Add sample for refresh tokens
This commit is contained in:
parent
d797543cfc
commit
5d802a7988
|
|
@ -1,6 +1,8 @@
|
||||||
using System;
|
using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
|
using System.Globalization;
|
||||||
using System.Linq;
|
using System.Linq;
|
||||||
|
using System.Net.Http;
|
||||||
using System.Text.Encodings.Web;
|
using System.Text.Encodings.Web;
|
||||||
using System.Threading.Tasks;
|
using System.Threading.Tasks;
|
||||||
using Microsoft.AspNetCore.Authentication;
|
using Microsoft.AspNetCore.Authentication;
|
||||||
|
|
@ -11,7 +13,9 @@ using Microsoft.AspNetCore.Hosting;
|
||||||
using Microsoft.AspNetCore.Http;
|
using Microsoft.AspNetCore.Http;
|
||||||
using Microsoft.Extensions.Configuration;
|
using Microsoft.Extensions.Configuration;
|
||||||
using Microsoft.Extensions.DependencyInjection;
|
using Microsoft.Extensions.DependencyInjection;
|
||||||
|
using Microsoft.Extensions.Options;
|
||||||
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
|
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
|
||||||
|
using Newtonsoft.Json.Linq;
|
||||||
|
|
||||||
namespace OpenIdConnectSample
|
namespace OpenIdConnectSample
|
||||||
{
|
{
|
||||||
|
|
@ -53,6 +57,7 @@ namespace OpenIdConnectSample
|
||||||
o.ClientSecret = Configuration["oidc:clientsecret"]; // for code flow
|
o.ClientSecret = Configuration["oidc:clientsecret"]; // for code flow
|
||||||
o.Authority = Configuration["oidc:authority"];
|
o.Authority = Configuration["oidc:authority"];
|
||||||
o.ResponseType = OpenIdConnectResponseType.CodeIdToken;
|
o.ResponseType = OpenIdConnectResponseType.CodeIdToken;
|
||||||
|
o.SaveTokens = true;
|
||||||
o.GetClaimsFromUserInfoEndpoint = true;
|
o.GetClaimsFromUserInfoEndpoint = true;
|
||||||
o.Events = new OpenIdConnectEvents()
|
o.Events = new OpenIdConnectEvents()
|
||||||
{
|
{
|
||||||
|
|
@ -73,19 +78,21 @@ namespace OpenIdConnectSample
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
public void Configure(IApplicationBuilder app)
|
public void Configure(IApplicationBuilder app, IOptionsMonitor<OpenIdConnectOptions> optionsMonitor)
|
||||||
{
|
{
|
||||||
app.UseDeveloperExceptionPage();
|
app.UseDeveloperExceptionPage();
|
||||||
app.UseAuthentication();
|
app.UseAuthentication();
|
||||||
|
|
||||||
app.Run(async context =>
|
app.Run(async context =>
|
||||||
{
|
{
|
||||||
|
var response = context.Response;
|
||||||
|
|
||||||
if (context.Request.Path.Equals("/signedout"))
|
if (context.Request.Path.Equals("/signedout"))
|
||||||
{
|
{
|
||||||
await WriteHtmlAsync(context.Response, async res =>
|
await WriteHtmlAsync(response, async res =>
|
||||||
{
|
{
|
||||||
await res.WriteAsync($"<h1>You have been signed out.</h1>");
|
await res.WriteAsync($"<h1>You have been signed out.</h1>");
|
||||||
await res.WriteAsync("<a class=\"btn btn-link\" href=\"/\">Sign In</a>");
|
await res.WriteAsync("<a class=\"btn btn-default\" href=\"/\">Home</a>");
|
||||||
});
|
});
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
@ -93,10 +100,10 @@ namespace OpenIdConnectSample
|
||||||
if (context.Request.Path.Equals("/signout"))
|
if (context.Request.Path.Equals("/signout"))
|
||||||
{
|
{
|
||||||
await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
|
await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
|
||||||
await WriteHtmlAsync(context.Response, async res =>
|
await WriteHtmlAsync(response, async res =>
|
||||||
{
|
{
|
||||||
await context.Response.WriteAsync($"<h1>Signed out {HtmlEncode(context.User.Identity.Name)}</h1>");
|
await res.WriteAsync($"<h1>Signed out {HtmlEncode(context.User.Identity.Name)}</h1>");
