuthenticationMiddleware.cs" />
|
||||
<Compile Include="GoogleAuthenticationOptions.cs" />
|
||||
<Compile Include="Provider\GoogleAuthenticatedContext.cs" />
|
||||
<Compile Include="Provider\GoogleAuthenticationProvider.cs" />
|
||||
<Compile Include="Provider\GoogleReturnEndpointContext.cs" />
|
||||
<Compile Include="Provider\IGoogleAuthenticationProvider.cs" />
|
||||
<Compile Include="Resources.Designer.cs">
|
||||
<DependentUpon>Resources.resx</DependentUpon>
|
||||
<AutoGen>True</AutoGen>
|
||||
<DesignTime>True</DesignTime>
|
||||
</Compile>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<EmbeddedResource Include="Resources.resx">
|
||||
<Generator>ResXFileCodeGenerator</Generator>
|
||||
<LastGenOutput>Resources.Designer.cs</LastGenOutput>
|
||||
</EmbeddedResource>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<None Include="packages.config" />
|
||||
</ItemGroup>
|
||||
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
|
||||
<Target Name="PostBuildMacros">
|
||||
<GetAssemblyIdentity AssemblyFiles="$(TargetPath)">
|
||||
<Output TaskParameter="Assemblies" ItemName="Targets" />
|
||||
</GetAssemblyIdentity>
|
||||
<ItemGroup>
|
||||
<VersionNumber Include="@(Targets->'%(Version)')" />
|
||||
</ItemGroup>
|
||||
</Target>
|
||||
<PropertyGroup>
|
||||
<PreBuildEvent>
|
||||
</PreBuildEvent>
|
||||
<PostBuildEventDependsOn>
|
||||
$(PostBuildEventDependsOn);
|
||||
PostBuildMacros;
|
||||
</PostBuildEventDependsOn>
|
||||
</PropertyGroup>
|
||||
</Project>
|
||||
@@ -0,0 +1,15 @@
|
||||
using System.Reflection;
|
||||
using System.Runtime.InteropServices;
|
||||
|
||||
[assembly: AssemblyTitle("Owin.Security.Providers.Google")]
|
||||
[assembly: AssemblyDescription("")]
|
||||
[assembly: AssemblyConfiguration("")]
|
||||
[assembly: AssemblyCompany("")]
|
||||
[assembly: AssemblyProduct("Owin.Security.Providers.Google")]
|
||||
[assembly: AssemblyCopyright("Copyright © 2019")]
|
||||
[assembly: AssemblyTrademark("")]
|
||||
[assembly: AssemblyCulture("")]
|
||||
[assembly: ComVisible(false)]
|
||||
[assembly: Guid("ed434959-8cf8-4cab-83b3-e4a618327ab5")]
|
||||
[assembly: AssemblyVersion("2.0.0.0")]
|
||||
[assembly: AssemblyFileVersion("2.0.0.0")]
|
||||
@@ -0,0 +1,111 @@
|
||||
// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
|
||||
|
||||
using System;
|
||||
using System.Globalization;
|
||||
using System.Security.Claims;
|
||||
using Microsoft.Owin;
|
||||
using Microsoft.Owin.Security;
|
||||
using Microsoft.Owin.Security.Provider;
|
||||
using Newtonsoft.Json.Linq;
|
||||
|
||||
namespace Owin.Security.Providers.Google.Provider
|
||||
{
|
||||
/// <summary>
|
||||
/// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
|
||||
/// </summary>
|
||||
public class GoogleAuthenticatedContext : BaseContext
|
||||
{
|
||||
/// <summary>
|
||||
/// Initializes a <see cref="GoogleAuthenticatedContext"/>
|
||||
/// </summary>
|
||||
/// <param name="context">The OWIN environment</param>
|
||||
/// <param name="userInfo">The JSON-serialized user_info. Format described here: https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims</param>
|
||||
/// <param name="accessToken">Google Access token</param>
|
||||
/// <param name="expires">Seconds until expiration</param>
|
||||
/// <param name="refreshToken"></param>
|
||||
public GoogleAuthenticatedContext(IOwinContext context, JObject userInfo, string accessToken, string expires, string refreshToken)
|
||||
: base(context)
|
||||
{
|
||||
UserInfo = userInfo;
|
||||
AccessToken = accessToken;
|
||||
RefreshToken = refreshToken;
|
||||
|
||||
int expiresValue;
|
||||
if (int.TryParse(expires, NumberStyles.Integer, CultureInfo.InvariantCulture, out expiresValue))
|
||||
{
|
||||
ExpiresIn = TimeSpan.FromSeconds(expiresValue);
|
||||
}
|
||||
|
||||
// See https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims for a list of properties
|
||||
Id = TryGetValue(userInfo, "sub");
|
||||
Name = TryGetValue(userInfo, "name");
|
||||
Link = TryGetValue(userInfo, "profile");
|
||||
UserName = TryGetValue(userInfo, "name").Replace(" ", "");
|
||||
|
||||
var email = TryGetValue(userInfo, "email");
|
||||
if (email != null)
|
||||
Email = email;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Gets the JSON-serialized user
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Contains the Google user obtained from the endpoint https://www.googleapis.com/oauth2/v3/userinfo
|
||||
/// </remarks>
|
||||
public JObject UserInfo { get; private set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets the Google OAuth access token
|
||||
/// </summary>
|
||||
public string AccessToken { get; private set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets the Google OAuth refresh token. This is only available when the RequestOfflineAccess property of <see cref="GoogleAuthenticationOptions"/> is set to true
|
||||
/// </summary>
|
||||
public string RefreshToken { get; private set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets the Google access token expiration time
|
||||
/// </summary>
|
||||
public TimeSpan? ExpiresIn { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets the Google user ID
|
||||
/// </summary>
|
||||
public string Id { get; private set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets the user's name
|
||||
/// </summary>
|
||||
public string Name { get; private set; }
|
||||
|
||||
public string Link { get; private set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets the Google username
|
||||
/// </summary>
|
||||
public string UserName { get; private set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets the Google email address for the account
|
||||
/// </summary>
|
||||
public string Email { get; private set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets the <see cref="ClaimsIdentity"/> representing the user
|
||||
/// </summary>
|
||||
public ClaimsIdentity Identity { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets a property bag for common authentication properties
|
||||
/// </summary>
|
||||
public AuthenticationProperties Properties { get; set; }
|
||||
|
||||
private static string TryGetValue(JObject user, string propertyName)
|
||||
{
|
||||
JToken value;
|
||||
return user.TryGetValue(propertyName, out value) ? value.ToString() : null;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,50 @@
|
||||
using System;
|
||||
using System.Threading.Tasks;
|
||||
|
||||
namespace Owin.Security.Providers.Google.Provider
|
||||
{
|
||||
/// <summary>
|
||||
/// Default <see cref="IGoogleAuthenticationProvider"/> implementation.
|
||||
/// </summary>
|
||||
public class GoogleAuthenticationProvider : IGoogleAuthenticationProvider
|
||||
{
|
||||
/// <summary>
|
||||
/// Initializes a <see cref="GoogleAuthenticationProvider"/>
|
||||
/// </summary>
|
||||
public GoogleAuthenticationProvider()
|
||||
{
|
||||
OnAuthenticated = context => Task.FromResult<object>(null);
|
||||
OnReturnEndpoint = context => Task.FromResult<object>(null);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the function that is invoked when the Authenticated method is invoked.
|
||||
/// </summary>
|
||||
public Func<GoogleAuthenticatedContext, Task> OnAuthenticated { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the function that is invoked when the ReturnEndpoint method is invoked.
|
||||
/// </summary>
|
||||
public Func<GoogleReturnEndpointContext, Task> OnReturnEndpoint { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Invoked whenever Google successfully authenticates a user
|
||||
/// </summary>
|
||||
/// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
|
||||
/// <returns>A <see cref="Task"/> representing the completed operation.</returns>
|
||||
public virtual Task Authenticated(GoogleAuthenticatedContext context)
|
||||
{
|
||||
return OnAuthenticated(context);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
|
||||
/// </summary>
|
||||
/// <param name="context"></param>
|
||||
/// <returns>A <see cref="Task"/> representing the completed operation.</returns>
|
||||
public virtual Task ReturnEndpoint(GoogleReturnEndpointContext context)
|
||||
{
|
||||
return OnReturnEndpoint(context);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,26 @@
|
||||
// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
|
||||
|
||||
using Microsoft.Owin;
|
||||
using Microsoft.Owin.Security;
|
||||
using Microsoft.Owin.Security.Provider;
|
||||
|
||||
namespace Owin.Security.Providers.Google.Provider
|
||||
{
|
||||
/// <summary>
|
||||
/// Provides context information to middleware providers.
|
||||
/// </summary>
|
||||
public class GoogleReturnEndpointContext : ReturnEndpointContext
|
||||
{
|
||||
/// <summary>
|
||||
///
|
||||
/// </summary>
|
||||
/// <param name="context">OWIN environment</param>
|
||||
/// <param name="ticket">The authentication ticket</param>
|
||||
public GoogleReturnEndpointContext(
|
||||
IOwinContext context,
|
||||
AuthenticationTicket ticket)
|
||||
: base(context, ticket)
|
||||
{
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,24 @@
|
||||
using System.Threading.Tasks;
|
||||
|
||||
namespace Owin.Security.Providers.Google.Provider
|
||||
{
|
||||
/// <summary>
|
||||
/// Specifies callback methods which the <see cref="GoogleAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
|
||||
/// </summary>
|
||||
public interface IGoogleAuthenticationProvider
|
||||
{
|
||||
/// <summary>
|
||||
/// Invoked whenever Google successfully authenticates a user
|
||||
/// </summary>
|
||||
/// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
|
||||
/// <returns>A <see cref="Task"/> representing the completed operation.</returns>
|
||||
Task Authenticated(GoogleAuthenticatedContext context);
|
||||
|
||||
/// <summary>
|
||||
/// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
|
||||
/// </summary>
|
||||
/// <param name="context"></param>
|
||||
/// <returns>A <see cref="Task"/> representing the completed operation.</returns>
|
||||
Task ReturnEndpoint(GoogleReturnEndpointContext context);
|
||||
}
|
||||
}
|
||||
81
src/Owin.Security.Providers.Google/Resources.Designer.cs
generated
Normal file
81
src/Owin.Security.Providers.Google/Resources.Designer.cs
generated
Normal file
@@ -0,0 +1,81 @@
|
||||
//------------------------------------------------------------------------------
|
||||
// <auto-generated>
|
||||
// This code was generated by a tool.
|
||||
// Runtime Version:4.0.30319.42000
|
||||
//
|
||||
// Changes to this file may cause incorrect behavior and will be lost if
|
||||
// the code is regenerated.
|
||||
// </auto-generated>
|
||||
//------------------------------------------------------------------------------
|
||||
|
||||
namespace Owin.Security.Providers.Google {
|
||||
using System;
|
||||
|
||||
|
||||
/// <summary>
|
||||
/// A strongly-typed resource class, for looking up localized strings, etc.
|
||||
/// </summary>
|
||||
// This class was auto-generated by the StronglyTypedResourceBuilder
|
||||
// class via a tool like ResGen or Visual Studio.
|
||||
// To add or remove a member, edit your .ResX file then rerun ResGen
|
||||
// with the /str option, or rebuild your VS project.
|
||||
[global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
|
||||
[global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
|
||||
[global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
|
||||
internal class Resources {
|
||||
|
||||
private static global::System.Resources.ResourceManager resourceMan;
|
||||
|
||||
private static global::System.Globalization.CultureInfo resourceCulture;
|
||||
|
||||
[global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
|
||||
internal Resources() {
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Returns the cached ResourceManager instance used by this class.
