diff --git a/Yavsc/Views/Shared/Authorize.cshtml b/Yavsc/Views/Shared/Authorize.cshtml
index 3598a273..76efe101 100644
--- a/Yavsc/Views/Shared/Authorize.cshtml
+++ b/Yavsc/Views/Shared/Authorize.cshtml
@@ -15,8 +15,8 @@
@foreach (var parameter in Model.Message.Parameters) {
}
-
+
diff --git a/Yavsc/Views/Shared/_GetAToken.cshtml b/Yavsc/Views/Shared/_GetAToken.cshtml
new file mode 100644
index 00000000..8a217944
--- /dev/null
+++ b/Yavsc/Views/Shared/_GetAToken.cshtml
@@ -0,0 +1,7 @@
+
+
\ No newline at end of file
diff --git a/Yavsc/Views/Shared/_LoginPartial.cshtml b/Yavsc/Views/Shared/_LoginPartial.cshtml
index 02ad9d5f..6d2e13b5 100755
--- a/Yavsc/Views/Shared/_LoginPartial.cshtml
+++ b/Yavsc/Views/Shared/_LoginPartial.cshtml
@@ -13,14 +13,6 @@
-
-
-
}
else
{
diff --git a/Yavsc/project.json.new b/Yavsc/project.json.new
new file mode 100755
index 00000000..b6089572
--- /dev/null
+++ b/Yavsc/project.json.new
@@ -0,0 +1,152 @@
+{
+ "version": "1.0.0-*",
+ "authors": [
+ "pazof"
+ ],
+ "tags": [
+ ""
+ ],
+ "projectUrl": "http://yavsc.pschneider.fr",
+ "licenseUrl": "",
+ "userSecretsId": "aspnet5-YavscWeb-a0dadd21-2ced-43d3-96f9-7e504345102f",
+ "compilationOptions": {
+ "emitEntryPoint": true
+ },
+ "compile": [
+ "*.cs"
+ ],
+ "resource": [
+ "Resources/**/*.resx"
+ ],
+ "configurations": {
+ "Debug": {
+ "compilationOptions": {
+ "emitEntryPoint": true,
+ "define": [
+ "DEBUG",
+ "TRACE"
+ ],
+ "optimize": false,
+ "debugType": "full"
+ }
+ },
+ "Release": {
+ "compilationOptions": {
+ "define": [
+ "RELEASE",
+ "TRACE"
+ ],
+ "optimize": true
+ }
+ }
+ },
+ "webroot": "wwwroot",
+ "tooling": {
+ "defaultNamespace": "Yavsc"
+ },
+ "dependencies": {
+ "EntityFramework.Core": "7.0.0-rc1-*",
+ "EntityFramework.Relational": "7.0.0-rc1-*",
+ "EntityFramework.Commands": "7.0.0-rc1-*",
+ "EntityFramework.Sqlite": "7.0.0-rc1-*",
+ "EntityFramework.MicrosoftSqlServer": "7.0.0-rc1-*",
+ "EntityFramework7.Npgsql": "3.1.0-*",
+ "EntityFramework7.Npgsql.Design": "3.1.0-*",
+ "Microsoft.AspNet.Authentication.Cookies": "1.0.0-rc1-*",
+ "Microsoft.AspNet.Diagnostics.Entity": "7.0.0-rc1-*",
+ "Microsoft.AspNet.Identity.EntityFramework": "3.0.0-rc1-*",
+ "Microsoft.AspNet.IISPlatformHandler": "1.0.0-rc1-*",
+ "Microsoft.AspNet.Mvc": "6.0.0-rc1-*",
+ "Microsoft.AspNet.Mvc.TagHelpers": "6.0.0-rc1-*",
+ "Microsoft.AspNet.Server.Kestrel": "1.0.0-rc1-final",
+ "Microsoft.AspNet.StaticFiles": "1.0.0-rc1-*",
+ "Microsoft.AspNet.Tooling.Razor": "1.0.0-rc1-*",
+ "Microsoft.Extensions.Configuration.FileProviderExtensions": "1.0.0-rc1-*",
+ "Microsoft.Extensions.Configuration.Json": "1.0.0-rc1-*",
+ "Microsoft.Extensions.Configuration.Abstractions": "1.0.0-rc1-final",
+ "Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-rc1-*",
+ "Microsoft.Extensions.Logging": "1.0.0-rc1-final",
+ "Microsoft.Extensions.Logging.Console": "1.0.0-rc1-final",
+ "Microsoft.Extensions.Logging.Debug": "1.0.0-rc1-final",