|
||||||
await context.Response.WriteAsync("<a class=\"btn btn-link\" href=\"/\">Sign In</a>");
|
await res.WriteAsync("<a class=\"btn btn-default\" href=\"/\">Home</a>");
|
||||||
});
|
});
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
@ -115,19 +122,22 @@ namespace OpenIdConnectSample
|
||||||
if (context.Request.Path.Equals("/Account/AccessDenied"))
|
if (context.Request.Path.Equals("/Account/AccessDenied"))
|
||||||
{
|
{
|
||||||
await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
|
await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
|
||||||
await WriteHtmlAsync(context.Response, async res =>
|
await WriteHtmlAsync(response, async res =>
|
||||||
{
|
{
|
||||||
await context.Response.WriteAsync($"<h1>Access Denied for user {HtmlEncode(context.User.Identity.Name)} to resource '{HtmlEncode(context.Request.Query["ReturnUrl"])}'</h1>");
|
await res.WriteAsync($"<h1>Access Denied for user {HtmlEncode(context.User.Identity.Name)} to resource '{HtmlEncode(context.Request.Query["ReturnUrl"])}'</h1>");
|
||||||
await context.Response.WriteAsync("<a class=\"btn btn-link\" href=\"/signout\">Sign Out</a>");
|
await res.WriteAsync("<a class=\"btn btn-default\" href=\"/signout\">Sign Out</a>");
|
||||||
|
await res.WriteAsync("<a class=\"btn btn-default\" href=\"/\">Home</a>");
|
||||||
});
|
});
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// DefaultAuthenticateScheme causes User to be set
|
// DefaultAuthenticateScheme causes User to be set
|
||||||
var user = context.User;
|
// var user = context.User;
|
||||||
|
|
||||||
// This is what [Authorize] calls
|
// This is what [Authorize] calls
|
||||||
// var user = await context.AuthenticateAsync();
|
var userResult = await context.AuthenticateAsync();
|
||||||
|
var user = userResult.Principal;
|
||||||
|
var props = userResult.Properties;
|
||||||
|
|
||||||
// This is what [Authorize(ActiveAuthenticationSchemes = OpenIdConnectDefaults.AuthenticationScheme)] calls
|
// This is what [Authorize(ActiveAuthenticationSchemes = OpenIdConnectDefaults.AuthenticationScheme)] calls
|
||||||
// var user = await context.AuthenticateAsync(OpenIdConnectDefaults.AuthenticationScheme);
|
// var user = await context.AuthenticateAsync(OpenIdConnectDefaults.AuthenticationScheme);
|
||||||
|
|
@ -151,15 +161,76 @@ namespace OpenIdConnectSample
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
await WriteHtmlAsync(context.Response, async response =>
|
if (context.Request.Path.Equals("/refresh"))
|
||||||
{
|
{
|
||||||
await response.WriteAsync($"<h1>Hello Authenticated User {HtmlEncode(user.Identity.Name)}</h1>");
|
var refreshToken = props.GetTokenValue("refresh_token");
|
||||||
await response.WriteAsync("<a class=\"btn btn-default\" href=\"/restricted\">Restricted</a>");
|
|
||||||
await response.WriteAsync("<a class=\"btn btn-default\" href=\"/signout\">Sign Out</a>");
|
|
||||||
await response.WriteAsync("<a class=\"btn btn-default\" href=\"/signout-remote\">Sign Out Remote</a>");
|
|
||||||
|
|
||||||
await response.WriteAsync("<h2>Claims:</h2>");
|
if (string.IsNullOrEmpty(refreshToken))
|
||||||
await WriteTableHeader(response, new string[] { "Claim Type", "Value" }, context.User.Claims.Select(c => new string[] { c.Type, c.Value }));
|
{
|
||||||
|
await WriteHtmlAsync(response, async res =>
|
||||||
|
{
|
||||||
|
await res.WriteAsync($"No refresh_token is available.<br>");
|
||||||
|
await res.WriteAsync("<a class=\"btn btn-link\" href=\"/signout\">Sign Out</a>");
|
||||||
|
});
|
||||||
|
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
var options = optionsMonitor.Get(OpenIdConnectDefaults.AuthenticationScheme);
