Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add PostLogoutRedirectUri property in the OktaMvcOptions Class (Core) (…
…#68) - Add PostLogoutRedirectUri property in the OktaMvcOptions class (core). - Encapsulate OIDC options creation/config to improve code testability.
- Loading branch information
1 parent
cacfce7
commit 278780d
Showing
7 changed files
with
234 additions
and
71 deletions.
There are no files selected for viewing
48 changes: 48 additions & 0 deletions
48
Okta.AspNet.Test/OpenIdConnectAuthenticationOptionsBuilderShould.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
// <copyright file="OpenIdConnectAuthenticationOptionsBuilderShould.cs" company="Okta, Inc"> | ||
// Copyright (c) 2018-present Okta, Inc. All rights reserved. | ||
// Licensed under the Apache 2.0 license. See the LICENSE file in the project root for full license information. | ||
// </copyright> | ||
|
||
using System.Collections.Generic; | ||
using FluentAssertions; | ||
using Microsoft.Owin.Security.OpenIdConnect; | ||
using Okta.AspNet.Abstractions; | ||
using Xunit; | ||
|
||
namespace Okta.AspNet.Test | ||
{ | ||
public class OpenIdConnectAuthenticationOptionsBuilderShould | ||
{ | ||
[Fact] | ||
public void BuildOpenIdConnectAuthenticationOptionsCorrectly() | ||
{ | ||
var oktaMvcOptions = new OktaMvcOptions() | ||
{ | ||
PostLogoutRedirectUri = "http://postlogout.com", | ||
OktaDomain = "http://myoktadomain.com", | ||
ClientId = "foo", | ||
ClientSecret = "bar", | ||
RedirectUri = "/redirectUri", | ||
Scope = new List<string> { "openid", "profile", "email" }, | ||
}; | ||
|
||
var notifications = new OpenIdConnectAuthenticationNotifications | ||
{ | ||
RedirectToIdentityProvider = null, | ||
}; | ||
|
||
var oidcOptions = OpenIdConnectAuthenticationOptionsBuilder.BuildOpenIdConnectAuthenticationOptions( | ||
oktaMvcOptions, | ||
notifications); | ||
|
||
oidcOptions.ClientId.Should().Be(oktaMvcOptions.ClientId); | ||
oidcOptions.ClientSecret.Should().Be(oktaMvcOptions.ClientSecret); | ||
oidcOptions.PostLogoutRedirectUri.Should().Be(oktaMvcOptions.PostLogoutRedirectUri); | ||
|
||
var issuer = UrlHelper.CreateIssuerUrl(oktaMvcOptions.OktaDomain, oktaMvcOptions.AuthorizationServerId); | ||
oidcOptions.Authority.Should().Be(issuer); | ||
oidcOptions.RedirectUri.Should().Be(oktaMvcOptions.RedirectUri); | ||
oidcOptions.Scope.Should().Be(string.Join(" ", oktaMvcOptions.Scope)); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
// <copyright file="OpenIdConnectAuthenticationOptionsBuilder.cs" company="Okta, Inc"> | ||
// Copyright (c) 2018-present Okta, Inc. All rights reserved. | ||
// Licensed under the Apache 2.0 license. See the LICENSE file in the project root for full license information. | ||
// </copyright> | ||
|
||
using System.Linq; | ||
using System.Net.Http; | ||
using Microsoft.IdentityModel.Protocols; | ||
using Microsoft.IdentityModel.Protocols.OpenIdConnect; | ||
using Microsoft.Owin.Security.OpenIdConnect; | ||
using Okta.AspNet.Abstractions; | ||
|
||
namespace Okta.AspNet | ||
{ | ||
public class OpenIdConnectAuthenticationOptionsBuilder | ||
{ | ||
/// <summary> | ||
/// Creates a new instance of OpenIdConnectAuthenticationOptions. | ||
/// </summary> | ||
/// <param name="oktaMvcOptions">The <see cref="OktaMvcOptions"/> options.</param> | ||
/// <param name="notifications">The OpenIdConnectAuthenticationNotifications notifications.</param> | ||
