D4VID
/
oauth-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Jwks public parameters

Browse Source
openid
D4VID 1 month ago
parent a160c5e672
commit d3142bb021
3 changed files with 25 additions and 12 deletions
Show Stats Download Patch File Download Diff File

33
OAuthServer/Controllers/OAuthController.cs
Unescape View File

@ -15,7 +15,7 @@ public class OAuthController(
IDataProtectionProvider dataProtectionProvider IDataProtectionProvider dataProtectionProvider
) : ControllerBase { ) : ControllerBase {
private readonly Dictionary<string, string> _clients = new() { private readonly Dictionary<string, string> _clients = new() {
{"lmao", "yeet"}, { "lmao", "yeet" },
}; };
@ -71,21 +71,21 @@ public class OAuthController(
string.IsNullOrEmpty(request.redirect_uri) || string.IsNullOrEmpty(request.redirect_uri) ||
string.IsNullOrEmpty(request.client_id) || string.IsNullOrEmpty(request.client_id) ||
string.IsNullOrEmpty(request.client_secret)) { string.IsNullOrEmpty(request.client_secret)) {
return BadRequest(new {error = "invalid_request"}); return BadRequest(new { error = "invalid_request" });
} }
if (request.grant_type != "authorization_code") { if (request.grant_type != "authorization_code") {
return BadRequest(new {error = "unsupported_grant_type"}); return BadRequest(new { error = "unsupported_grant_type" });
} }
if (!_clients.TryGetValue(request.client_id, out string? clientSecret)) { if (!_clients.TryGetValue(request.client_id, out string? clientSecret)) {
logger.LogInformation("Unknown client id"); logger.LogInformation("Unknown client id");
return BadRequest(new {error = "unauthorized_client"}); return BadRequest(new { error = "unauthorized_client" });
} }
if (request.client_secret != clientSecret) { if (request.client_secret != clientSecret) {
logger.LogInformation("Invalid client secret"); logger.LogInformation("Invalid client secret");
return BadRequest(new {error = "unauthorized_client"}); return BadRequest(new { error = "unauthorized_client" });
} }
IDataProtector protector = dataProtectionProvider.CreateProtector("oauth"); IDataProtector protector = dataProtectionProvider.CreateProtector("oauth");
@ -93,20 +93,20 @@ public class OAuthController(
try { try {
codeObject = JsonSerializer.Deserialize<CodeObject>(protector.Unprotect(request.code)); codeObject = JsonSerializer.Deserialize<CodeObject>(protector.Unprotect(request.code));
} catch (Exception) { } catch (Exception) {
return BadRequest(new {error = "invalid_request"}); return BadRequest(new { error = "invalid_request" });
} }
if (codeObject == null) { if (codeObject == null) {
return BadRequest(new {error = "invalid_request"}); return BadRequest(new { error = "invalid_request" });
} }
if (codeObject.ClientId != request.client_id || codeObject.RedirectUri != request.redirect_uri) { if (codeObject.ClientId != request.client_id || codeObject.RedirectUri != request.redirect_uri) {
return BadRequest(new {error = "invalid_request"}); return BadRequest(new { error = "invalid_request" });
} }
if (DateTime.UtcNow > codeObject.Expiry) { if (DateTime.UtcNow > codeObject.Expiry) {
logger.LogInformation("Expired token"); logger.LogInformation("Expired token");
return BadRequest(new {error = "invalid_grant"}); return BadRequest(new { error = "invalid_grant" });
} }
string token = jwt.GenerateToken(codeObject.ClientId, codeObject.Nonce); string token = jwt.GenerateToken(codeObject.ClientId, codeObject.Nonce);
@ -114,7 +114,20 @@ public class OAuthController(
Response.Headers.Append("Cache-Control", "no-store"); Response.Headers.Append("Cache-Control", "no-store");
Response.Headers.Append("Pragma", "no-cache"); Response.Headers.Append("Pragma", "no-cache");
return Ok(new {access_token = token, token_type = "bearer", id_token = token}); return Ok(new { access_token = token, token_type = "bearer", id_token = token });
}
[Authorize]
[HttpGet("user")]
public ActionResult UserInfo() {
return Ok(new {
sub = "248289761001",
name = "Jane Doe",
// given_name = "Jane",
// family_name = "Doe",
// preferred_username = "j.doe",
email = "janedoe@example.com",
});
} }
private record CodeObject(string ClientId, string RedirectUri, DateTime Expiry, string? Nonce); private record CodeObject(string ClientId, string RedirectUri, DateTime Expiry, string? Nonce);

3
OAuthServer/Controllers/OpenIdController.cs
Unescape View File

@ -16,6 +16,7 @@ public class OpenIdController(
Issuer = "http://localhost:1234", Issuer = "http://localhost:1234",
AuthorizationEndpoint = "http://localhost:1234/oauth/authorize", AuthorizationEndpoint = "http://localhost:1234/oauth/authorize",
TokenEndpoint = "http://localhost:1234/oauth/token", TokenEndpoint = "http://localhost:1234/oauth/token",
UserInfoEndpoint = "http://localhost:1234/oauth/user",
JwksUri = "http://localhost:1234/.well-known/jwks.json", JwksUri = "http://localhost:1234/.well-known/jwks.json",
ScopesSupported = ["openid"], ScopesSupported = ["openid"],
ResponseTypesSupported = ["code"], ResponseTypesSupported = ["code"],
@ -34,7 +35,7 @@ public class OpenIdController(
[HttpGet("/.well-known/jwks.json")] [HttpGet("/.well-known/jwks.json")]
public ActionResult<JwksResponse> GetJwks() { public ActionResult<JwksResponse> GetJwks() {
var rsaSecurityKey = new RsaSecurityKey(jwtService.RsaKey) { var rsaSecurityKey = new RsaSecurityKey(jwtService.RsaKey.ExportParameters(false)) {
KeyId = "TODO; keyid" KeyId = "TODO; keyid"
}; };
var jsonWebKey = JsonWebKeyConverter.ConvertFromRSASecurityKey(rsaSecurityKey); var jsonWebKey = JsonWebKeyConverter.ConvertFromRSASecurityKey(rsaSecurityKey);

1
OAuthServer/Services/JwtService.cs
Unescape View File

@ -15,7 +15,6 @@ public class JwtService {
public static RSA GetSigningKey() { public static RSA GetSigningKey() {
RSA rsaKey = RSA.Create(); RSA rsaKey = RSA.Create();
const string jwtKeyPath = ".aspnet/jwt-key"; const string jwtKeyPath = ".aspnet/jwt-key";
const string jwtPubKeyPath = ".aspnet/jwt-key.pub";
string home = Environment.GetFolderPath(Environment.SpecialFolder.UserProfile); string home = Environment.GetFolderPath(Environment.SpecialFolder.UserProfile);
string fullPath = Path.Combine(home, jwtKeyPath); string fullPath = Path.Combine(home, jwtKeyPath);
if (File.Exists(fullPath)) { if (File.Exists(fullPath)) {

Write Preview
Loading…
Cancel
Save