|
||||||
|
var metadata = await options.ConfigurationManager.GetConfigurationAsync(context.RequestAborted);
|
||||||
|
|
||||||
|
var pairs = new Dictionary<string, string>()
|
||||||
|
{
|
||||||
|
{ "client_id", options.ClientId },
|
||||||
|
{ "client_secret", options.ClientSecret },
|
||||||
|
{ "grant_type", "refresh_token" },
|
||||||
|
{ "refresh_token", refreshToken }
|
||||||
|
};
|
||||||
|
var content = new FormUrlEncodedContent(pairs);
|
||||||
|
var tokenResponse = await options.Backchannel.PostAsync(metadata.TokenEndpoint, content, context.RequestAborted);
|
||||||
|
tokenResponse.EnsureSuccessStatusCode();
|
||||||
|
|
||||||
|
var payload = JObject.Parse(await tokenResponse.Content.ReadAsStringAsync());
|
||||||
|
|
||||||
|
// Persist the new acess token
|
||||||
|
props.UpdateTokenValue("access_token", payload.Value<string>("access_token"));
|
||||||
|
props.UpdateTokenValue("refresh_token", payload.Value<string>("refresh_token"));
|
||||||
|
if (int.TryParse(payload.Value<string>("expires_in"), NumberStyles.Integer, CultureInfo.InvariantCulture, out var seconds))
|
||||||
|
{
|
||||||
|
var expiresAt = DateTimeOffset.UtcNow + TimeSpan.FromSeconds(seconds);
|
||||||
|
props.UpdateTokenValue("expires_at", expiresAt.ToString("o", CultureInfo.InvariantCulture));
|
||||||
|
}
|
||||||
|
await context.SignInAsync(user, props);
|
||||||
|
|
||||||
|
await WriteHtmlAsync(response, async res =>
|
||||||
|
{
|
||||||
|
await res.WriteAsync($"<h1>Refreshed.</h1>");
|
||||||
|
await res.WriteAsync("<a class=\"btn btn-default\" href=\"/refresh\">Refresh tokens</a>");
|
||||||
|
await res.WriteAsync("<a class=\"btn btn-default\" href=\"/\">Home</a>");
|
||||||
|
|
||||||
|
await res.WriteAsync("<h2>Tokens:</h2>");
|
||||||
|
await WriteTableHeader(res, new string[] { "Token Type", "Value" }, props.GetTokens().Select(token => new string[] { token.Name, token.Value }));
|
||||||
|
|
||||||
|
await res.WriteAsync("<h2>Payload:</h2>");
|
||||||
|
await res.WriteAsync(HtmlEncoder.Default.Encode(payload.ToString()).Replace(",", ",<br>") + "<br>");
|
||||||
|
});
|
||||||
|
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
await WriteHtmlAsync(response, async res =>
|
||||||
|
{
|
||||||
|
await res.WriteAsync($"<h1>Hello Authenticated User {HtmlEncode(user.Identity.Name)}</h1>");
|
||||||
|
await res.WriteAsync("<a class=\"btn btn-default\" href=\"/refresh\">Refresh tokens</a>");
|
||||||
|
await res.WriteAsync("<a class=\"btn btn-default\" href=\"/restricted\">Restricted</a>");
|
||||||
|
await res.WriteAsync("<a class=\"btn btn-default\" href=\"/signout\">Sign Out</a>");
|
||||||
|
await res.WriteAsync("<a class=\"btn btn-default\" href=\"/signout-remote\">Sign Out Remote</a>");
|
||||||
|
|
||||||
|
await res.WriteAsync("<h2>Claims:</h2>");
|
||||||
|
await WriteTableHeader(res, new string[] { "Claim Type", "Value" }, context.User.Claims.Select(c => new string[] { c.Type, c.Value }));
|
||||||
|
|
||||||
|
await res.WriteAsync("<h2>Tokens:</h2>");
|
||||||
|
await WriteTableHeader(res, new string[] { "Token Type", "Value" }, props.GetTokens().Select(token => new string[] { token.Name, token.Value }));
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,6 @@
|
||||||
using System;
|
using System;
|
||||||
|
using System.Collections.Generic;
|
||||||
|
using System.Globalization;
|
||||||
using System.Linq;
|
using System.Linq;
|
||||||
using System.Net.Http;
|
using System.Net.Http;
|
||||||
using System.Net.Http.Headers;
|
using System.Net.Http.Headers;
|
||||||
|
|
@ -7,6 +9,7 @@ using System.Text.Encodings.Web;
|
||||||
