|
|
|
|
@ -15,7 +15,7 @@ public class OAuthController(
|
|
|
|
|
IDataProtectionProvider dataProtectionProvider
|
|
|
|
|
) : ControllerBase {
|
|
|
|
|
private readonly Dictionary<string, string> _clients = new() {
|
|
|
|
|
{"lmao", "yeet"},
|
|
|
|
|
{ "lmao", "yeet" },
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -71,21 +71,21 @@ public class OAuthController(
|
|
|
|
|
string.IsNullOrEmpty(request.redirect_uri) ||
|
|
|
|
|
string.IsNullOrEmpty(request.client_id) ||
|
|
|
|
|
string.IsNullOrEmpty(request.client_secret)) {
|
|
|
|
|
return BadRequest(new {error = "invalid_request"});
|
|
|
|
|
return BadRequest(new { error = "invalid_request" });
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (request.grant_type != "authorization_code") {
|
|
|
|
|
return BadRequest(new {error = "unsupported_grant_type"});
|
|
|
|
|
return BadRequest(new { error = "unsupported_grant_type" });
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!_clients.TryGetValue(request.client_id, out string? clientSecret)) {
|
|
|
|
|
logger.LogInformation("Unknown client id");
|
|
|
|
|
return BadRequest(new {error = "unauthorized_client"});
|
|
|
|
|
return BadRequest(new { error = "unauthorized_client" });
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (request.client_secret != clientSecret) {
|
|
|
|
|
logger.LogInformation("Invalid client secret");
|
|
|
|
|
return BadRequest(new {error = "unauthorized_client"});
|
|
|
|
|
return BadRequest(new { error = "unauthorized_client" });
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
IDataProtector protector = dataProtectionProvider.CreateProtector("oauth");
|
|
|
|
|
@ -93,20 +93,20 @@ public class OAuthController(
|
|
|
|
|
try {
|
|
|
|
|
codeObject = JsonSerializer.Deserialize<CodeObject>(protector.Unprotect(request.code));
|
|
|
|
|
} catch (Exception) {
|
|
|
|
|
return BadRequest(new {error = "invalid_request"});
|
|
|
|
|
return BadRequest(new { error = "invalid_request" });
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (codeObject == null) {
|
|
|
|
|
return BadRequest(new {error = "invalid_request"});
|
|
|
|
|
return BadRequest(new { error = "invalid_request" });
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (codeObject.ClientId != request.client_id || codeObject.RedirectUri != request.redirect_uri) {
|
|
|
|
|
return BadRequest(new {error = "invalid_request"});
|
|
|
|
|
return BadRequest(new { error = "invalid_request" });
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (DateTime.UtcNow > codeObject.Expiry) {
|
|
|
|
|
logger.LogInformation("Expired token");
|
|
|
|
|
return BadRequest(new {error = "invalid_grant"});
|
|
|
|
|
return BadRequest(new { error = "invalid_grant" });
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
string token = jwt.GenerateToken(codeObject.ClientId, codeObject.Nonce);
|
|
|
|
|
@ -114,7 +114,20 @@ public class OAuthController(
|
|
|
|
|
Response.Headers.Append("Cache-Control", "no-store");
|
|
|
|
|
Response.Headers.Append("Pragma", "no-cache");
|
|
|
|
|
|
|
|
|
|
return Ok(new {access_token = token, token_type = "bearer", id_token = token});
|
|
|
|
|
return Ok(new { access_token = token, token_type = "bearer", id_token = token });
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[Authorize]
|
|
|
|
|
[HttpGet("user")]
|
|
|
|
|
public ActionResult UserInfo() {
|
|
|
|
|
return Ok(new {
|
|
|
|
|
sub = "248289761001",
|
|
|
|
|
name = "Jane Doe",
|
|
|
|
|
// given_name = "Jane",
|
|
|
|
|
// family_name = "Doe",
|
|
|
|
|
// preferred_username = "j.doe",
|
|
|
|
|
email = "janedoe@example.com",
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private record CodeObject(string ClientId, string RedirectUri, DateTime Expiry, string? Nonce);
|
|
|
|
|
|