+ "Microsoft.Framework.DependencyInjection": "1.0.0-beta8",
+ "Microsoft.Extensions.DependencyInjection.Abstractions": "1.0.0-rc1-final",
+ "Microsoft.AspNet.Authentication.Facebook": "1.0.0-rc1-final",
+ "Microsoft.AspNet.Authentication.Twitter": "1.0.0-rc1-final",
+ "Microsoft.Extensions.Localization": "1.0.0-rc1-final",
+ "Microsoft.Extensions.Localization.Abstractions": "1.0.0-rc1-final",
+ "Microsoft.Extensions.Globalization.CultureInfoCache": "1.0.0-rc1-final",
+ "Microsoft.AspNet.Localization": "1.0.0-rc1-final",
+ "Microsoft.Framework.ConfigurationModel.Json": "1.0.0-beta4",
+ "MarkdownDeep-av.NET": "1.5.2",
+ "Microsoft.Extensions.CodeGeneration": "1.0.0-rc1-final",
+ "Microsoft.Extensions.PlatformAbstractions": "1.0.0-rc1-final",
+ "Microsoft.Extensions.CodeGenerators.Mvc": "1.0.0-rc1-final",
+ "Microsoft.AspNet.Session": "1.0.0-rc1-final",
+ "Microsoft.NETCore.Platforms": "1.0.1-beta-23516",
+ "Microsoft.AspNet.SignalR.JS": "2.2.0",
+ "Microsoft.AspNet.WebSockets.Server": "1.0.0-rc1-final",
+ "Microsoft.AspNet.Http.Abstractions": "1.0.0-rc1-final",
+ "Microsoft.AspNet.SignalR.Owin": "1.2.2",
+ "Microsoft.AspNet.Owin": "1.0.0-rc1-final",
+ "Microsoft.AspNet.SignalR.Core": "2.2.0",
+ "Microsoft.AspNet.Server.WebListener": "1.0.0-rc1-final",
+ "Microsoft.AspNetCore.Authentication.OpenIdConnect": "0.0.1-alpha",
+ "Microsoft.AspNetCore.Authentication.Cookies": "0.0.1-alpha",
+ "Microsoft.AspNet.Authentication.OpenIdConnect": "1.0.0-rc1-final",
+ "MailKit": "1.3.0-beta7",
+ "Microsoft.Framework.Configuration.Abstractions": "1.0.0-beta8",
+ "Microsoft.Framework.Configuration.Json": "1.0.0-beta8",
+ "Microsoft.Framework.DependencyInjection.Abstractions": "1.0.0-beta8",
+ "Microsoft.Framework.Configuration.Binder": "1.0.0-beta8",
+ "Microsoft.AspNet.Web.Optimization": "1.1.3",
+ "PayPalCoreSDK": "1.7.1",
+ "Microsoft.Extensions.WebEncoders.Core": "1.0.0-rc1-final",
+ "Microsoft.AspNetCore.Authentication.OAuth": "0.0.1-alpha",
+ "Microsoft.Extensions.Options": "0.0.1-alpha",
+ "Microsoft.Extensions.WebEncoders": "1.0.0-rc1-final",
+ "Google.Apis.Core": "1.11.1",
+ "Google.Apis": "1.11.1",
+ "PayPalButtonManagerSDK": "2.10.109",
+ "Microsoft.AspNet.DataProtection": "1.0.0-rc1-final",
+ "Microsoft.AspNet.DataProtection.SystemWeb": "1.0.0-rc1-final",
+ "Microsoft.AspNet.Authentication.JwtBearer": "1.0.0-rc1-final",
+ "System.IdentityModel.Tokens": "5.0.0-rc1-211161024",
+ "System.IdentityModel.Tokens.Jwt": "5.0.0-rc1-211161024",
+ "Microsoft.AspNet.Authorization": "1.0.0-rc1-final",
+ "AspNet.Security.OpenIdConnect.Server": "1.0.0-beta4"
+ },
+ "commands": {
+ "web": "Microsoft.AspNet.Server.Kestrel --server.urls http://*:5000",
+ "lua": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.Kestrel --server.urls http://*:85",
+ "kestrel": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.Kestrel --server.urls http://*:5000",