using System.Threading.Tasks;
|
using System.Threading.Tasks;
|
||||||
using Microsoft.AspNetCore.Authentication;
|
using Microsoft.AspNetCore.Authentication;
|
||||||
using Microsoft.AspNetCore.Authentication.Cookies;
|
using Microsoft.AspNetCore.Authentication.Cookies;
|
||||||
|
using Microsoft.AspNetCore.Authentication.Facebook;
|
||||||
using Microsoft.AspNetCore.Authentication.Google;
|
using Microsoft.AspNetCore.Authentication.Google;
|
||||||
using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
|
using Microsoft.AspNetCore.Authentication.MicrosoftAccount;
|
||||||
using Microsoft.AspNetCore.Authentication.OAuth;
|
using Microsoft.AspNetCore.Authentication.OAuth;
|
||||||
|
|
@ -14,8 +17,10 @@ using Microsoft.AspNetCore.Authentication.Twitter;
|
||||||
using Microsoft.AspNetCore.Builder;
|
using Microsoft.AspNetCore.Builder;
|
||||||
using Microsoft.AspNetCore.Hosting;
|
using Microsoft.AspNetCore.Hosting;
|
||||||
using Microsoft.AspNetCore.Http;
|
using Microsoft.AspNetCore.Http;
|
||||||
|
using Microsoft.AspNetCore.Http.Extensions;
|
||||||
using Microsoft.Extensions.Configuration;
|
using Microsoft.Extensions.Configuration;
|
||||||
using Microsoft.Extensions.DependencyInjection;
|
using Microsoft.Extensions.DependencyInjection;
|
||||||
|
using Microsoft.Extensions.Options;
|
||||||
using Newtonsoft.Json.Linq;
|
using Newtonsoft.Json.Linq;
|
||||||
|
|
||||||
namespace SocialSample
|
namespace SocialSample
|
||||||
|
|
@ -50,12 +55,7 @@ namespace SocialSample
|
||||||
throw new InvalidOperationException("User secrets must be configured for each authentication provider.");
|
throw new InvalidOperationException("User secrets must be configured for each authentication provider.");
|
||||||
}
|
}
|
||||||
|
|
||||||
services.AddAuthentication(options =>
|
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
|
||||||
{
|
|
||||||
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
|
|
||||||
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
|
|
||||||
options.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
|
|
||||||
})
|
|
||||||
.AddCookie(o => o.LoginPath = new PathString("/login"))
|
.AddCookie(o => o.LoginPath = new PathString("/login"))
|
||||||
// You must first create an app with Facebook and add its ID and Secret to your user-secrets.
|
// You must first create an app with Facebook and add its ID and Secret to your user-secrets.
|
||||||
// https://developers.facebook.com/apps/
|
// https://developers.facebook.com/apps/
|
||||||
|
|
@ -88,6 +88,8 @@ namespace SocialSample
|
||||||
{
|
{
|
||||||
o.ClientId = Configuration["google:clientid"];
|
o.ClientId = Configuration["google:clientid"];
|
||||||
o.ClientSecret = Configuration["google:clientsecret"];
|
o.ClientSecret = Configuration["google:clientsecret"];
|
||||||
|
o.AuthorizationEndpoint += "?prompt=consent"; // Hack so we always get a refresh token, it only comes on the first authorization response
|
||||||
|
o.AccessType = "offline";
|
||||||
o.SaveTokens = true;
|
o.SaveTokens = true;
|
||||||
o.Events = new OAuthEvents()
|
o.Events = new OAuthEvents()
|
||||||
{
|
{
|
||||||
|
|
@ -145,6 +147,7 @@ namespace SocialSample
|
||||||
o.ClientId = Configuration["microsoftaccount:clientid"];
|
o.ClientId = Configuration["microsoftaccount:clientid"];
|
||||||
o.ClientSecret = Configuration["microsoftaccount:clientsecret"];
|
o.ClientSecret = Configuration["microsoftaccount:clientsecret"];
|
||||||
o.SaveTokens = true;
|
o.SaveTokens = true;
|
||||||
|
o.Scope.Add("offline_access");
|
||||||
})
|
})
|
||||||
// You must first create an app with GitHub and add its ID and Secret to your user-secrets.
