-
Notifications
You must be signed in to change notification settings - Fork 50
/
Copy pathOidcAuthenticationProvider.cs
109 lines (89 loc) · 2.96 KB
/
OidcAuthenticationProvider.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
using IdentityModel.OidcClient.Browser;
namespace Uno.Extensions.Authentication.Oidc;
internal record OidcAuthenticationProvider(
ILogger<OidcAuthenticationProvider> ProviderLogger,
IBrowser Browser,
IOptionsSnapshot<OidcClientOptions> Configuration,
ITokenCache Tokens,
OidcAuthenticationSettings? Settings = null) : BaseAuthenticationProvider(ProviderLogger, DefaultName, Tokens)
{
public const string DefaultName = "Oidc";
private OidcClient? _client;
public void Build()
{
var config = Settings?.Options ?? Configuration.Get(Name) ?? new OidcClientOptions();
if (Settings is { AutoRedirectUri: true })
{
config.RedirectUri = config.PostLogoutRedirectUri = WebAuthenticationBroker
.GetCurrentApplicationCallbackUri().OriginalString;
}
config.Browser = Browser;
_client = new OidcClient(config);
}
protected override async ValueTask<IDictionary<string, string>?> InternalLoginAsync(IDispatcher? dispatcher, IDictionary<string, string>? credentials, CancellationToken cancellationToken)
{
if (_client is null)
{
ProviderLogger.LogError("Client is not initialized.");
return default;
}
var authenticationResult = await _client.LoginAsync(cancellationToken: cancellationToken);
if(authenticationResult.IsError)
{
ProviderLogger.LogError("Error logging in: {Error} - {ErrorDescription}", authenticationResult.Error, authenticationResult.ErrorDescription);
return default;
}
var token = authenticationResult.AccessToken;
var refreshToken = authenticationResult.RefreshToken;
var idToken = authenticationResult.IdentityToken;
if (token is not null)
{
var creds = new Dictionary<string, string> { { TokenCacheExtensions.AccessTokenKey, token } };
if (refreshToken is not null)
{
creds[TokenCacheExtensions.RefreshTokenKey] = refreshToken;
}
if (idToken is not null)
{
creds[TokenCacheExtensions.IdTokenKey] = idToken;
}
return creds;
}
return default;
}
protected async override ValueTask<bool> InternalLogoutAsync(IDispatcher? dispatcher, CancellationToken cancellationToken)
{
if (_client is null)
{
return true;
}
await _client.LogoutAsync();
return true;
}
protected async override ValueTask<IDictionary<string, string>?> InternalRefreshAsync(CancellationToken cancellationToken)
{
var token = await Tokens.RefreshTokenAsync(cancellationToken);
if (_client is null || string.IsNullOrWhiteSpace(token))
{
return default;
}
var result = await _client.RefreshTokenAsync(token);
var accessToken = result.AccessToken;
var refreshToken = result.RefreshToken;
var idToken = result.IdentityToken;
if (token is not null)
{
var creds = new Dictionary<string, string> { { TokenCacheExtensions.AccessTokenKey, accessToken } };
if (refreshToken is not null)
{
creds[TokenCacheExtensions.RefreshTokenKey] = refreshToken;
}
if (idToken is not null)
{
creds[TokenCacheExtensions.IdTokenKey] = idToken;
}
return creds;
}
return default;
}
}