+ "booking": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.Kestrel --server.urls http://*:87",
+ "yavsc": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.Kestrel --server.urls http://*:86",
+ "yavscpre": "Microsoft.AspNet.Hosting --server Microsoft.AspNet.Server.Kestrel --server.urls http://*:84",
+ "ef": "EntityFramework.Commands",
+ "gen": "Microsoft.Extensions.CodeGeneration"
+ },
+ "frameworks": {
+ "dnx451": {}
+ },
+ "exclude": [
+ "wwwroot",
+ "node_modules",
+ "bower_components",
+ "contrib"
+ ],
+ "publishExclude": [
+ "**.user",
+ "**.vspscc",
+ "contrib/**/*.*"
+ ],
+ "scripts": {
+ "prebuild": "echo before building",
+ "postbuild": "echo after building",
+ "prepack": "gulp min",
+ "postpack": "echo after packing",
+ "prerestore": "echo before restoring packages",
+ "postrestore": "echo after restoring packages",
+ "prepublish": "gulp min",
+ "postpublish": "./postPublish.sh"
+ }
+}
diff --git a/Yavsc/src/Controllers/OAuthController.cs b/Yavsc/src/Controllers/OAuthController.cs
index 0de0fdae..df115106 100644
--- a/Yavsc/src/Controllers/OAuthController.cs
+++ b/Yavsc/src/Controllers/OAuthController.cs
@@ -182,9 +182,7 @@ namespace Yavsc.Controllers
if (!User.Identities.Any(identity => identity.IsAuthenticated))
{
return new ChallengeResult(new AuthenticationProperties {
- RedirectUri = Url.Action(nameof(Authorize), new {
- unique_id = request.GetUniqueIdentifier()
- })});
+ RedirectUri = Url.Action(nameof(Authorize), request.BuildRedirectUrl())});
}
// Note: ASOS automatically ensures that an application corresponds to the client_id specified
// in the authorization request by calling IOpenIdConnectServerProvider.ValidateAuthorizationRequest.
@@ -204,18 +202,13 @@ namespace Yavsc.Controllers
}
// Note: in a real world application, you'd probably prefer creating a specific view model.
- return View("Authorize", new AuthorisationView { Message = request, Application = application});
+ return View("Authorize", new AuthorisationView { Message = request,
+ Application = application});
}
- [HttpPost("~/connect/authorize/accept"), ValidateAntiForgeryToken]
+ [HttpPost("~/connect/authorize/accept"),Authorize]
public async Task Accept(CancellationToken cancellationToken)
{
- var response = HttpContext.GetOpenIdConnectResponse();
- if (response != null)
- {
- return View("OidcError", response);
- }
-
var request = HttpContext.GetOpenIdConnectRequest();
if (request == null)
{
@@ -230,18 +223,24 @@ namespace Yavsc.Controllers
// will be used to create an id_token, a token or a code.
var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme);
+ identity.AddClaim(new Claim(ClaimTypes.NameIdentifier,"name",User.GetUserId()));
+ if (User.IsInRole(Constants.AdminGroupName))
+ identity.AddClaim(new Claim(ClaimTypes.Actor,"role",Constants.AdminGroupName));
+
// Copy the claims retrieved from the external identity provider
// (e.g Google, Facebook, a WS-Fed provider or another OIDC server).