|
// You must first create an app with GitHub and add its ID and Secret to your user-secrets.
|
||||||
// https://github.com/settings/applications/
|
// https://github.com/settings/applications/
|
||||||
|
|
@ -215,16 +218,135 @@ namespace SocialSample
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
context.Response.ContentType = "text/html";
|
var response = context.Response;
|
||||||
await context.Response.WriteAsync("<html><body>");
|
response.ContentType = "text/html";
|
||||||
await context.Response.WriteAsync("Choose an authentication scheme: <br>");
|
await response.WriteAsync("<html><body>");
|
||||||
|
await response.WriteAsync("Choose an authentication scheme: <br>");
|
||||||
var schemeProvider = context.RequestServices.GetRequiredService<IAuthenticationSchemeProvider>();
|
var schemeProvider = context.RequestServices.GetRequiredService<IAuthenticationSchemeProvider>();
|
||||||
foreach (var provider in await schemeProvider.GetAllSchemesAsync())
|
foreach (var provider in await schemeProvider.GetAllSchemesAsync())
|
||||||
{
|
{
|
||||||
// REVIEW: we lost access to display name (which is buried in the handler options)
|
await response.WriteAsync("<a href=\"?authscheme=" + provider.Name + "\">" + (provider.DisplayName ?? "(suppressed)") + "</a><br>");
|
||||||
await context.Response.WriteAsync("<a href=\"?authscheme=" + provider.Name + "\">" + (provider.DisplayName ?? "(suppressed)") + "</a><br>");
|
|
||||||
}
|
}
|
||||||
await context.Response.WriteAsync("</body></html>");
|
await response.WriteAsync("</body></html>");
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
// Refresh the access token
|
||||||
|
app.Map("/refresh_token", signinApp =>
|
||||||
|
{
|
||||||
|
signinApp.Run(async context =>
|
||||||
|
{
|
||||||
|
var response = context.Response;
|
||||||
|
|
||||||
|
// Setting DefaultAuthenticateScheme causes User to be set
|
||||||
|
// var user = context.User;
|
||||||
|
|
||||||
|
// This is what [Authorize] calls
|
||||||
|
var userResult = await context.AuthenticateAsync();
|
||||||
|
var user = userResult.Principal;
|
||||||
|
var authProperties = userResult.Properties;
|
||||||
|
|
||||||
|
// This is what [Authorize(ActiveAuthenticationSchemes = MicrosoftAccountDefaults.AuthenticationScheme)] calls
|
||||||
|
// var user = await context.AuthenticateAsync(MicrosoftAccountDefaults.AuthenticationScheme);
|
||||||
|
|
||||||
|
// Deny anonymous request beyond this point.