/// <returns>A new instance of OpenIdConnectAuthenticationOptions.</returns> | ||
public static OpenIdConnectAuthenticationOptions BuildOpenIdConnectAuthenticationOptions(OktaMvcOptions oktaMvcOptions, OpenIdConnectAuthenticationNotifications notifications) | ||
{ | ||
var issuer = UrlHelper.CreateIssuerUrl(oktaMvcOptions.OktaDomain, oktaMvcOptions.AuthorizationServerId); | ||
var httpClient = new HttpClient(new UserAgentHandler("okta-aspnet", typeof(OktaMiddlewareExtensions).Assembly.GetName().Version)); | ||
|
||
var configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>( | ||
issuer + "/.well-known/openid-configuration", | ||
new OpenIdConnectConfigurationRetriever(), | ||
new HttpDocumentRetriever(httpClient)); | ||
|
||
var tokenValidationParameters = new DefaultTokenValidationParameters(oktaMvcOptions, issuer) | ||
{ | ||
NameClaimType = "name", | ||
ValidAudience = oktaMvcOptions.ClientId, | ||
}; | ||
|
||
var tokenExchanger = new TokenExchanger(oktaMvcOptions, issuer, configurationManager); | ||
var definedScopes = oktaMvcOptions.Scope?.ToArray() ?? OktaDefaults.Scope; | ||
var scopeString = string.Join(" ", definedScopes); | ||
|
||
return new OpenIdConnectAuthenticationOptions | ||
{ | ||
ClientId = oktaMvcOptions.ClientId, | ||
ClientSecret = oktaMvcOptions.ClientSecret, | ||
Authority = issuer, | ||
RedirectUri = oktaMvcOptions.RedirectUri, | ||
ResponseType = OpenIdConnectResponseType.CodeIdToken, | ||
Scope = scopeString, | ||
PostLogoutRedirectUri = oktaMvcOptions.PostLogoutRedirectUri, | ||
TokenValidationParameters = tokenValidationParameters, | ||
SecurityTokenValidator = new StrictSecurityTokenValidator(), | ||
Notifications = new OpenIdConnectAuthenticationNotifications | ||
{ | ||
AuthorizationCodeReceived = tokenExchanger.ExchangeCodeForTokenAsync, | ||
RedirectToIdentityProvider = notifications.RedirectToIdentityProvider, | ||
}, | ||
}; | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
// <copyright file="OpenIdConnectOptionsHelperShould.cs" company="Okta, Inc"> | ||
// Copyright (c) 2018-present Okta, Inc. All rights reserved. | ||
// Licensed under the Apache 2.0 license. See the LICENSE file in the project root for full license information. | ||
// </copyright> | ||
|
||
using System.Collections.Generic; | ||
using System.Linq; | ||
using FluentAssertions; | ||
using Microsoft.AspNetCore.Authentication.OpenIdConnect; | ||
using Okta.AspNet.Abstractions; | ||
using Xunit; | ||
|
||
namespace Okta.AspNetCore.Test | ||
{ | ||
public class OpenIdConnectOptionsHelperShould | ||
{ | ||
[Fact] | ||
public void SetOpenIdConnectsOptionsCorrectly() | ||
{ | ||
var oktaMvcOptions = new OktaMvcOptions | ||
{ | ||
PostLogoutRedirectUri = "http://foo.postlogout.com", | ||
AuthorizationServerId = "bar", | ||
ClientId = "foo", | ||
ClientSecret = "baz", | ||
OktaDomain = "http://myoktadomain.com", | ||
GetClaimsFromUserInfoEndpoint = true, | ||
CallbackPath = "/somecallbackpath", | ||
Scope = new List<string> { "openid", "profile", "email" }, | ||
}; | ||
|
||
var events = new OpenIdConnectEvents() { OnRedirectToIdentityProvider = null }; | ||
|
||
var oidcOptions = new OpenIdConnectOptions(); | ||
|
||
OpenIdConnectOptionsHelper.ConfigureOpenIdConnectOptions(oktaMvcOptions, events, oidcOptions); | ||
|
||
oidcOptions.ClientId.Should().Be(oktaMvcOptions.ClientId); | ||
oidcOptions.ClientSecret.Should().Be(oktaMvcOptions.ClientSecret); | ||