- foreach (var claim in HttpContext.User.Claims)
+ foreach (var claim in User.Claims)
{
// Allow ClaimTypes.Name to be added in the id_token.
// ClaimTypes.NameIdentifier is automatically added, even if its
// destination is not defined or doesn't include "id_token".
// The other claims won't be visible for the client application.
- if (claim.Type == ClaimTypes.Name) {
+ if (claim.Type == ClaimTypes.Role
+ || claim.Type == ClaimTypes.Email
+ || claim.Type == ClaimTypes.NameIdentifier ) {
+ claim.WithDestination( "code" );
claim.WithDestination( "id_token" );
- claim.WithDestination( "access_token" );
}
identity.AddClaim(claim);
@@ -250,14 +249,12 @@ namespace Yavsc.Controllers
var application = await GetApplicationAsync(request.ClientId, cancellationToken);
if (application == null)
{
- _logger.LogError($"OidcError: {request.ClientId} {response.ClientId} ");
return View("OidcError", new OpenIdConnectMessage
{
Error = OpenIdConnectConstants.Errors.InvalidClient,
ErrorDescription = "Details concerning the calling client application cannot be found in the database"
});
}
-
// Create a new ClaimsIdentity containing the claims associated with the application.
// Note: setting identity.Actor is not mandatory but can be useful to access
// the whole delegation chain from the resource server (see ResourceController.cs).
@@ -281,6 +278,7 @@ namespace Yavsc.Controllers
properties.SetResources(new[] {
_siteSettings.Audience
});
+
// This call will instruct AspNet.Security.OpenIdConnect.Server to serialize
// the specified identity to build appropriate tokens (id_token and token).
@@ -289,7 +287,7 @@ namespace Yavsc.Controllers
// identities always contain the name identifier returned by the external provider.
// Note: the authenticationScheme parameter must match the value configured in Startup.cs.
await HttpContext.Authentication.SignInAsync(
- OpenIdConnectServerDefaults.AuthenticationScheme,
+ "oidc-server",
new ClaimsPrincipal(identity), properties);
return new EmptyResult();
@@ -298,12 +296,6 @@ namespace Yavsc.Controllers
[HttpPost("~/connect/authorize/deny"), ValidateAntiForgeryToken]
public IActionResult Deny(CancellationToken cancellationToken)
{
- var response = HttpContext.GetOpenIdConnectResponse();
- if (response != null)
- {
- return View("OidcError", response);
- }
-
var request = HttpContext.GetOpenIdConnectRequest();
if (request == null)
{
@@ -326,7 +318,6 @@ namespace Yavsc.Controllers
State = request.State
});
-
return new EmptyResult();
}
@@ -383,10 +374,6 @@ namespace Yavsc.Controllers
where application.ApplicationID == identifier
select application).SingleOrDefaultAsync(cancellationToken);
}
- private async Task GetCurrentUserAsync()
- {
- return await _userManager.FindByIdAsync(HttpContext.User.GetUserId());
- }
private IActionResult RedirectToLocal(string returnUrl)
{
diff --git a/Yavsc/src/Controllers/TokenController.cs b/Yavsc/src/Controllers/TokenController.cs
index 7793c338..1685ac6e 100644
--- a/Yavsc/src/Controllers/TokenController.cs
+++ b/Yavsc/src/Controllers/TokenController.cs
@@ -24,11 +24,9 @@ namespace Yavsc.Controllers
UserManager manager;
SignInManager signInManager;
public class TokenResponse {
- public bool authenticated { get; set; }
- public string user_id { get; set; }
public string access_token { get; set; }
public int expires_in { get; set; }
- public int entity_id { get; set; }
+ public string grant_type { get; set; }
}
UserTokenProvider tokenProvider;
@@ -51,7 +49,7 @@ namespace Yavsc.Controllers
/// the user is authenticated, which will reset the expiry.