|
||||||
|
if (!userResult.Succeeded || user == null || !user.Identities.Any(identity => identity.IsAuthenticated))
|
||||||
|
{
|
||||||
|
// This is what [Authorize] calls
|
||||||
|
// The cookie middleware will handle this and redirect to /login
|
||||||
|
await context.ChallengeAsync();
|
||||||
|
|
||||||
|
// This is what [Authorize(ActiveAuthenticationSchemes = MicrosoftAccountDefaults.AuthenticationScheme)] calls
|
||||||
|
// await context.ChallengeAsync(MicrosoftAccountDefaults.AuthenticationScheme);
|
||||||
|
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
var currentAuthType = user.Identities.First().AuthenticationType;
|
||||||
|
if (string.Equals(GoogleDefaults.AuthenticationScheme, currentAuthType)
|
||||||
|
|| string.Equals(MicrosoftAccountDefaults.AuthenticationScheme, currentAuthType))
|
||||||
|
{
|
||||||
|
var refreshToken = authProperties.GetTokenValue("refresh_token");
|
||||||
|
|
||||||
|
if (string.IsNullOrEmpty(refreshToken))
|
||||||
|
{
|
||||||
|
response.ContentType = "text/html";
|
||||||
|
await response.WriteAsync("<html><body>");
|
||||||
|
await response.WriteAsync("No refresh_token is available.<br>");
|
||||||
|
await response.WriteAsync("<a href=\"/\">Home</a>");
|
||||||
|
await response.WriteAsync("</body></html>");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
var options = await GetOAuthOptionsAsync(context, currentAuthType);
|
||||||
|
|
||||||
|
var pairs = new Dictionary<string, string>()
|
||||||
|
{
|
||||||
|
{ "client_id", options.ClientId },
|
||||||
|
{ "client_secret", options.ClientSecret },
|
||||||
|
{ "grant_type", "refresh_token" },
|
||||||
|
{ "refresh_token", refreshToken }
|
||||||
|
};
|
||||||
|
var content = new FormUrlEncodedContent(pairs);
|
||||||
|
var refreshResponse = await options.Backchannel.PostAsync(options.TokenEndpoint, content, context.RequestAborted);
|
||||||
|
refreshResponse.EnsureSuccessStatusCode();
|
||||||
|
|
||||||
|
var payload = JObject.Parse(await refreshResponse.Content.ReadAsStringAsync());
|
||||||
|
|
||||||
|
// Persist the new acess token
|
||||||
|
authProperties.UpdateTokenValue("access_token", payload.Value<string>("access_token"));
|
||||||
|
refreshToken = payload.Value<string>("refresh_token");
|
||||||
|
if (!string.IsNullOrEmpty(refreshToken))
|
||||||
|
{
|
||||||
|
authProperties.UpdateTokenValue("refresh_token", refreshToken);
|
||||||
|
}
|
||||||
|
if (int.TryParse(payload.Value<string>("expires_in"), NumberStyles.Integer, CultureInfo.InvariantCulture, out var seconds))
|
||||||
|
{
|
||||||
|
var expiresAt = DateTimeOffset.UtcNow + TimeSpan.FromSeconds(seconds);
|
||||||
|
authProperties.UpdateTokenValue("expires_at", expiresAt.ToString("o", CultureInfo.InvariantCulture));
|
||||||
|
}
|
||||||
|
await context.SignInAsync(user, authProperties);
|
||||||
|
|
||||||
|
await PrintRefreshedTokensAsync(response, payload, authProperties);
|
||||||
|
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
// https://developers.facebook.com/docs/facebook-login/access-tokens/expiration-and-extension
|
||||||
|
else if (string.Equals(FacebookDefaults.AuthenticationScheme, currentAuthType))
|
||||||
|
{
|
||||||
|
var options = await GetOAuthOptionsAsync(context, currentAuthType);
|
||||||
|
|
||||||
|
var accessToken = authProperties.GetTokenValue("access_token");
|
||||||
|
|
||||||
|
var query = new QueryBuilder()
|
||||||
|
{
|
||||||
|
{ "grant_type", "fb_exchange_token" },
|
||||||
|
{ "client_id", options.ClientId },
|
||||||
|
{ "client_secret", options.ClientSecret },
|
||||||
|
{ "fb_exchange_token", accessToken },
|
||||||
|
}.ToQueryString();
|
||||||
|
|
||||||
|
var refreshResponse = await options.Backchannel.GetStringAsync(options.TokenEndpoint + query);
|
||||||
|
var payload = JObject.Parse(refreshResponse);
|
||||||
|
|
||||||
|
authProperties.UpdateTokenValue("access_token", payload.Value<string>("access_token"));
|
||||||
|
if (int.TryParse(payload.Value<string>("expires_in"), NumberStyles.Integer, CultureInfo.InvariantCulture, out var seconds))