|
||||
/// </summary>
|
||||
[global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
|
||||
internal static global::System.Resources.ResourceManager ResourceManager {
|
||||
get {
|
||||
if (object.ReferenceEquals(resourceMan, null)) {
|
||||
var temp = new global::System.Resources.ResourceManager("Owin.Security.Providers.GooglePlus.Resources", typeof(Resources).Assembly);
|
||||
resourceMan = temp;
|
||||
}
|
||||
return resourceMan;
|
||||
}
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Overrides the current thread's CurrentUICulture property for all
|
||||
/// resource lookups using this strongly typed resource class.
|
||||
/// </summary>
|
||||
[global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
|
||||
internal static global::System.Globalization.CultureInfo Culture {
|
||||
get {
|
||||
return resourceCulture;
|
||||
}
|
||||
set {
|
||||
resourceCulture = value;
|
||||
}
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Looks up a localized string similar to The '{0}' option must be provided..
|
||||
/// </summary>
|
||||
internal static string Exception_OptionMustBeProvided {
|
||||
get {
|
||||
return ResourceManager.GetString("Exception_OptionMustBeProvided", resourceCulture);
|
||||
}
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Looks up a localized string similar to An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler..
|
||||
/// </summary>
|
||||
internal static string Exception_ValidatorHandlerMismatch {
|
||||
get {
|
||||
return ResourceManager.GetString("Exception_ValidatorHandlerMismatch", resourceCulture);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
126
src/Owin.Security.Providers.Google/Resources.resx
Normal file
126
src/Owin.Security.Providers.Google/Resources.resx
Normal file
@@ -0,0 +1,126 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<root>
|
||||
<!--
|
||||
Microsoft ResX Schema
|
||||
|
||||
Version 2.0
|
||||
|
||||
The primary goals of this format is to allow a simple XML format
|
||||
that is mostly human readable. The generation and parsing of the
|
||||
various data types are done through the TypeConverter classes
|
||||
associated with the data types.
|
||||
|
||||
Example:
|
||||
|
||||
... ado.net/XML headers & schema ...
|
||||
<resheader name="resmimetype">text/microsoft-resx</resheader>
|
||||
<resheader name="version">2.0</resheader>
|
||||
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
|
||||
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
|
||||
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
|
||||
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
|
||||
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
|
||||
<value>[base64 mime encoded serialized .NET Framework object]</value>
|
||||
</data>
|
||||
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
|
||||
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
|
||||
<comment>This is a comment</comment>
|
||||
</data>
|
||||
|
||||
There are any number of "resheader" rows that contain simple
|
||||
name/value pairs.
|
||||
|
||||
Each data row contains a name, and value. The row also contains a
|
||||
type or mimetype. Type corresponds to a .NET class that support
|
||||
text/value conversion through the TypeConverter architecture.
|
||||
Classes that don't support this are serialized and stored with the
|
||||
mimetype set.
|
||||
|
||||
The mimetype is used for serialized objects, and tells the
|
||||
ResXResourceReader how to depersist the object. This is currently not
|
||||
extensible. For a given mimetype the value must be set accordingly:
|
||||
|
||||
Note - application/x-microsoft.net.object.binary.base64 is the format
|
||||
that the ResXResourceWriter will generate, however the reader can
|
||||
read any of the formats listed below.
|
||||
|
||||
mimetype: application/x-microsoft.net.object.binary.base64
|
||||
value : The object must be serialized with
|
||||
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
|
||||
: and then encoded with base64 encoding.
|
||||
|
||||
mimetype: application/x-microsoft.net.object.soap.base64
|
||||
value : The object must be serialized with
|
||||
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
|
||||
: and then encoded with base64 encoding.
|
||||
|
||||
mimetype: application/x-microsoft.net.object.bytearray.base64
|
||||
value : The object must be serialized into a byte array
|
||||
: using a System.ComponentModel.TypeConverter
|
||||
: and then encoded with base64 encoding.
|
||||
-->
|
||||
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
|
||||
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
|
||||
<xsd:element name="root" msdata:IsDataSet="true">
|
||||
<xsd:complexType>
|
||||
<xsd:choice maxOccurs="unbounded">
|
||||
<xsd:element name="metadata">
|
||||
<xsd:complexType>
|
||||
<xsd:sequence>
|
||||
<xsd:element name="value" type="xsd:string" minOccurs="0" />
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="name" use="required" type="xsd:string" />
|
||||
<xsd:attribute name="type" type="xsd:string" />
|
||||
<xsd:attribute name="mimetype" type="xsd:string" />
|
||||
<xsd:attribute ref="xml:space" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
<xsd:element name="assembly">
|
||||
<xsd:complexType>
|
||||
<xsd:attribute name="alias" type="xsd:string" />
|
||||
<xsd:attribute name="name" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
<xsd:element name="data">
|
||||
<xsd:complexType>
|
||||
<xsd:sequence>
|
||||
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
|
||||
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
|
||||
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
|
||||
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
|
||||
<xsd:attribute ref="xml:space" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
<xsd:element name="resheader">
|
||||
<xsd:complexType>
|
||||
<xsd:sequence>
|
||||
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="name" type="xsd:string" use="required" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
</xsd:choice>
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
</xsd:schema>
|
||||
<resheader name="resmimetype">
|
||||
<value>text/microsoft-resx</value>
|
||||
</resheader>
|
||||
<resheader name="version">
|
||||
<value>2.0</value>
|
||||
</resheader>
|
||||
<resheader name="reader">
|
||||
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
|
||||
</resheader>
|
||||
<resheader name="writer">
|
||||
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
|
||||
</resheader>
|
||||
<data name="Exception_OptionMustBeProvided" xml:space="preserve">
|
||||
<value>The '{0}' option must be provided.</value>
|
||||
</data>
|
||||
<data name="Exception_ValidatorHandlerMismatch" xml:space="preserve">
|
||||
<value>An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.</value>
|
||||
</data>
|
||||
</root>
|
||||
7
src/Owin.Security.Providers.Google/packages.config
Normal file
7
src/Owin.Security.Providers.Google/packages.config
Normal file
@@ -0,0 +1,7 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<packages>
|
||||
<package id="Microsoft.Owin" version="3.0.1" targetFramework="net45" />
|
||||
<package id="Microsoft.Owin.Security" version="3.0.1" targetFramework="net45" />
|
||||
<package id="Newtonsoft.Json" version="8.0.3" targetFramework="net45" />
|
||||
<package id="Owin" version="1.0" targetFramework="net45" />
|
||||
</packages>
|
||||
@@ -1,6 +1,7 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Net;
|
||||
using System.Net.Http;
|
||||
using System.Security.Claims;
|
||||
using System.Threading.Tasks;
|
||||
@@ -16,8 +17,10 @@ namespace Owin.Security.Providers.LinkedIn
|
||||
public class LinkedInAuthenticationHandler : AuthenticationHandler<LinkedInAuthenticationOptions>
|
||||
{
|
||||
private const string XmlSchemaString = "http://www.w3.org/2001/XMLSchema#string";
|
||||
private const string TokenEndpoint = "https://www.linkedin.com/uas/oauth2/accessToken";
|
||||
private const string UserInfoEndpoint = "https://api.linkedin.com/v1/people/";
|
||||
private const string TokenEndpoint = "https://www.linkedin.com/oauth/v2/accessToken";
|
||||
private const string UserInfoEndpoint = "https://api.linkedin.com/v2/me";
|
||||
private const string AuthorizationEndpoint = "https://www.linkedin.com/oauth/v2/authorization";
|
||||
private const string EmailEndpoint = "https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))";
|
||||
|
||||
private readonly ILogger _logger;
|
||||
private readonly HttpClient _httpClient;
|
||||
@@ -34,21 +37,7 @@ namespace Owin.Security.Providers.LinkedIn
|
||||
|
||||
try
|
||||
{
|
||||
string code = null;
|
||||
string state = null;
|
||||
|
||||
var query = Request.Query;
|
||||
var values = query.GetValues("code");
|
||||
if (values != null && values.Count == 1)
|
||||
{
|
||||
code = values[0];
|
||||
}
|
||||
values = query.GetValues("state");
|
||||
if (values != null && values.Count == 1)
|
||||
{
|
||||
state = values[0];
|
||||
}
|
||||
|
||||
var state = GetQueryValue("state");
|
||||
properties = Options.StateDataFormat.Unprotect(state);
|
||||
if (properties == null)
|
||||
{
|
||||
@@ -61,94 +50,31 @@ namespace Owin.Security.Providers.LinkedIn
|
||||
return new AuthenticationTicket(null, properties);
|
||||
}
|
||||
|
||||
var requestPrefix = Request.Scheme + "://" + this.GetHostName();
|
||||
var redirectUri = requestPrefix + Request.PathBase + Options.CallbackPath;
|
||||
|
||||
// Build up the body for the token request
|
||||
var body = new List<KeyValuePair<string, string>>
|
||||
{
|
||||
new KeyValuePair<string, string>("grant_type", "authorization_code"),
|
||||
new KeyValuePair<string, string>("code", code),
|
||||
new KeyValuePair<string, string>("redirect_uri", redirectUri),
|
||||
new KeyValuePair<string, string>("client_id", Options.ClientId),
|
||||
new KeyValuePair<string, string>("client_secret", Options.ClientSecret)
|
||||
};
|
||||
|
||||
// Request the token
|
||||
var tokenResponse = await _httpClient.PostAsync(TokenEndpoint, new FormUrlEncodedContent(body));
|
||||
tokenResponse.EnsureSuccessStatusCode();
|
||||
var text = await tokenResponse.Content.ReadAsStringAsync();
|
||||
|
||||
// Deserializes the token response
|
||||
dynamic response = JsonConvert.DeserializeObject<dynamic>(text);
|
||||
var code = GetQueryValue("code");