///
///
- [HttpGet,Authorize]
+ [HttpGet,HttpPost,Authorize]
[Route("~/api/token/get")]
public async Task Get()
{
@@ -72,12 +70,12 @@ namespace Yavsc.Controllers
foreach (Claim c in currentUser.Claims) if (c.Type == "EntityID") entityId = Convert.ToInt32(c.Value);
tokenExpires = DateTime.UtcNow.AddMinutes(2);
- token = await GetToken(user, tokenExpires);
- return new TokenResponse { authenticated = authenticated, user_id = user, entity_id = entityId, access_token = token, expires_in = 3400 };
+ token = await GetToken("id_token", user, tokenExpires);
+ return new TokenResponse { access_token = token, expires_in = 3400, grant_type="id_token" };
}
}
- return new { authenticated = false };
+ return new { authenticated = false, grant_type="id_token" };
}
public class AuthRequest
@@ -102,20 +100,19 @@ namespace Yavsc.Controllers
if (signResult.Succeeded)
{
DateTime? expires = DateTime.UtcNow.AddMinutes(tokenOptions.ExpiresIn);
- var token = await GetToken(User.GetUserId(), expires);
- return Ok(new TokenResponse { authenticated = true, user_id = User.GetUserId(), access_token = token });
+ var token = await GetToken("id_token",User.GetUserId(), expires);
+ return Ok(new TokenResponse {access_token = token, expires_in = 3400, grant_type="id_token" });
}
- return Ok(new TokenResponse { authenticated = false });
+ return new BadRequestObjectResult(new { authenticated = false } ) ;
}
- private async Task GetToken(string userid, DateTime? expires)
+ private async Task GetToken(string purpose, string userid, DateTime? expires)
{
// Here, you should create or look up an identity for the user which is being authenticated.
// For now, just creating a simple generic identity.
var identuser = await manager.FindByIdAsync(userid);
- return await tokenProvider.GenerateAsync("id_token",manager,identuser);
-
+ return await tokenProvider.GenerateAsync(purpose,manager,identuser);
}
}
}
diff --git a/Yavsc/src/Startup.cs b/Yavsc/src/Startup.cs
index ff597b09..a37d994d 100755
--- a/Yavsc/src/Startup.cs
+++ b/Yavsc/src/Startup.cs
@@ -432,7 +432,7 @@ namespace Yavsc
options.TokenEndpointPath = new PathString("/connect/authorize/accept");
options.UseSlidingExpiration = true;
options.AllowInsecureHttp = true;
- options.AuthenticationScheme = "ServerCookie"; // was = OpenIdConnectDefaults.AuthenticationScheme || "oidc";
+ options.AuthenticationScheme = "oidc-server"; // was = OpenIdConnectDefaults.AuthenticationScheme || "oidc";
options.LogoutEndpointPath = new PathString("/connect/logout");
// options.ValidationEndpointPath = new PathString("/connect/introspect");
diff --git a/Yavsc/src/ViewModels/Auth/AuthorisationView.cs b/Yavsc/src/ViewModels/Auth/AuthorisationView.cs
index 5c6e9482..3259423b 100644
--- a/Yavsc/src/ViewModels/Auth/AuthorisationView.cs
+++ b/Yavsc/src/ViewModels/Auth/AuthorisationView.cs
@@ -7,6 +7,5 @@ namespace Yavsc
public class AuthorisationView {
public OpenIdConnectMessage Message { get; set; }
public Application Application { get; set; }
-
}
}
\ No newline at end of file
diff --git a/testOauthClient/Startup.cs b/testOauthClient/Startup.cs
index 714a72e5..dc1ac311 100755
--- a/testOauthClient/Startup.cs
+++ b/testOauthClient/Startup.cs
@@ -94,7 +94,9 @@ namespace testOauthClient
// Note: the resource property represents the different endpoints the
// access token should be issued for (values must be space-delimited).
options.Resource = "http://dev.pschneider.fr/";
- // options.Scope.Add("api-resource-controller");
+ options.Scope.Clear();
+ options.Scope.Add("openid");
+ // .Add("api-resource-controller");
});