|
||||||
|
{
|
||||||
|
var expiresAt = DateTimeOffset.UtcNow + TimeSpan.FromSeconds(seconds);
|
||||||
|
authProperties.UpdateTokenValue("expires_at", expiresAt.ToString("o", CultureInfo.InvariantCulture));
|
||||||
|
}
|
||||||
|
await context.SignInAsync(user, authProperties);
|
||||||
|
|
||||||
|
await PrintRefreshedTokensAsync(response, payload, authProperties);
|
||||||
|
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
response.ContentType = "text/html";
|
||||||
|
await response.WriteAsync("<html><body>");
|
||||||
|
await response.WriteAsync("Refresh has not been implemented for this provider.<br>");
|
||||||
|
await response.WriteAsync("<a href=\"/\">Home</a>");
|
||||||
|
await response.WriteAsync("</body></html>");
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
@ -233,12 +355,13 @@ namespace SocialSample
|
||||||
{
|
{
|
||||||
signoutApp.Run(async context =>
|
signoutApp.Run(async context =>
|
||||||
{
|
{
|
||||||
context.Response.ContentType = "text/html";
|
var response = context.Response;
|
||||||
|
response.ContentType = "text/html";
|
||||||
await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
|
await context.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
|
||||||
await context.Response.WriteAsync("<html><body>");
|
await response.WriteAsync("<html><body>");
|
||||||
await context.Response.WriteAsync("You have been logged out. Goodbye " + context.User.Identity.Name + "<br>");
|
await response.WriteAsync("You have been logged out. Goodbye " + context.User.Identity.Name + "<br>");
|
||||||
await context.Response.WriteAsync("<a href=\"/\">Home</a>");
|
await response.WriteAsync("<a href=\"/\">Home</a>");
|
||||||
await context.Response.WriteAsync("</body></html>");
|
await response.WriteAsync("</body></html>");
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
@ -247,11 +370,12 @@ namespace SocialSample
|
||||||
{
|
{
|
||||||
errorApp.Run(async context =>
|
errorApp.Run(async context =>
|
||||||
{
|
{
|
||||||
context.Response.ContentType = "text/html";
|
var response = context.Response;
|
||||||
await context.Response.WriteAsync("<html><body>");
|
response.ContentType = "text/html";
|
||||||
await context.Response.WriteAsync("An remote failure has occurred: " + context.Request.Query["FailureMessage"] + "<br>");
|
await response.WriteAsync("<html><body>");
|
||||||
await context.Response.WriteAsync("<a href=\"/\">Home</a>");
|
await response.WriteAsync("An remote failure has occurred: " + context.Request.Query["FailureMessage"] + "<br>");
|
||||||
await context.Response.WriteAsync("</body></html>");
|
await response.WriteAsync("<a href=\"/\">Home</a>");
|
||||||
|
await response.WriteAsync("</body></html>");
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
@ -271,7 +395,7 @@ namespace SocialSample
|
||||||
if (user == null || !user.Identities.Any(identity => identity.IsAuthenticated))
|
if (user == null || !user.Identities.Any(identity => identity.IsAuthenticated))
|
||||||
{
|
{
|
||||||
// This is what [Authorize] calls
|
// This is what [Authorize] calls
|
||||||
// The cookie middleware will intercept this 401 and redirect to /login
|
// The cookie middleware will handle this and redirect to /login
|
||||||
await context.ChallengeAsync();
|
await context.ChallengeAsync();
|
||||||
|
|
||||||
// This is what [Authorize(ActiveAuthenticationSchemes = MicrosoftAccountDefaults.AuthenticationScheme)] calls
|
// This is what [Authorize(ActiveAuthenticationSchemes = MicrosoftAccountDefaults.AuthenticationScheme)] calls
|
||||||
|
|
@ -281,24 +405,63 @@ namespace SocialSample
|
||||||
}
|
}
|
||||||
|
|
||||||
// Display user information
|
// Display user information
|
||||||
context.Response.ContentType = "text/html";
|
var response = context.Response;
|
||||||
await context.Response.WriteAsync("<html><body>");
|
response.ContentType = "text/html";
|
||||||
await context.Response.WriteAsync("Hello " + (context.User.Identity.Name ?? "anonymous") + "<br>");