oidcOptions.SignedOutRedirectUri.Should().Be(oktaMvcOptions.PostLogoutRedirectUri); | ||
oidcOptions.GetClaimsFromUserInfoEndpoint.Should().Be(oktaMvcOptions.GetClaimsFromUserInfoEndpoint); | ||
oidcOptions.CallbackPath.Value.Should().Be(oktaMvcOptions.CallbackPath); | ||
|
||
var issuer = UrlHelper.CreateIssuerUrl(oktaMvcOptions.OktaDomain, oktaMvcOptions.AuthorizationServerId); | ||
oidcOptions.Authority.Should().Be(issuer); | ||
|
||
oidcOptions.Scope.ToList().Should().BeEquivalentTo(oktaMvcOptions.Scope); | ||
oidcOptions.CallbackPath.Value.Should().Be(oktaMvcOptions.CallbackPath); | ||
oidcOptions.Events.OnRedirectToIdentityProvider.Should().BeNull(); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
// <copyright file="OpenIdConnectOptionsHelper.cs" company="Okta, Inc"> | ||
// Copyright (c) 2018-present Okta, Inc. All rights reserved. | ||
// Licensed under the Apache 2.0 license. See the LICENSE file in the project root for full license information. | ||
// </copyright> | ||
|
||
using System.Linq; | ||
using Microsoft.AspNetCore.Authentication.OpenIdConnect; | ||
using Microsoft.AspNetCore.Http; | ||
using Microsoft.IdentityModel.Protocols.OpenIdConnect; | ||
using Okta.AspNet.Abstractions; | ||
|
||
namespace Okta.AspNetCore | ||
{ | ||
public class OpenIdConnectOptionsHelper | ||
{ | ||
/// <summary> | ||
/// Configure an OpenIdConnectOptions object based on user's configuration. | ||
/// </summary> | ||
/// <param name="oktaMvcOptions">The <see cref="OktaMvcOptions"/> options.</param> | ||
/// <param name="events">The OpenIdConnect events.</param> | ||
/// <param name="oidcOptions">The OpenIdConnectOptions to configure.</param> | ||
public static void ConfigureOpenIdConnectOptions(OktaMvcOptions oktaMvcOptions, OpenIdConnectEvents events, OpenIdConnectOptions oidcOptions) | ||
{ | ||
var issuer = UrlHelper.CreateIssuerUrl(oktaMvcOptions.OktaDomain, oktaMvcOptions.AuthorizationServerId); | ||
|
||
oidcOptions.ClientId = oktaMvcOptions.ClientId; | ||
oidcOptions.ClientSecret = oktaMvcOptions.ClientSecret; | ||
oidcOptions.Authority = issuer; | ||
oidcOptions.CallbackPath = new PathString(oktaMvcOptions.CallbackPath); | ||
oidcOptions.SignedOutCallbackPath = new PathString(OktaDefaults.SignOutCallbackPath); | ||
oidcOptions.SignedOutRedirectUri = oktaMvcOptions.PostLogoutRedirectUri; | ||
oidcOptions.ResponseType = OpenIdConnectResponseType.Code; | ||
oidcOptions.GetClaimsFromUserInfoEndpoint = oktaMvcOptions.GetClaimsFromUserInfoEndpoint; | ||
oidcOptions.SecurityTokenValidator = new StrictSecurityTokenValidator(); | ||
oidcOptions.SaveTokens = true; | ||
oidcOptions.UseTokenLifetime = false; | ||
oidcOptions.BackchannelHttpHandler = new UserAgentHandler( | ||
"okta-aspnetcore", | ||
typeof(OktaAuthenticationOptionsExtensions).Assembly.GetName().Version); | ||
|
||
var hasDefinedScopes = oktaMvcOptions.Scope?.Any() ?? false; | ||
if (hasDefinedScopes) | ||
{ | ||
oidcOptions.Scope.Clear(); | ||
foreach (var scope in oktaMvcOptions.Scope) | ||
{ | ||
oidcOptions.Scope.Add(scope); | ||
} | ||
} | ||
|
||
oidcOptions.TokenValidationParameters = new DefaultTokenValidationParameters(oktaMvcOptions, issuer) | ||
{ | ||
ValidAudience = oktaMvcOptions.ClientId, | ||
NameClaimType = "name", | ||
}; | ||
|
||
oidcOptions.Events.OnRedirectToIdentityProvider = events.OnRedirectToIdentityProvider; | ||
} | ||
} | ||
} |