|
||||
var accessTokenResponse = await GetAccessToken(code);
|
||||
dynamic response = JsonConvert.DeserializeObject<dynamic>(accessTokenResponse);
|
||||
var accessToken = (string)response.access_token;
|
||||
var expires = (string) response.expires_in;
|
||||
var expires = (string)response.expires_in;
|
||||
|
||||
// Get the LinkedIn user
|
||||
var userInfoEndpoint = UserInfoEndpoint
|
||||
+ "~:("+ string.Join(",", Options.ProfileFields.Distinct().ToArray()) +")"
|
||||
+ "?oauth2_access_token=" + Uri.EscapeDataString(accessToken);
|
||||
var userRequest = new HttpRequestMessage(HttpMethod.Get, userInfoEndpoint);
|
||||
userRequest.Headers.Add("x-li-format", "json");
|
||||
var graphResponse = await _httpClient.SendAsync(userRequest, Request.CallCancelled);
|
||||
graphResponse.EnsureSuccessStatusCode();
|
||||
text = await graphResponse.Content.ReadAsStringAsync();
|
||||
var user = JObject.Parse(text);
|
||||
var userInfoResponse = await GetUserInfo(accessToken);
|
||||
var user = JObject.Parse(userInfoResponse);
|
||||
string email = null;
|
||||
if (Options.Scope.Contains(LinkedInAuthenticationOptions.EmailAddressScopeName))
|
||||
{
|
||||
email = await GetUserEmail(accessToken);
|
||||
}
|
||||
|
||||
var context = new LinkedInAuthenticatedContext(Context, user, accessToken, expires)
|
||||
var context = new LinkedInAuthenticatedContext(Context, user, accessToken, expires, email)
|
||||
{
|
||||
Identity = new ClaimsIdentity(
|
||||
Options.AuthenticationType,
|
||||
ClaimsIdentity.DefaultNameClaimType,
|
||||
ClaimsIdentity.DefaultRoleClaimType)
|
||||
};
|
||||
if (!string.IsNullOrEmpty(context.Id))
|
||||
{
|
||||
context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.Id, XmlSchemaString, Options.AuthenticationType));
|
||||
}
|
||||
if (!string.IsNullOrEmpty(context.Email))
|
||||
{
|
||||
context.Identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, XmlSchemaString, Options.AuthenticationType));
|
||||
}
|
||||
if (!string.IsNullOrEmpty(context.GivenName))
|
||||
{
|
||||
context.Identity.AddClaim(new Claim(ClaimTypes.GivenName, context.GivenName, XmlSchemaString, Options.AuthenticationType));
|
||||
}
|
||||
if (!string.IsNullOrEmpty(context.FamilyName))
|
||||
{
|
||||
context.Identity.AddClaim(new Claim(ClaimTypes.Surname, context.FamilyName, XmlSchemaString, Options.AuthenticationType));
|
||||
}
|
||||
if (!string.IsNullOrEmpty(context.Name))
|
||||
{
|
||||
context.Identity.AddClaim(new Claim(ClaimTypes.Name, context.Name, XmlSchemaString, Options.AuthenticationType));
|
||||
context.Identity.AddClaim(new Claim("urn:linkedin:name", context.Name, XmlSchemaString, Options.AuthenticationType));
|
||||
}
|
||||
if (!string.IsNullOrEmpty(context.Industry))
|
||||
{
|
||||
context.Identity.AddClaim(new Claim("urn:linkedin:industry", context.Industry, XmlSchemaString, Options.AuthenticationType));
|
||||
}
|
||||
if (!string.IsNullOrEmpty(context.Positions))
|
||||
{
|
||||
context.Identity.AddClaim(new Claim("urn:linkedin:positions", context.Positions, XmlSchemaString, Options.AuthenticationType));
|
||||
}
|
||||
if (!string.IsNullOrEmpty(context.Summary))
|
||||
{
|
||||
context.Identity.AddClaim(new Claim("urn:linkedin:summary", context.Summary, XmlSchemaString, Options.AuthenticationType));
|
||||
}
|
||||
if (!string.IsNullOrEmpty(context.Headline))
|
||||
{
|
||||
context.Identity.AddClaim(new Claim("urn:linkedin:headline", context.Headline, XmlSchemaString, Options.AuthenticationType));
|
||||
}
|
||||
if (!string.IsNullOrEmpty(context.Link))
|
||||
{
|
||||
context.Identity.AddClaim(new Claim("urn:linkedin:url", context.Link, XmlSchemaString, Options.AuthenticationType));
|
||||
}
|
||||
if (!string.IsNullOrEmpty(context.AccessToken))
|
||||
{
|
||||
context.Identity.AddClaim(new Claim("urn:linkedin:accesstoken", context.AccessToken, XmlSchemaString, Options.AuthenticationType));
|
||||
}
|
||||
context.Properties = properties;
|
||||
|
||||
AddClaimsToContextIdentity(context);
|
||||
|
||||
context.Properties = properties;
|
||||
await Options.Provider.Authenticated(context);
|
||||
|
||||
return new AuthenticationTicket(context.Identity, context.Properties);
|
||||
@@ -206,7 +132,7 @@ namespace Owin.Security.Providers.LinkedIn
|
||||
var state = Options.StateDataFormat.Protect(properties);
|
||||
|
||||
var authorizationEndpoint =
|
||||
"https://www.linkedin.com/uas/oauth2/authorization" +
|
||||
AuthorizationEndpoint +
|
||||
"?response_type=code" +
|
||||
"&client_id=" + Uri.EscapeDataString(Options.ClientId) +
|
||||
"&redirect_uri=" + Uri.EscapeDataString(redirectUri) +
|
||||
@@ -281,5 +207,123 @@ namespace Owin.Security.Providers.LinkedIn
|
||||
{
|
||||
return string.IsNullOrWhiteSpace(Options.ProxyHost) ? Request.Host.ToString() : Options.ProxyHost;
|
||||
}
|
||||
|
||||
private static void SetAuthorizedRequestHeaders(string accessToken, HttpRequestMessage userRequest)
|
||||
{
|
||||
userRequest.Headers.Add("x-li-format", "json");
|
||||
userRequest.Headers.Add("Authorization", "Bearer " + accessToken);
|
||||
}
|
||||
|
||||
private async Task<string> GetUserEmail(string accessToken)
|
||||
{
|
||||
var emailRequest = new HttpRequestMessage(HttpMethod.Get, EmailEndpoint);
|
||||
SetAuthorizedRequestHeaders(accessToken, emailRequest);
|
||||
var graphResponse = await _httpClient.SendAsync(emailRequest, Request.CallCancelled);
|
||||
try
|
||||
{
|
||||
graphResponse.EnsureSuccessStatusCode();
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
_logger.WriteError(string.Format("Retrieving the user email using authorization from provider {0} failed. Message: {1}", Options.AuthenticationType, e.Message));
|
||||
throw;
|
||||
}
|
||||
|
||||
var text = await graphResponse.Content.ReadAsStringAsync();
|
||||
var emailResponse = JObject.Parse(text);
|
||||
string email = null;
|
||||
var emailValue = emailResponse.SelectToken("elements[0].handle~.emailAddress");
|
||||
if (emailValue != null)
|
||||
{
|
||||
email = emailValue.Value<string>();
|
||||
}
|
||||
else
|
||||
{
|
||||
var errorMessageValue = emailResponse.SelectToken("elements[0].handle!.message");
|
||||
var errorMessage = string.Empty;
|
||||
if (errorMessageValue != null)
|
||||
{
|
||||
errorMessage = errorMessageValue.Value<string>();
|
||||
}
|
||||
|
||||
_logger.WriteWarning("Could not retrieve the user email from LinkedIn. Message: " + errorMessage);
|
||||
}
|
||||
|
||||
return await Task.FromResult<string>(email);
|
||||
}
|
||||
|
||||
private async Task<string> GetAccessToken(string code)
|
||||
{
|
||||
var requestPrefix = Request.Scheme + "://" + this.GetHostName();
|
||||
var redirectUri = requestPrefix + Request.PathBase + Options.CallbackPath;
|
||||
|
||||
// Build up the body for the token request
|
||||
var body = new List<KeyValuePair<string, string>>
|
||||
{
|
||||
new KeyValuePair<string, string>("grant_type", "authorization_code"),
|
||||
new KeyValuePair<string, string>("code", code),
|
||||
new KeyValuePair<string, string>("redirect_uri", redirectUri),
|
||||
new KeyValuePair<string, string>("client_id", Options.ClientId),
|
||||
new KeyValuePair<string, string>("client_secret", Options.ClientSecret)
|
||||
};
|
||||
|
||||
// Request the token
|
||||
var tokenResponse = await _httpClient.PostAsync(TokenEndpoint, new FormUrlEncodedContent(body));
|
||||
tokenResponse.EnsureSuccessStatusCode();
|
||||
return await tokenResponse.Content.ReadAsStringAsync();
|
||||
}
|
||||
|
||||
private async Task<string> GetUserInfo(string accessToken)
|
||||
{
|
||||
var userInfoEndpoint = UserInfoEndpoint
|
||||
+ "?projection=(" + string.Join(",", Options.ProfileFields.Distinct().ToArray()) + ")";
|
||||
var userRequest = new HttpRequestMessage(HttpMethod.Get, userInfoEndpoint);
|
||||
SetAuthorizedRequestHeaders(accessToken, userRequest);
|
||||
var graphResponse = await _httpClient.SendAsync(userRequest, Request.CallCancelled);
|
||||
graphResponse.EnsureSuccessStatusCode();
|
||||
return await graphResponse.Content.ReadAsStringAsync();
|
||||
}
|
||||
|
||||
private void AddClaimsToContextIdentity(LinkedInAuthenticatedContext context)
|
||||
{
|
||||
if (!string.IsNullOrEmpty(context.Id))
|
||||
{
|
||||
context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.Id, XmlSchemaString, Options.AuthenticationType));
|
||||
}
|
||||
if (!string.IsNullOrEmpty(context.Email))
|
||||
{
|
||||
context.Identity.AddClaim(new Claim(ClaimTypes.Email, context.Email, XmlSchemaString, Options.AuthenticationType));
|
||||
}
|
||||
if (!string.IsNullOrEmpty(context.GivenName))
|
||||
{
|
||||
context.Identity.AddClaim(new Claim(ClaimTypes.GivenName, context.GivenName, XmlSchemaString, Options.AuthenticationType));
|
||||
}
|
||||
if (!string.IsNullOrEmpty(context.FamilyName))
|
||||
{
|
||||
context.Identity.AddClaim(new Claim(ClaimTypes.Surname, context.FamilyName, XmlSchemaString, Options.AuthenticationType));
|
||||
}
|
||||
if (!string.IsNullOrEmpty(context.Name))
|
||||
{
|
||||
context.Identity.AddClaim(new Claim(ClaimTypes.Name, context.Name, XmlSchemaString, Options.AuthenticationType));
|
||||
context.Identity.AddClaim(new Claim("urn:linkedin:name", context.Name, XmlSchemaString, Options.AuthenticationType));
|
||||
}
|
||||
if (!string.IsNullOrEmpty(context.AccessToken))
|
||||
{
|
||||
context.Identity.AddClaim(new Claim("urn:linkedin:accesstoken", context.AccessToken, XmlSchemaString, Options.AuthenticationType));
|
||||
}
|
||||
}
|
||||
|
||||
private string GetQueryValue(string name)
|
||||
{
|
||||
string result = null;
|
||||
var query = Request.Query;
|
||||
var values = query.GetValues(name);
|
||||
if (values != null && values.Count == 1)
|
||||
{
|
||||
result = values[0];
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -8,6 +8,11 @@ namespace Owin.Security.Providers.LinkedIn
|
||||
{
|
||||
public class LinkedInAuthenticationOptions : AuthenticationOptions
|
||||
{
|
||||
/// <summary>
|
||||
/// The calim name that is used to request permission to retrieve the user address during the authorization call
|
||||
/// </summary>
|
||||
public const string EmailAddressScopeName = "r_emailaddress";
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the a pinned certificate validator to use to validate the endpoints used
|
||||
/// in back channel communications belong to LinkedIn.
|
||||
@@ -118,22 +123,15 @@ namespace Owin.Security.Providers.LinkedIn
|
||||
AuthenticationMode = AuthenticationMode.Passive;
|
||||
Scope = new List<string>
|
||||
{
|
||||
"r_basicprofile",
|
||||
"r_emailaddress"
|
||||
"r_liteprofile",
|
||||
EmailAddressScopeName
|
||||
};
|
||||
ProfileFields = new List<string>
|
||||
{
|
||||
"id",
|
||||
"first-name",
|
||||
"last-name",
|
||||
"formatted-name",
|
||||
"email-address",
|
||||
"public-profile-url",
|
||||
"picture-url",
|
||||
"industry",
|
||||
"headline",
|
||||
"summary",
|
||||
"positions"
|
||||
"firstName",
|
||||
"lastName",
|
||||
"profilePicture(displayImage~:playableStreams)"
|
||||
};
|
||||
BackchannelTimeout = TimeSpan.FromSeconds(60);
|
||||
}
|
||||
|
||||
@@ -6,8 +6,8 @@ using System.Security.Claims;
|
||||
using Microsoft.Owin;
|
||||
using Microsoft.Owin.Security;
|
||||
using Microsoft.Owin.Security.Provider;
|
||||
using Newtonsoft.Json.Linq;
|
||||
using Newtonsoft.Json;
|
||||
using Newtonsoft.Json.Linq;
|
||||
|
||||
namespace Owin.Security.Providers.LinkedIn
|
||||
{
|
||||
@@ -26,26 +26,35 @@ namespace Owin.Security.Providers.LinkedIn
|
||||
public LinkedInAuthenticatedContext(IOwinContext context, JObject user, string accessToken, string expires)
|
||||
: base(context)
|
||||
{
|
||||
User = user;
|
||||
AccessToken = accessToken;
|
||||
this.User = user;
|
||||
this.AccessToken = accessToken;
|
||||
|
||||
int expiresValue;
|
||||
if (int.TryParse(expires, NumberStyles.Integer, CultureInfo.InvariantCulture, out expiresValue))
|
||||
{
|
||||
ExpiresIn = TimeSpan.FromSeconds(expiresValue);
|
||||
this.ExpiresIn = TimeSpan.FromSeconds(expiresValue);
|
||||
}
|
||||
|
||||
Id = TryGetValue(user, "id");
|
||||
Name = TryGetValue(user, "formattedName");
|
||||
FamilyName = TryGetValue(user, "lastName");
|
||||
GivenName = TryGetValue(user, "firstName");
|
||||
Link = TryGetValue(user, "publicProfileUrl");
|
||||
UserName = TryGetValue(user, "formattedName").Replace(" ", "");
|
||||
Email = TryGetValue(user, "emailAddress");
|
||||
Industry = TryGetValue(user, "industry");
|
||||
Summary = TryGetValue(user, "summary");
|
||||
Headline = TryGetValue(user, "headline");
|
||||
Positions = TryGetValueAndSerialize(user, "positions");
|
||||
this.Id = TryGetValue(user, "id");
|
||||
this.FamilyName = TryGetLocalizedValue(user, "lastName");
|
||||
this.GivenName = TryGetLocalizedValue(user, "firstName");
|
||||
if (this.FamilyName != null || this.GivenName != null)
|
||||
{
|
||||
this.Name = string.Join(" ", this.GivenName, this.FamilyName);
|
||||
}
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Initializes a <see cref="LinkedInAuthenticatedContext"/>
|
||||
/// </summary>
|
||||
/// <param name="context">The OWIN environment</param>
|
||||
/// <param name="user">The JSON-serialized user</param>
|
||||
/// <param name="accessToken">LinkedIn Access token</param>
|
||||
/// <param name="expires">Seconds until expiration</param>
|
||||
/// <param name="expires">User email returned from dedicated endpoint</param>
|
||||
public LinkedInAuthenticatedContext(IOwinContext context, JObject user, string accessToken, string expires, string email) : this(context, user, accessToken, expires)
|
||||
{
|
||||
this.Email = email;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
@@ -95,25 +104,30 @@ namespace Owin.Security.Providers.LinkedIn
|
||||
/// <summary>
|
||||
/// Describes the users membership profile
|
||||
/// </summary>
|
||||
[Obsolete("LinkedIn doesn't return this claim anymore.")]
|
||||
public string Summary { get; private set; }
|
||||
|
||||
/// <summary>
|
||||
/// Industry the member belongs to
|
||||
/// https://developer.linkedin.com/docs/reference/industry-codes
|
||||
/// </summary>
|
||||
[Obsolete("LinkedIn doesn't return this claim anymore.")]
|
||||
public string Industry { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// The members headline
|
||||
/// </summary>
|
||||
[Obsolete("LinkedIn doesn't return this claim anymore.")]
|
||||
public string Headline { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Member's current positions
|
||||
/// https://developer.linkedin.com/docs/fields/positions
|
||||
/// </summary>
|
||||
[Obsolete("LinkedIn doesn't return this claim anymore.")]
|
||||
public string Positions { get; set; }
|
||||
|
||||
[Obsolete("LinkedIn doesn't return this claim anymore.")]
|
||||
public string Link { get; private set; }
|
||||
|
||||
/// <summary>
|
||||
@@ -142,5 +156,28 @@ namespace Owin.Security.Providers.LinkedIn
|
||||
JToken value;
|
||||
return user.TryGetValue(propertyName, out value) ? JsonConvert.SerializeObject(value) : null;
|
||||
}
|
||||
|
||||
private static string TryGetLocalizedValue(JObject container, string propertyName)
|
||||
{
|
||||
var localizedValues = container.SelectToken(propertyName + ".localized") as JObject;
|
||||
if (localizedValues == null)
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
var defaultValue = TryGetValue(localizedValues, "en-US");
|
||||
if (defaultValue != null)
|
||||
{
|
||||
return defaultValue;
|
||||
}
|
||||
|
||||
if (localizedValues.HasValues)
|
||||
{
|
||||
return localizedValues.First.First.Value<string>();
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,7 +1,11 @@
|
||||
namespace Owin.Security.Providers.Salesforce
|
||||
{
|
||||
internal static class Constants
|
||||
public static class Constants
|
||||
{
|
||||
public const string DefaultAuthenticationType = "Salesforce";
|
||||
|
||||
public const string EnvironmentAuthenticationProperty = "Environment";
|
||||
public const string ProductionEnvironment = "Production";
|
||||
public const string SandboxEnvironment = "Sandbox";
|
||||
}
|
||||
}
|
||||
@@ -18,6 +18,12 @@ namespace Owin.Security.Providers.Salesforce
|
||||
{
|
||||
private const string XmlSchemaString = "http://www.w3.org/2001/XMLSchema#string";
|
||||
|
||||
private const string ProductionHost = "https://login.salesforce.com";
|
||||
private const string SandboxHost = "https://test.salesforce.com";
|
||||
|
||||
private const string AuthorizationEndpoint = "/services/oauth2/authorize";
|
||||
private const string TokenEndpoint = "/services/oauth2/token";
|
||||
|
||||
private readonly ILogger _logger;
|
||||
private readonly HttpClient _httpClient;
|
||||
|
||||
@@ -74,7 +80,7 @@ namespace Owin.Security.Providers.Salesforce
|
||||
};
|
||||
|
||||
// Request the token
|
||||
var requestMessage = new HttpRequestMessage(HttpMethod.Post, Options.Endpoints.TokenEndpoint);
|
||||
var requestMessage = new HttpRequestMessage(HttpMethod.Post, ComposeTokenEndpoint(properties));
|
||||
requestMessage.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
|
||||
requestMessage.Content = new FormUrlEncodedContent(body);
|
||||
var tokenResponse = await _httpClient.SendAsync(requestMessage);
|
||||
@@ -186,8 +192,10 @@ namespace Owin.Security.Providers.Salesforce
|
||||
|
||||
var state = Options.StateDataFormat.Protect(properties);
|
||||
|
||||
var authorizationEndpoint =
|
||||
$"{Options.Endpoints.AuthorizationEndpoint}?response_type={"code"}&client_id={Options.ClientId}&redirect_uri={HttpUtility.UrlEncode(redirectUri)}&display={"page"}&immediate={false}&state={Uri.EscapeDataString(state)}";
|
||||
var authorizationEndpoint = ComposeAuthorizationEndpoint(properties);
|
||||
|
||||
authorizationEndpoint =
|
||||
$"{authorizationEndpoint}?response_type={"code"}&client_id={Options.ClientId}&redirect_uri={HttpUtility.UrlEncode(redirectUri)}&display={Options.DisplayMode}&immediate={false}&state={Uri.EscapeDataString(state)}";
|
||||
|
||||
if (Options.Scope != null && Options.Scope.Count > 0)
|
||||
{
|
||||
@@ -253,5 +261,66 @@ namespace Owin.Security.Providers.Salesforce
|
||||
|
||||
return context.IsRequestCompleted;
|
||||
}
|
||||
|
||||
private string ComposeAuthorizationEndpoint(AuthenticationProperties properties) {
|
||||
string endpointPath = AuthorizationEndpoint;
|
||||
|
||||
string endpoint =
|
||||
!String.IsNullOrEmpty(Options.Endpoints.AuthorizationEndpoint) ?
|
||||
Options.Endpoints.AuthorizationEndpoint :
|
||||
ComposeEndpoint(properties, endpointPath);
|
||||
|
||||
// if AuthenticationProperties for this session specifies an environment property
|
||||
// it should take precedence over the value in AuthenticationOptions
|
||||
string environmentProperty = null;
|
||||
if (properties.Dictionary.TryGetValue(Constants.EnvironmentAuthenticationProperty, out environmentProperty)) {
|
||||
endpoint =
|
||||
environmentProperty == Constants.SandboxEnvironment ?
|
||||
SandboxHost + endpointPath :
|
||||
ProductionHost + endpointPath;
|
||||
}
|
||||
|
||||
return endpoint;
|
||||
}
|
||||
|
||||
private string ComposeTokenEndpoint(AuthenticationProperties properties) {
|
||||
string endpointPath = TokenEndpoint;
|
||||
|
||||
string endpoint =
|
||||
!String.IsNullOrEmpty(Options.Endpoints.TokenEndpoint) ?
|
||||
Options.Endpoints.TokenEndpoint :
|
||||
ComposeEndpoint(properties, endpointPath);
|
||||
|
||||
// if AuthenticationProperties for this session specifies an environment property
|
||||
// it should take precedence over the value in AuthenticationOptions
|
||||
string environmentProperty = null; ;
|
||||
if (properties.Dictionary.TryGetValue(Constants.EnvironmentAuthenticationProperty, out environmentProperty)) {
|
||||
endpoint =
|
||||
environmentProperty == Constants.SandboxEnvironment ?
|
||||
SandboxHost + endpointPath :
|
||||
ProductionHost + endpointPath;
|
||||
}
|
||||
|
||||
return endpoint;
|
||||
}
|
||||
|
||||
private string ComposeEndpoint(AuthenticationProperties properties, string endpointPath) {
|
||||
string endpoint =
|
||||
!String.IsNullOrEmpty(Options.Endpoints.Environment) && Options.Endpoints.Environment == Constants.SandboxEnvironment ?
|
||||
SandboxHost + endpointPath :
|
||||
ProductionHost + endpointPath;
|
||||
|
||||
// if AuthenticationProperties for this session specifies an environment property
|
||||
// it should take precedence over the value in AuthenticationOptions
|
||||
string environmentProperty = null; ;
|
||||
if (properties.Dictionary.TryGetValue(Constants.EnvironmentAuthenticationProperty, out environmentProperty)) {
|
||||
endpoint =
|
||||
environmentProperty == Constants.SandboxEnvironment ?
|
||||
SandboxHost + endpointPath :
|
||||
ProductionHost + endpointPath;
|
||||
}
|
||||
|
||||
return endpoint;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -19,11 +19,28 @@ namespace Owin.Security.Providers.Salesforce
|
||||
/// Endpoint which is used to exchange code for access token
|
||||
/// </summary>
|
||||
public string TokenEndpoint { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Production or Sandbox. Use Constants.ProductionEnvironment or Constants.SandboxEnvironment
|
||||
/// </summary>
|
||||
public string Environment { get; set; }
|
||||
}
|
||||
|
||||
private const string AuthorizationEndPoint = "";
|
||||
private const string TokenEndpoint = "";
|
||||
|
||||
/// <summary>
|
||||
/// Options for Display Mode
|
||||
/// Changes the login and authorization pages’ display type. Salesforce supports these values.
|
||||
/// page—Full-page authorization screen(default)
|
||||
/// popup—Compact dialog optimized for modern web browser popup windows
|
||||
/// touch—Mobile-optimized dialog designed for modern smartphones, such as Android and iPhone
|
||||
/// mobile—Mobile-optimized dialog designed for less capable smartphones, such as BlackBerry OS 5
|
||||
/// </summary>
|
||||
public enum Display{
|
||||
page,
|
||||
popup,
|
||||
touch,
|
||||
mobile
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the a pinned certificate validator to use to validate the endpoints used
|
||||
/// in back channel communications belong to Salesforce.
|
||||
@@ -79,8 +96,8 @@ namespace Owin.Security.Providers.Salesforce
|
||||
public string ClientSecret { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets the sets of OAuth endpoints used to authenticate against Salesforce. Overriding these endpoints allows you to use Salesforce Enterprise for
|
||||
/// authentication.
|
||||
/// Gets the sets of OAuth endpoints used to authenticate against Salesforce.
|
||||
/// Overriding these endpoints allows you to use Salesforce Enterprise for authentication.
|
||||
/// </summary>
|
||||
public SalesforceAuthenticationEndpoints Endpoints { get; set; }
|
||||
|
||||
@@ -108,6 +125,10 @@ namespace Owin.Security.Providers.Salesforce
|
||||
/// <see cref="System.Security.Claims.ClaimsIdentity" />.
|
||||
/// </summary>
|
||||
public string SignInAsAuthenticationType { get; set; }
|
||||
/// <summary>
|
||||
/// Gets or sets the display—(Optional)
|
||||
/// </summary>
|
||||
public Display DisplayMode { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the type used to secure data handled by the middleware.
|
||||
@@ -127,8 +148,8 @@ namespace Owin.Security.Providers.Salesforce
|
||||
BackchannelTimeout = TimeSpan.FromSeconds(60);
|
||||
Endpoints = new SalesforceAuthenticationEndpoints
|
||||
{
|
||||
AuthorizationEndpoint = AuthorizationEndPoint,
|
||||
TokenEndpoint = TokenEndpoint
|
||||
AuthorizationEndpoint = null,
|
||||
TokenEndpoint = null
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
@@ -10,7 +10,7 @@ namespace Owin.Security.Providers.Steam
|
||||
{
|
||||
internal sealed class SteamAuthenticationHandler : OpenIDAuthenticationHandlerBase<SteamAuthenticationOptions>
|
||||
{
|
||||
private readonly Regex _accountIDRegex = new Regex(@"^http://steamcommunity\.com/openid/id/(7[0-9]{15,25})$", RegexOptions.Compiled);
|
||||
private readonly Regex _accountIDRegex = new Regex(@"^https?://steamcommunity\.com/openid/id/(7[0-9]{15,25})$", RegexOptions.Compiled);
|
||||
|
||||
private const string UserInfoUri = "http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key={0}&steamids={1}";
|
||||
|
||||
|
||||
@@ -60,8 +60,7 @@ namespace Owin.Security.Providers.Twitch
|
||||
return new AuthenticationTicket(null, properties);
|
||||
}
|
||||
|
||||
var requestPrefix = Request.Scheme + "://" + Request.Host;
|
||||
var redirectUri = requestPrefix + Request.PathBase + Options.CallbackPath;
|
||||
var redirectUri = GetRequestPrefix() + Request.PathBase + Options.CallbackPath;
|
||||
|
||||
// Build up the body for the token request
|
||||
var body = new List<KeyValuePair<string, string>>
|
||||
@@ -146,9 +145,7 @@ namespace Owin.Security.Providers.Twitch
|
||||
|
||||
if (challenge == null) return Task.FromResult<object>(null);
|
||||
var baseUri =
|
||||
Request.Scheme +
|
||||
Uri.SchemeDelimiter +
|
||||
Request.Host +
|
||||
GetRequestPrefix() +
|
||||
Request.PathBase;
|
||||
|
||||
var currentUri =
|
||||
@@ -237,5 +234,12 @@ namespace Owin.Security.Providers.Twitch
|
||||
|
||||
return context.IsRequestCompleted;
|
||||
}
|
||||
|
||||
private string GetRequestPrefix()
|
||||
{
|
||||
return !String.IsNullOrEmpty(Options.RequestPrefix)
|
||||
? Options.RequestPrefix
|
||||
: Request.Scheme + Uri.SchemeDelimiter + Request.Host;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -125,6 +125,11 @@ namespace Owin.Security.Providers.Twitch
|
||||
/// </summary>
|
||||
public bool ForceVerify { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the Request prefix
|
||||
/// </summary>
|
||||
public string RequestPrefix { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Initializes a new <see cref="TwitchAuthenticationOptions" />
|
||||
/// </summary>
|
||||
|
||||
7
src/Owin.Security.Providers.Typeform/Constants.cs
Normal file
7
src/Owin.Security.Providers.Typeform/Constants.cs
Normal file
@@ -0,0 +1,7 @@
|
||||
namespace Owin.Security.Providers.Typeform
|
||||
{
|
||||
public static class Constants
|
||||
{
|
||||
public const string DefaultAuthenticationType = "Typeform";
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,107 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
|
||||
<PropertyGroup>
|
||||
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
|
||||
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
|
||||
<ProjectGuid>{C8862B45-E1D1-4AB7-A83D-3A2FD2A22526}</ProjectGuid>
|
||||
<OutputType>Library</OutputType>
|
||||
<AppDesignerFolder>Properties</AppDesignerFolder>
|
||||
<RootNamespace>Owin.Security.Providers.Typeform</RootNamespace>
|
||||
<AssemblyName>Owin.Security.Providers.Typeform</AssemblyName>
|
||||
<TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
|
||||
<FileAlignment>512</FileAlignment>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
|
||||
<DebugSymbols>true</DebugSymbols>
|
||||
<DebugType>full</DebugType>
|
||||
<Optimize>false</Optimize>
|
||||
<OutputPath>bin\Debug\</OutputPath>
|
||||
<DefineConstants>DEBUG;TRACE</DefineConstants>
|
||||
<ErrorReport>prompt</ErrorReport>
|
||||
<WarningLevel>4</WarningLevel>
|
||||
<LangVersion>6</LangVersion>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
|
||||
<DebugType>pdbonly</DebugType>
|
||||
<Optimize>true</Optimize>
|
||||
<OutputPath>bin\Release\</OutputPath>
|
||||
<DefineConstants>TRACE</DefineConstants>
|
||||
<ErrorReport>prompt</ErrorReport>
|
||||
<WarningLevel>4</WarningLevel>
|
||||
<LangVersion>6</LangVersion>
|
||||
</PropertyGroup>
|
||||
<ItemGroup>
|
||||
<Reference Include="Microsoft.Owin, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
|
||||
<HintPath>..\..\packages\Microsoft.Owin.3.0.1\lib\net45\Microsoft.Owin.dll</HintPath>
|
||||
<Private>True</Private>
|
||||
</Reference>
|
||||
<Reference Include="Microsoft.Owin.Security, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
|
||||
<HintPath>..\..\packages\Microsoft.Owin.Security.3.0.1\lib\net45\Microsoft.Owin.Security.dll</HintPath>
|
||||
<Private>True</Private>
|
||||
</Reference>
|
||||
<Reference Include="Newtonsoft.Json, Version=8.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
|
||||
<HintPath>..\..\packages\Newtonsoft.Json.8.0.3\lib\net45\Newtonsoft.Json.dll</HintPath>
|
||||
<Private>True</Private>
|
||||
</Reference>
|
||||
<Reference Include="Owin, Version=1.0.0.0, Culture=neutral, PublicKeyToken=f0ebd12fd5e55cc5, processorArchitecture=MSIL">
|
||||
<HintPath>..\..\packages\Owin.1.0\lib\net40\Owin.dll</HintPath>
|
||||
<Private>True</Private>
|
||||
</Reference>
|
||||
<Reference Include="System" />
|
||||
<Reference Include="System.Core" />
|
||||
<Reference Include="System.Net.Http.WebRequest" />
|
||||
<Reference Include="System.Web" />
|
||||
<Reference Include="System.Xml.Linq" />
|
||||
<Reference Include="System.Data.DataSetExtensions" />
|
||||
<Reference Include="Microsoft.CSharp" />
|
||||
<Reference Include="System.Data" />
|
||||
<Reference Include="System.Net.Http" />
|
||||
<Reference Include="System.Xml" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<Compile Include="Properties\AssemblyInfo.cs" />
|
||||
<Compile Include="Constants.cs" />
|
||||
<Compile Include="Resources.Designer.cs">
|
||||
<DependentUpon>Resources.resx</DependentUpon>
|
||||
<AutoGen>True</AutoGen>
|
||||
<DesignTime>True</DesignTime>
|
||||
</Compile>
|
||||
<Compile Include="TypeformAuthenticationExtensions.cs" />
|
||||
<Compile Include="TypeformAuthenticationHandler.cs" />
|
||||
<Compile Include="TypeformAuthenticationMiddleware.cs" />
|
||||
<Compile Include="TypeformAuthenticationOptions.cs" />
|
||||
<Compile Include="Provider\ITypeformAuthenticationProvider.cs" />
|
||||
<Compile Include="Provider\TypeformAuthenticatedContext.cs" />
|
||||
<Compile Include="Provider\TypeformAuthenticationProvider.cs" />
|
||||
<Compile Include="Provider\TypeformReturnEndpointContext.cs" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<None Include="C:\projects\GitHub\OwinOAuthProviders\Owin.Security.Providers.Typeform\Owin.Security.Providers.Typeform.nuspec" />
|
||||
<None Include="packages.config" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<EmbeddedResource Include="Resources.resx">
|
||||
<Generator>ResXFileCodeGenerator</Generator>
|
||||
<LastGenOutput>Resources.Designer.cs</LastGenOutput>
|
||||
</EmbeddedResource>
|
||||
</ItemGroup>
|
||||
<ItemGroup />
|
||||
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
|
||||
<Target Name="PostBuildMacros">
|
||||
<GetAssemblyIdentity AssemblyFiles="$(TargetPath)">
|
||||
<Output TaskParameter="Assemblies" ItemName="Targets" />
|
||||
</GetAssemblyIdentity>
|
||||
<ItemGroup>
|
||||
<VersionNumber Include="@(Targets->'%(Version)')" />
|
||||
</ItemGroup>
|
||||
</Target>
|
||||
<PropertyGroup>
|
||||
<PreBuildEvent>
|
||||
</PreBuildEvent>
|
||||
<PostBuildEventDependsOn>
|
||||
$(PostBuildEventDependsOn);
|
||||
PostBuildMacros;
|
||||
</PostBuildEventDependsOn>
|
||||
</PropertyGroup>
|
||||
</Project>
|
||||
@@ -0,0 +1,15 @@
|
||||
using System.Reflection;
|
||||
using System.Runtime.InteropServices;
|
||||
|
||||
[assembly: AssemblyTitle("Owin.Security.Providers.Typeform")]
|
||||
[assembly: AssemblyDescription("")]
|
||||
[assembly: AssemblyConfiguration("")]
|
||||
[assembly: AssemblyCompany("")]
|
||||
[assembly: AssemblyProduct("Owin.Security.Providers.Typeform")]
|
||||
[assembly: AssemblyCopyright("Copyright © 2016")]
|
||||
[assembly: AssemblyTrademark("")]
|
||||
[assembly: AssemblyCulture("")]
|
||||
[assembly: ComVisible(false)]
|
||||
[assembly: Guid("b6a4a4cb-d365-41a0-b4c9-966e7ef19de0")]
|
||||
[assembly: AssemblyVersion("2.0.0.0")]
|
||||
[assembly: AssemblyFileVersion("2.0.0.0")]
|
||||
@@ -0,0 +1,24 @@
|
||||
using System.Threading.Tasks;
|
||||
|
||||
namespace Owin.Security.Providers.Typeform
|
||||
{
|
||||
/// <summary>
|
||||
/// Specifies callback methods which the <see cref="TypeformAuthenticationMiddleware"></see> invokes to enable developer control over the authentication process. />
|
||||
/// </summary>
|
||||
public interface ITypeformAuthenticationProvider
|
||||
{
|
||||
/// <summary>
|
||||
/// Invoked whenever Typeform successfully authenticates a user
|
||||
/// </summary>
|
||||
/// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
|
||||
/// <returns>A <see cref="Task"/> representing the completed operation.</returns>
|
||||
Task Authenticated(TypeformAuthenticatedContext context);
|
||||
|
||||
/// <summary>
|
||||
/// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
|
||||
/// </summary>
|
||||
/// <param name="context"></param>
|
||||
/// <returns>A <see cref="Task"/> representing the completed operation.</returns>
|
||||
Task ReturnEndpoint(TypeformReturnEndpointContext context);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,59 @@
|
||||
// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
|
||||
|
||||
using System;
|
||||
using System.Linq;
|
||||
using System.Security.Claims;
|
||||
using Microsoft.Owin;
|
||||
using Microsoft.Owin.Security;
|
||||
using Microsoft.Owin.Security.Provider;
|
||||
|
||||
namespace Owin.Security.Providers.Typeform
|
||||
{
|
||||
/// <summary>
|
||||
/// Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.
|
||||
/// </summary>
|
||||
public class TypeformAuthenticatedContext : BaseContext
|
||||
{
|
||||
/// <summary>
|
||||
/// Initializes a <see cref="TypeformAuthenticatedContext"/>
|
||||
/// </summary>
|
||||
/// <param name="context">The OWIN environment</param>
|
||||
/// <param name="userJson">The JSON-serialized user</param>
|
||||
/// <param name="accessToken">Typeform Access token</param>
|
||||
/// <param name="refreshToken">Typeform Refresh token</param>
|
||||
/// <param name="instanceUrl">Typeform instance url</param>
|
||||
public TypeformAuthenticatedContext(IOwinContext context, string accessToken)
|
||||
: base(context)
|
||||
{
|
||||
AccessToken = accessToken;
|
||||
|
||||
// Typeform doesn't supply a unique identifier for the user,
|
||||
// so we generate a fake one because OWIN pipeline requires it
|
||||
// This means you can only use Typeform OAuth for authorization, not authentication because
|
||||
// each time you sign in with the same Typeform account this provider will yield a distinct UserId
|
||||
UserId = Guid.NewGuid().ToString();
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Gets the Typeform access token
|
||||
/// </summary>
|
||||
public string AccessToken { get; private set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets the Typeform User ID
|
||||
/// </summary>
|
||||
[Obsolete("This is not the real UserId because Typeform OAuth endpoint does not provide it. Use Typeform OAuth for authorization, not authentication.")]
|
||||
public string UserId { get; private set; }
|
||||
|
||||
|
||||
/// <summary>
|
||||
/// Gets the <see cref="ClaimsIdentity"/> representing the user
|
||||
/// </summary>
|
||||
public ClaimsIdentity Identity { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets a property bag for common authentication properties
|
||||
/// </summary>
|
||||
public AuthenticationProperties Properties { get; set; }
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,50 @@
|
||||
using System;
|
||||
using System.Threading.Tasks;
|
||||
|
||||
namespace Owin.Security.Providers.Typeform
|
||||
{
|
||||
/// <summary>
|
||||
/// Default <see cref="ITypeformAuthenticationProvider"/> implementation.
|
||||
/// </summary>
|
||||
public class TypeformAuthenticationProvider : ITypeformAuthenticationProvider
|
||||
{
|
||||
/// <summary>
|
||||
/// Initializes a <see cref="TypeformAuthenticationProvider"/>
|
||||
/// </summary>
|
||||
public TypeformAuthenticationProvider()
|
||||
{
|
||||
OnAuthenticated = context => Task.FromResult<object>(null);
|
||||
OnReturnEndpoint = context => Task.FromResult<object>(null);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the function that is invoked when the Authenticated method is invoked.
|
||||
/// </summary>
|
||||
public Func<TypeformAuthenticatedContext, Task> OnAuthenticated { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the function that is invoked when the ReturnEndpoint method is invoked.
|
||||
/// </summary>
|
||||
public Func<TypeformReturnEndpointContext, Task> OnReturnEndpoint { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Invoked whenever Typeform successfully authenticates a user
|
||||
/// </summary>
|
||||
/// <param name="context">Contains information about the login session as well as the user <see cref="System.Security.Claims.ClaimsIdentity"/>.</param>
|
||||
/// <returns>A <see cref="Task"/> representing the completed operation.</returns>
|
||||
public virtual Task Authenticated(TypeformAuthenticatedContext context)
|
||||
{
|
||||
return OnAuthenticated(context);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Invoked prior to the <see cref="System.Security.Claims.ClaimsIdentity"/> being saved in a local cookie and the browser being redirected to the originally requested URL.
|
||||
/// </summary>
|
||||
/// <param name="context"></param>
|
||||
/// <returns>A <see cref="Task"/> representing the completed operation.</returns>
|
||||
public virtual Task ReturnEndpoint(TypeformReturnEndpointContext context)
|
||||
{
|
||||
return OnReturnEndpoint(context);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,26 @@
|
||||
// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. See License.txt in the project root for license information.
|
||||
|
||||
using Microsoft.Owin;
|
||||
using Microsoft.Owin.Security;
|
||||
using Microsoft.Owin.Security.Provider;
|
||||
|
||||
namespace Owin.Security.Providers.Typeform
|
||||
{
|
||||
/// <summary>
|
||||
/// Provides context information to middleware providers.
|
||||
/// </summary>
|
||||
public class TypeformReturnEndpointContext : ReturnEndpointContext
|
||||
{
|
||||
/// <summary>
|
||||
///
|
||||
/// </summary>
|
||||
/// <param name="context">OWIN environment</param>
|
||||
/// <param name="ticket">The authentication ticket</param>
|
||||
public TypeformReturnEndpointContext(
|
||||
IOwinContext context,
|
||||
AuthenticationTicket ticket)
|
||||
: base(context, ticket)
|
||||
{
|
||||
}
|
||||
}
|
||||
}
|
||||
81
src/Owin.Security.Providers.Typeform/Resources.Designer.cs
generated
Normal file
81
src/Owin.Security.Providers.Typeform/Resources.Designer.cs
generated
Normal file
@@ -0,0 +1,81 @@
|
||||
//------------------------------------------------------------------------------
|
||||
// <auto-generated>
|
||||
// This code was generated by a tool.
|
||||
// Runtime Version:4.0.30319.42000
|
||||
//
|
||||
// Changes to this file may cause incorrect behavior and will be lost if
|
||||
// the code is regenerated.
|
||||
// </auto-generated>
|
||||
//------------------------------------------------------------------------------
|
||||
|
||||
namespace Owin.Security.Providers.Typeform {
|
||||
using System;
|
||||
|
||||
|
||||
/// <summary>
|
||||
/// A strongly-typed resource class, for looking up localized strings, etc.
|
||||
/// </summary>
|
||||
// This class was auto-generated by the StronglyTypedResourceBuilder
|
||||
// class via a tool like ResGen or Visual Studio.
|
||||
// To add or remove a member, edit your .ResX file then rerun ResGen
|
||||
// with the /str option, or rebuild your VS project.
|
||||
[global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
|
||||
[global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
|
||||
[global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
|
||||
internal class Resources {
|
||||
|
||||
private static global::System.Resources.ResourceManager resourceMan;
|
||||
|
||||
private static global::System.Globalization.CultureInfo resourceCulture;
|
||||
|
||||
[global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
|
||||
internal Resources() {
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Returns the cached ResourceManager instance used by this class.
|
||||
/// </summary>
|
||||
[global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
|
||||
internal static global::System.Resources.ResourceManager ResourceManager {
|
||||
get {
|
||||
if (object.ReferenceEquals(resourceMan, null)) {
|
||||
var temp = new global::System.Resources.ResourceManager("Owin.Security.Providers.Typeform.Resources", typeof(Resources).Assembly);
|
||||
resourceMan = temp;
|
||||
}
|
||||
return resourceMan;
|
||||
}
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Overrides the current thread's CurrentUICulture property for all
|
||||
/// resource lookups using this strongly typed resource class.
|
||||
/// </summary>
|
||||
[global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
|
||||
internal static global::System.Globalization.CultureInfo Culture {
|
||||
get {
|
||||
return resourceCulture;
|
||||
}
|
||||
set {
|
||||
resourceCulture = value;
|
||||
}
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Looks up a localized string similar to The '{0}' option must be provided..
|
||||
/// </summary>
|
||||
internal static string Exception_OptionMustBeProvided {
|
||||
get {
|
||||
return ResourceManager.GetString("Exception_OptionMustBeProvided", resourceCulture);
|
||||
}
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Looks up a localized string similar to An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler..
|
||||
/// </summary>
|
||||
internal static string Exception_ValidatorHandlerMismatch {
|
||||
get {
|
||||
return ResourceManager.GetString("Exception_ValidatorHandlerMismatch", resourceCulture);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
126
src/Owin.Security.Providers.Typeform/Resources.resx
Normal file
126
src/Owin.Security.Providers.Typeform/Resources.resx
Normal file
@@ -0,0 +1,126 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<root>
|
||||
<!--
|
||||
Microsoft ResX Schema
|
||||
|
||||
Version 2.0
|
||||
|
||||
The primary goals of this format is to allow a simple XML format
|
||||
that is mostly human readable. The generation and parsing of the
|
||||
various data types are done through the TypeConverter classes
|
||||
associated with the data types.
|
||||
|
||||
Example:
|
||||
|
||||
... ado.net/XML headers & schema ...
|
||||
<resheader name="resmimetype">text/microsoft-resx</resheader>
|
||||
<resheader name="version">2.0</resheader>
|
||||
<resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
|
||||
<resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
|
||||
<data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
|
||||
<data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
|
||||
<data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
|
||||
<value>[base64 mime encoded serialized .NET Framework object]</value>
|
||||
</data>
|
||||
<data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
|
||||
<value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
|
||||
<comment>This is a comment</comment>
|
||||
</data>
|
||||
|
||||
There are any number of "resheader" rows that contain simple
|
||||
name/value pairs.
|
||||
|
||||
Each data row contains a name, and value. The row also contains a
|
||||
type or mimetype. Type corresponds to a .NET class that support
|
||||
text/value conversion through the TypeConverter architecture.
|
||||
Classes that don't support this are serialized and stored with the
|
||||
mimetype set.
|
||||
|
||||
The mimetype is used for serialized objects, and tells the
|
||||
ResXResourceReader how to depersist the object. This is currently not
|
||||
extensible. For a given mimetype the value must be set accordingly:
|
||||
|
||||
Note - application/x-microsoft.net.object.binary.base64 is the format
|
||||
that the ResXResourceWriter will generate, however the reader can
|
||||
read any of the formats listed below.
|
||||
|
||||
mimetype: application/x-microsoft.net.object.binary.base64
|
||||
value : The object must be serialized with
|
||||
: System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
|
||||
: and then encoded with base64 encoding.
|
||||
|
||||
mimetype: application/x-microsoft.net.object.soap.base64
|
||||
value : The object must be serialized with
|
||||
: System.Runtime.Serialization.Formatters.Soap.SoapFormatter
|
||||
: and then encoded with base64 encoding.
|
||||
|
||||
mimetype: application/x-microsoft.net.object.bytearray.base64
|
||||
value : The object must be serialized into a byte array
|
||||
: using a System.ComponentModel.TypeConverter
|
||||
: and then encoded with base64 encoding.
|
||||
-->
|
||||
<xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
|
||||
<xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
|
||||
<xsd:element name="root" msdata:IsDataSet="true">
|
||||
<xsd:complexType>
|
||||
<xsd:choice maxOccurs="unbounded">
|
||||
<xsd:element name="metadata">
|
||||
<xsd:complexType>
|
||||
<xsd:sequence>
|
||||
<xsd:element name="value" type="xsd:string" minOccurs="0" />
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="name" use="required" type="xsd:string" />
|
||||
<xsd:attribute name="type" type="xsd:string" />
|
||||
<xsd:attribute name="mimetype" type="xsd:string" />
|
||||
<xsd:attribute ref="xml:space" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
<xsd:element name="assembly">
|
||||
<xsd:complexType>
|
||||
<xsd:attribute name="alias" type="xsd:string" />
|
||||
<xsd:attribute name="name" type="xsd:string" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
<xsd:element name="data">
|
||||
<xsd:complexType>
|
||||
<xsd:sequence>
|
||||
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
|
||||
<xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
|
||||
<xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
|
||||
<xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
|
||||
<xsd:attribute ref="xml:space" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
<xsd:element name="resheader">
|
||||
<xsd:complexType>
|
||||
<xsd:sequence>
|
||||
<xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
|
||||
</xsd:sequence>
|
||||
<xsd:attribute name="name" type="xsd:string" use="required" />
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
</xsd:choice>
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
</xsd:schema>
|
||||
<resheader name="resmimetype">
|
||||
<value>text/microsoft-resx</value>
|
||||
</resheader>
|
||||
<resheader name="version">
|
||||
<value>2.0</value>
|
||||
</resheader>
|
||||
<resheader name="reader">
|
||||
<value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
|
||||
</resheader>
|
||||
<resheader name="writer">
|
||||
<value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
|
||||
</resheader>
|
||||
<data name="Exception_OptionMustBeProvided" xml:space="preserve">
|
||||
<value>The '{0}' option must be provided.</value>
|
||||
</data>
|
||||
<data name="Exception_ValidatorHandlerMismatch" xml:space="preserve">
|
||||
<value>An ICertificateValidator cannot be specified at the same time as an HttpMessageHandler unless it is a WebRequestHandler.</value>
|
||||
</data>
|
||||
</root>
|
||||
@@ -0,0 +1,29 @@
|
||||
using System;
|
||||
|
||||
namespace Owin.Security.Providers.Typeform
|
||||
{
|
||||
public static class TypeformAuthenticationExtensions
|
||||
{
|
||||
public static IAppBuilder UseTypeformAuthentication(this IAppBuilder app,
|
||||
TypeformAuthenticationOptions options)
|
||||
{
|
||||
if (app == null)
|
||||
throw new ArgumentNullException(nameof(app));
|
||||
if (options == null)
|
||||
throw new ArgumentNullException(nameof(options));
|
||||
|
||||
app.Use(typeof(TypeformAuthenticationMiddleware), app, options);
|
||||
|
||||
return app;
|
||||
}
|
||||
|
||||
public static IAppBuilder UseTypeformAuthentication(this IAppBuilder app, string clientId, string clientSecret)
|
||||
{
|
||||
return app.UseTypeformAuthentication(new TypeformAuthenticationOptions
|
||||
{
|
||||
ClientId = clientId,
|
||||
ClientSecret = clientSecret
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,219 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Net.Http;
|
||||
using System.Net.Http.Headers;
|
||||
using System.Security.Claims;
|
||||
using System.Threading.Tasks;
|
||||
using System.Web;
|
||||
using Microsoft.Owin.Infrastructure;
|
||||
using Microsoft.Owin.Logging;
|
||||
using Microsoft.Owin.Security;
|
||||
using Microsoft.Owin.Security.Infrastructure;
|
||||
using Newtonsoft.Json;
|
||||
using Newtonsoft.Json.Linq;
|
||||
|
||||
namespace Owin.Security.Providers.Typeform
|
||||
{
|
||||
public class TypeformAuthenticationHandler : AuthenticationHandler<TypeformAuthenticationOptions>
|
||||
{
|
||||
private const string XmlSchemaString = "http://www.w3.org/2001/XMLSchema#string";
|
||||
private const string AuthorizationEndpoint = "https://api.typeform.com/oauth/authorize";
|
||||
private const string TokenEndpoint = "https://api.typeform.com/oauth/token";
|
||||
|
||||
private readonly ILogger _logger;
|
||||
private readonly HttpClient _httpClient;
|
||||
|
||||
public TypeformAuthenticationHandler(HttpClient httpClient, ILogger logger)
|
||||
{
|
||||
_httpClient = httpClient;
|
||||
_logger = logger;
|
||||
}
|
||||
|
||||
protected override async Task<AuthenticationTicket> AuthenticateCoreAsync()
|
||||
{
|
||||
var properties = new AuthenticationProperties();
|
||||
|
||||
try
|
||||
{
|
||||
string code = null;
|
||||
string state = null;
|
||||
|
||||
var query = Request.Query;
|
||||
var values = query.GetValues("code");
|
||||
if (values != null && values.Count == 1)
|
||||
{
|
||||
code = values[0];
|
||||
}
|
||||
values = query.GetValues("state");
|
||||
if (values != null && values.Count == 1)
|
||||
{
|
||||
state = values[0];
|
||||
}
|
||||
|
||||
properties = Options.StateDataFormat.Unprotect(state);
|
||||
if (properties == null)
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
// OAuth2 10.12 CSRF
|
||||
if (!ValidateCorrelationId(properties, _logger))
|
||||
{
|
||||
return new AuthenticationTicket(null, properties);
|
||||
}
|
||||
|
||||
var requestPrefix = Request.Scheme + "://" + Request.Host;
|
||||
var redirectUri = requestPrefix + Request.PathBase + Options.CallbackPath;
|
||||
|
||||
// Build up the body for the token request
|
||||
var body = new List<KeyValuePair<string, string>>
|
||||
{
|
||||
new KeyValuePair<string, string>("code", code),
|
||||
new KeyValuePair<string, string>("redirect_uri", redirectUri),
|
||||
new KeyValuePair<string, string>("client_id", Options.ClientId),
|
||||
new KeyValuePair<string, string>("client_secret", Options.ClientSecret),
|
||||
new KeyValuePair<string, string>("grant_type", "authorization_code")
|
||||
};
|
||||
|
||||
// Request the token
|
||||
var requestMessage = new HttpRequestMessage(HttpMethod.Post, TokenEndpoint);
|
||||
requestMessage.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
|
||||
requestMessage.Content = new FormUrlEncodedContent(body);
|
||||
var tokenResponse = await _httpClient.SendAsync(requestMessage, Request.CallCancelled);
|
||||
tokenResponse.EnsureSuccessStatusCode();
|
||||
string content = await tokenResponse.Content.ReadAsStringAsync();
|
||||
|
||||
var response = JsonConvert.DeserializeObject<JObject>(content);
|
||||
string accessToken = response["access_token"].Value<string>();
|
||||
|
||||
var context = new TypeformAuthenticatedContext(Context, accessToken)
|
||||
{
|
||||
Identity = new ClaimsIdentity(
|
||||
Options.AuthenticationType,
|
||||
ClaimsIdentity.DefaultNameClaimType,
|
||||
ClaimsIdentity.DefaultRoleClaimType)
|
||||
};
|
||||
|
||||
if (!string.IsNullOrEmpty(context.UserId))
|
||||
{
|
||||
context.Identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, context.UserId, XmlSchemaString, Options.AuthenticationType));
|
||||
}
|
||||
|
||||
context.Properties = properties;
|
||||
|
||||
await Options.Provider.Authenticated(context);
|
||||
|
||||
return new AuthenticationTicket(context.Identity, context.Properties);
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
_logger.WriteError(ex.Message, ex);
|
||||
}
|
||||
return new AuthenticationTicket(null, properties);
|
||||
}
|
||||
|
||||
protected override Task ApplyResponseChallengeAsync()
|
||||
{
|
||||
if (Response.StatusCode != 401)
|
||||
{
|
||||
return Task.FromResult<object>(null);
|
||||
}
|
||||
|
||||
var challenge = Helper.LookupChallenge(Options.AuthenticationType, Options.AuthenticationMode);
|
||||
|
||||
if (challenge == null) return Task.FromResult<object>(null);
|
||||
var baseUri =
|
||||
Request.Scheme +
|
||||
Uri.SchemeDelimiter +
|
||||
Request.Host +
|
||||
Request.PathBase;
|
||||
|
||||
var currentUri =
|
||||
baseUri +
|
||||
Request.Path +
|
||||
Request.QueryString;
|
||||
|
||||
var redirectUri =
|
||||
baseUri +
|
||||
Options.CallbackPath;
|
||||
|
||||
var properties = challenge.Properties;
|
||||
if (string.IsNullOrEmpty(properties.RedirectUri))
|
||||
{
|
||||
properties.RedirectUri = currentUri;
|
||||
}
|
||||
|
||||
// OAuth2 10.12 CSRF
|
||||
GenerateCorrelationId(properties);
|
||||
|
||||
var state = Options.StateDataFormat.Protect(properties);
|
||||
|
||||
var authorizationEndpoint =
|
||||
$"{AuthorizationEndpoint}?response_type={"code"}&client_id={Options.ClientId}&redirect_uri={HttpUtility.UrlEncode(redirectUri)}&state={Uri.EscapeDataString(state)}";
|
||||
|
||||
if (Options.Scope != null && Options.Scope.Count > 0)
|
||||
{
|
||||
authorizationEndpoint += $"&scope={string.Join(" ", Options.Scope)}";
|
||||
}
|
||||
|
||||
if (Options.Prompt != null)
|
||||
{
|
||||
authorizationEndpoint += $"&prompt={Options.Prompt}";
|
||||
}
|
||||
|
||||
Response.Redirect(authorizationEndpoint);
|
||||
|
||||
return Task.FromResult<object>(null);
|
||||
}
|
||||
|
||||
public override async Task<bool> InvokeAsync()
|
||||
{
|
||||
return await InvokeReplyPathAsync();
|
||||
}
|
||||
|
||||
private async Task<bool> InvokeReplyPathAsync()
|
||||
{
|
||||
if (!Options.CallbackPath.HasValue || Options.CallbackPath != Request.Path) return false;
|
||||
// TODO: error responses
|
||||
|
||||
var ticket = await AuthenticateAsync();
|
||||
if (ticket == null)
|
||||
{
|
||||
_logger.WriteWarning("Invalid return state, unable to redirect.");
|
||||
Response.StatusCode = 500;
|
||||
return true;
|
||||
}
|
||||
|
||||
var context = new TypeformReturnEndpointContext(Context, ticket)
|
||||
{
|
||||
SignInAsAuthenticationType = Options.SignInAsAuthenticationType,
|
||||
RedirectUri = ticket.Properties.RedirectUri
|
||||
};
|
||||
|
||||
await Options.Provider.ReturnEndpoint(context);
|
||||
|
||||
if (context.SignInAsAuthenticationType != null &&
|
||||
context.Identity != null)
|
||||
{
|
||||
var grantIdentity = context.Identity;
|
||||
if (!string.Equals(grantIdentity.AuthenticationType, context.SignInAsAuthenticationType, StringComparison.Ordinal))
|
||||
{
|
||||
grantIdentity = new ClaimsIdentity(grantIdentity.Claims, context.SignInAsAuthenticationType, grantIdentity.NameClaimType, grantIdentity.RoleClaimType);
|
||||
}
|
||||
Context.Authentication.SignIn(context.Properties, grantIdentity);
|
||||
}
|
||||
|
||||
if (context.IsRequestCompleted || context.RedirectUri == null) return context.IsRequestCompleted;
|
||||
var redirectUri = context.RedirectUri;
|
||||
if (context.Identity == null)
|
||||
{
|
||||
// add a redirect hint that sign-in failed in some way
|
||||
redirectUri = WebUtilities.AddQueryString(redirectUri, "error", "access_denied");
|
||||
}
|
||||
Response.Redirect(redirectUri);
|
||||
context.RequestCompleted();
|
||||
|
||||
return context.IsRequestCompleted;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,83 @@
|
||||
using System;
|
||||
using System.Globalization;
|
||||
using System.Net.Http;
|
||||
using Microsoft.Owin;
|
||||
using Microsoft.Owin.Logging;
|
||||
using Microsoft.Owin.Security;
|
||||
using Microsoft.Owin.Security.DataHandler;
|
||||
using Microsoft.Owin.Security.DataProtection;
|
||||
using Microsoft.Owin.Security.Infrastructure;
|
||||
|
||||
namespace Owin.Security.Providers.Typeform
|
||||
{
|
||||
public class TypeformAuthenticationMiddleware : AuthenticationMiddleware<TypeformAuthenticationOptions>
|
||||
{
|
||||
private readonly HttpClient _httpClient;
|
||||
private readonly ILogger _logger;
|
||||
|
||||
public TypeformAuthenticationMiddleware(OwinMiddleware next, IAppBuilder app,
|
||||
TypeformAuthenticationOptions options)
|
||||
: base(next, options)
|
||||
{
|
||||
if (string.IsNullOrWhiteSpace(Options.ClientId))
|
||||
throw new ArgumentException(string.Format(CultureInfo.CurrentCulture,
|
||||
Resources.Exception_OptionMustBeProvided, "ClientId"));
|
||||
if (string.IsNullOrWhiteSpace(Options.ClientSecret))
|
||||
throw new ArgumentException(string.Format(CultureInfo.CurrentCulture,
|
||||
Resources.Exception_OptionMustBeProvided, "ClientSecret"));
|
||||
|
||||
_logger = app.CreateLogger<TypeformAuthenticationMiddleware>();
|
||||
|
||||
if (Options.Provider == null)
|
||||
Options.Provider = new TypeformAuthenticationProvider();
|
||||
|
||||
if (Options.StateDataFormat == null)
|
||||
{
|
||||
var dataProtector = app.CreateDataProtector(
|
||||
typeof(TypeformAuthenticationMiddleware).FullName,
|
||||
Options.AuthenticationType, "v1");
|
||||
Options.StateDataFormat = new PropertiesDataFormat(dataProtector);
|
||||
}
|
||||
|
||||
if (string.IsNullOrEmpty(Options.SignInAsAuthenticationType))
|
||||
Options.SignInAsAuthenticationType = app.GetDefaultSignInAsAuthenticationType();
|
||||
|
||||
_httpClient = new HttpClient(ResolveHttpMessageHandler(Options))
|
||||
{
|
||||
Timeout = Options.BackchannelTimeout,
|
||||
MaxResponseContentBufferSize = 1024*1024*10,
|
||||
};
|
||||
_httpClient.DefaultRequestHeaders.ExpectContinue = false;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Provides the <see cref="T:Microsoft.Owin.Security.Infrastructure.AuthenticationHandler" /> object for processing
|
||||
/// authentication-related requests.
|
||||
/// </summary>
|
||||
/// <returns>
|
||||
/// An <see cref="T:Microsoft.Owin.Security.Infrastructure.AuthenticationHandler" /> configured with the
|
||||
/// <see cref="T:Owin.Security.Providers.Typeform.TypeformAuthenticationOptions" /> supplied to the constructor.
|
||||
/// </returns>
|
||||
protected override AuthenticationHandler<TypeformAuthenticationOptions> CreateHandler()
|
||||
{
|
||||
return new TypeformAuthenticationHandler(_httpClient, _logger);
|
||||
}
|
||||
|
||||
private static HttpMessageHandler ResolveHttpMessageHandler(TypeformAuthenticationOptions options)
|
||||
{
|
||||
var handler = options.BackchannelHttpHandler ?? new WebRequestHandler();
|
||||
|
||||
// If they provided a validator, apply it or fail.
|
||||
if (options.BackchannelCertificateValidator == null) return handler;
|
||||
// Set the cert validate callback
|
||||
var webRequestHandler = handler as WebRequestHandler;
|
||||
if (webRequestHandler == null)
|
||||
{
|
||||
throw new InvalidOperationException(Resources.Exception_ValidatorHandlerMismatch);
|
||||
}
|
||||
webRequestHandler.ServerCertificateValidationCallback = options.BackchannelCertificateValidator.Validate;
|
||||
|
||||
return handler;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,107 @@
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Net.Http;
|
||||
using Microsoft.Owin;
|
||||
using Microsoft.Owin.Security;
|
||||
|
||||
namespace Owin.Security.Providers.Typeform
|
||||
{
|
||||
public class TypeformAuthenticationOptions : AuthenticationOptions
|
||||
{
|
||||
/// <summary>
|
||||
/// Gets or sets the a pinned certificate validator to use to validate the endpoints used
|
||||
/// in back channel communications belong to Typeform.
|
||||
/// </summary>
|
||||
/// <value>
|
||||
/// The pinned certificate validator.
|
||||
/// </value>
|
||||
/// <remarks>
|
||||
/// If this property is null then the default certificate checks are performed,
|
||||
/// validating the subject name and if the signing chain is a trusted party.
|
||||
/// </remarks>
|
||||
public ICertificateValidator BackchannelCertificateValidator { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// The HttpMessageHandler used to communicate with Typeform.
|
||||
/// This cannot be set at the same time as BackchannelCertificateValidator unless the value
|
||||
/// can be downcast to a WebRequestHandler.
|
||||
/// </summary>
|
||||
public HttpMessageHandler BackchannelHttpHandler { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets timeout value in milliseconds for back channel communications with Typeform.
|
||||
/// </summary>
|
||||
/// <value>
|
||||
/// The back channel timeout in milliseconds.
|
||||
/// </value>
|
||||
public TimeSpan BackchannelTimeout { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// The request path within the application's base path where the user-agent will be returned.
|
||||
/// The middleware will process this request when it arrives.
|
||||
/// Default value is "/signin-Typeform".
|
||||
/// </summary>
|
||||
public PathString CallbackPath { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Get or sets the text that the user can display on a sign in user interface.
|
||||
/// </summary>
|
||||
public string Caption
|
||||
{
|
||||
get { return Description.Caption; }
|
||||
set { Description.Caption = value; }
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the Typeform supplied Client ID
|
||||
/// </summary>
|
||||
public string ClientId { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the Typeform supplied Client Secret
|
||||
/// </summary>
|
||||
public string ClientSecret { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the <see cref="ITypeformAuthenticationProvider" /> used in the authentication events
|
||||
/// </summary>
|
||||
public ITypeformAuthenticationProvider Provider { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// A list of permissions to request.
|
||||
/// </summary>
|
||||
public IList<string> Scope { get; private set; }
|
||||
|
||||
/// <summary>
|
||||
/// Specifies how the authorization server prompts the user for reauthentication and reapproval. This parameter is optional.
|
||||
/// The only values Typeform supports are:
|
||||
/// login—The authorization server must prompt the user for reauthentication, forcing the user to log in again.
|
||||
/// consent—The authorization server must prompt the user for reapproval before returning information to the client.
|
||||
/// It is valid to pass both values, separated by a space, to require the user to both log in and reauthorize.
|
||||
/// </summary>
|
||||
public string Prompt { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the name of another authentication middleware which will be responsible for actually issuing a user
|
||||
/// <see cref="System.Security.Claims.ClaimsIdentity" />.
|
||||
/// </summary>
|
||||
public string SignInAsAuthenticationType { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the type used to secure data handled by the middleware.
|
||||
/// </summary>
|
||||
public ISecureDataFormat<AuthenticationProperties> StateDataFormat { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Initializes a new <see cref="TypeformAuthenticationOptions" />
|
||||
/// </summary>
|
||||
public TypeformAuthenticationOptions() : base("Typeform")
|
||||
{
|
||||
Caption = Constants.DefaultAuthenticationType;
|
||||
CallbackPath = new PathString("/signin-typeform");
|
||||
AuthenticationMode = AuthenticationMode.Passive;
|
||||
Scope = new List<string>();
|
||||
BackchannelTimeout = TimeSpan.FromSeconds(60);
|
||||
}
|
||||
}
|
||||
}
|
||||
7
src/Owin.Security.Providers.Typeform/packages.config
Normal file
7
src/Owin.Security.Providers.Typeform/packages.config
Normal file
@@ -0,0 +1,7 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<packages>
|
||||
<package id="Microsoft.Owin" version="3.0.1" targetFramework="net45" />
|
||||
<package id="Microsoft.Owin.Security" version="3.0.1" targetFramework="net45" />
|
||||
<package id="Newtonsoft.Json" version="8.0.3" targetFramework="net45" />
|
||||
<package id="Owin" version="1.0" targetFramework="net45" />
|
||||
</packages>
|
||||
@@ -25,7 +25,7 @@ namespace Owin.Security.Providers.VKontakte.Provider
|
||||
User = user;
|
||||
AccessToken = accessToken;
|
||||
|
||||
Id = TryGetValue(user, "uid");
|
||||
Id = TryGetValue(user, "id");
|
||||
var firstName = TryGetValue(user, "first_name");
|
||||
var lastName = TryGetValue(user, "last_name");
|
||||
UserName = firstName + " " + lastName;
|
||||
|
||||
@@ -61,7 +61,7 @@ namespace Owin.Security.Providers.VKontakte
|
||||
var state = Options.StateDataFormat.Protect(properties);
|
||||
|
||||
var authorizationEndpoint =
|
||||
$"{Options.Endpoints.AuthorizationEndpoint}?client_id={Uri.EscapeDataString(Options.ClientId)}&redirect_uri={Uri.EscapeDataString(redirectUri)}&scope={Uri.EscapeDataString(scope)}&state={Uri.EscapeDataString(state)}&display={Uri.EscapeDataString(Options.Display)}";
|
||||
$"{Options.Endpoints.AuthorizationEndpoint}?client_id={Uri.EscapeDataString(Options.ClientId)}&redirect_uri={Uri.EscapeDataString(redirectUri)}&scope={Uri.EscapeDataString(scope)}&state={Uri.EscapeDataString(state)}&display={Uri.EscapeDataString(Options.Display)}&v={Uri.EscapeDataString(Options.ApiVersion)}";
|
||||
|
||||
Response.Redirect(authorizationEndpoint);
|
||||
|
||||
@@ -156,7 +156,7 @@ namespace Owin.Security.Providers.VKontakte
|
||||
|
||||
// Get the VK user
|
||||
var userRequestUri = new Uri(
|
||||
$"{Options.Endpoints.UserInfoEndpoint}?access_token={Uri.EscapeDataString(accessToken)}&user_id{userId}");
|
||||
$"{Options.Endpoints.UserInfoEndpoint}?access_token={Uri.EscapeDataString(accessToken)}&user_id{userId}&v={Uri.EscapeDataString(Options.ApiVersion)}");
|
||||
var userResponse = await _httpClient.GetAsync(userRequestUri, Request.CallCancelled);
|
||||
userResponse.EnsureSuccessStatusCode();
|
||||
|
||||
|
||||
@@ -14,6 +14,7 @@ namespace Owin.Security.Providers.VKontakte
|
||||
private const string UserInfoEndpoint = "https://api.vk.com/method/users.get";
|
||||
private const string DefaultCallbackPath = "/signin-vkontakte";
|
||||
private const string DefaultDisplayMode = "page";
|
||||
private const string DefaultApiVersion = "5.73";
|
||||
|
||||
/// <summary>
|
||||
/// Gets or sets the a pinned certificate validator to use to validate the endpoints used
|
||||
@@ -100,10 +101,18 @@ namespace Owin.Security.Providers.VKontakte
|
||||
/// </summary>
|
||||
public ISecureDataFormat<AuthenticationProperties> StateDataFormat { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Initializes a new <see cref="VKontakteAuthenticationOptions" />
|
||||
/// </summary>
|
||||
public VKontakteAuthenticationOptions()
|
||||
/// <summary>
|
||||
/// Default API version. Required.
|
||||
/// </summary>
|
||||
/// <remarks>
|
||||
/// Defaults to 5.73
|
||||
/// </remarks>
|
||||
public string ApiVersion { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// Initializes a new <see cref="VKontakteAuthenticationOptions" />
|
||||
/// </summary>
|
||||
public VKontakteAuthenticationOptions()
|
||||
: base(Constants.DefaultAuthenticationType)
|
||||
{
|
||||
Caption = Constants.DefaultAuthenticationType;
|
||||
@@ -118,6 +127,7 @@ namespace Owin.Security.Providers.VKontakte
|
||||
TokenEndpoint = TokenEndpoint,
|
||||
UserInfoEndpoint = UserInfoEndpoint
|
||||
};
|
||||
ApiVersion = DefaultApiVersion;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -2,6 +2,6 @@
|
||||
<packages>
|
||||
<package id="Microsoft.Owin" version="3.0.1" targetFramework="net45" />
|
||||
<package id="Microsoft.Owin.Security" version="3.0.1" targetFramework="net45" />
|
||||
<package id="Newtonsoft.Json" version="8.0.3" targetFramework="net45" />
|
||||
<package id="Newtonsoft.Json" version="13.0.1" targetFramework="net45" />
|
||||
<package id="Owin" version="1.0" targetFramework="net45" />
|
||||
</packages>
|
||||
Reference in New Issue
Block a user