|
await response.WriteAsync("<html><body>");
|
||||||
|
await response.WriteAsync("Hello " + (context.User.Identity.Name ?? "anonymous") + "<br>");
|
||||||
foreach (var claim in context.User.Claims)
|
foreach (var claim in context.User.Claims)
|
||||||
{
|
{
|
||||||
await context.Response.WriteAsync(claim.Type + ": " + claim.Value + "<br>");
|
await response.WriteAsync(claim.Type + ": " + claim.Value + "<br>");
|
||||||
}
|
}
|
||||||
|
|
||||||
await context.Response.WriteAsync("Tokens:<br>");
|
await response.WriteAsync("Tokens:<br>");
|
||||||
|
|
||||||
await context.Response.WriteAsync("Access Token: " + await context.GetTokenAsync("access_token") + "<br>");
|
await response.WriteAsync("Access Token: " + await context.GetTokenAsync("access_token") + "<br>");
|
||||||
await context.Response.WriteAsync("Refresh Token: " + await context.GetTokenAsync("refresh_token") + "<br>");
|
await response.WriteAsync("Refresh Token: " + await context.GetTokenAsync("refresh_token") + "<br>");
|
||||||
await context.Response.WriteAsync("Token Type: " + await context.GetTokenAsync("token_type") + "<br>");
|
await response.WriteAsync("Token Type: " + await context.GetTokenAsync("token_type") + "<br>");
|
||||||
await context.Response.WriteAsync("expires_at: " + await context.GetTokenAsync("expires_at") + "<br>");
|
await response.WriteAsync("expires_at: " + await context.GetTokenAsync("expires_at") + "<br>");
|
||||||
await context.Response.WriteAsync("<a href=\"/logout\">Logout</a><br>");
|
await response.WriteAsync("<a href=\"/logout\">Logout</a><br>");
|
||||||
await context.Response.WriteAsync("</body></html>");
|
await response.WriteAsync("<a href=\"/refresh_token\">Refresh Token</a><br>");
|
||||||
|
await response.WriteAsync("</body></html>");
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private async Task<OAuthOptions> GetOAuthOptionsAsync(HttpContext context, string currentAuthType)
|
||||||
|
{
|
||||||
|
if (string.Equals(GoogleDefaults.AuthenticationScheme, currentAuthType))
|
||||||
|
{
|
||||||
|
return context.RequestServices.GetRequiredService<IOptionsMonitor<GoogleOptions>>().Get(currentAuthType);
|
||||||
|
}
|
||||||
|
else if (string.Equals(MicrosoftAccountDefaults.AuthenticationScheme, currentAuthType))
|
||||||
|
{
|
||||||
|
return context.RequestServices.GetRequiredService<IOptionsMonitor<MicrosoftAccountOptions>>().Get(currentAuthType);
|
||||||
|
}
|
||||||
|
else if (string.Equals(FacebookDefaults.AuthenticationScheme, currentAuthType))
|
||||||
|
{
|
||||||
|
return context.RequestServices.GetRequiredService<IOptionsMonitor<FacebookOptions>>().Get(currentAuthType);
|
||||||
|
}
|
||||||
|
|
||||||
|
throw new NotImplementedException(currentAuthType);
|
||||||
|
}
|
||||||
|
|
||||||
|
private async Task PrintRefreshedTokensAsync(HttpResponse response, JObject payload, AuthenticationProperties authProperties)
|
||||||
|
{
|
||||||
|
response.ContentType = "text/html";
|
||||||
|
await response.WriteAsync("<html><body>");
|
||||||
|
await response.WriteAsync("Refreshed.<br>");
|
||||||
|
await response.WriteAsync(HtmlEncoder.Default.Encode(payload.ToString()).Replace(",", ",<br>") + "<br>");
|
||||||
|
|
||||||
|
await response.WriteAsync("<br>Tokens:<br>");
|
||||||
|
|
||||||
|
await response.WriteAsync("Access Token: " + authProperties.GetTokenValue("access_token") + "<br>");
|
||||||
|
await response.WriteAsync("Refresh Token: " + authProperties.GetTokenValue("refresh_token") + "<br>");
|
||||||
|
await response.WriteAsync("Token Type: " + authProperties.GetTokenValue("token_type") + "<br>");
|
||||||
|
await response.WriteAsync("expires_at: " + authProperties.GetTokenValue("expires_at") + "<br>");
|
||||||
|
|
||||||
|
await response.WriteAsync("<a href=\"/\">Home</a><br>");
|
||||||
|
await response.WriteAsync("<a href=\"/refresh_token\">Refresh Token</a><br>");
|
||||||
|
await response.WriteAsync("</body></html>");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue