/*
* Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
* See https://github.com/openiddict/openiddict-core for more information concerning
* the license and the contributors participating to this project.
*/
using System.Diagnostics.CodeAnalysis;
using System.Security.Claims;
namespace OpenIddict.Server;
public static partial class OpenIddictServerEvents
{
///
/// Represents an event called for each request to the authorization endpoint to give the user code
/// a chance to manually extract the authorization request from the ambient HTTP context.
///
public sealed class ExtractAuthorizationRequestContext : BaseValidatingContext
{
///
/// Creates a new instance of the class.
///
public ExtractAuthorizationRequestContext(OpenIddictServerTransaction transaction)
: base(transaction)
{
}
///
/// Gets or sets the request or if it was extracted yet.
///
public OpenIddictRequest? Request
{
get => Transaction.Request;
set => Transaction.Request = value;
}
}
///
/// Represents an event called for each request to the authorization endpoint
/// to determine if the request is valid and should continue to be processed.
///
public sealed class ValidateAuthorizationRequestContext : BaseValidatingContext
{
///
/// Creates a new instance of the class.
///
public ValidateAuthorizationRequestContext(OpenIddictServerTransaction transaction)
: base(transaction)
// Infer the redirect_uri from the value specified by the client application.
=> RedirectUri = Request?.RedirectUri;
///
/// Gets or sets the request.
///
public OpenIddictRequest Request
{
get => Transaction.Request!;
set => Transaction.Request = value;
}
///
/// Gets the client_id specified by the client application.
///
public string? ClientId => Request?.ClientId;
///
/// Gets the redirect_uri specified by the client application.
/// If it's not provided by the client, it must be set by
/// the user code by calling .
///
[StringSyntax(StringSyntaxAttribute.Uri)]
public string? RedirectUri { get; internal set; }
///
/// Gets or sets the security principal extracted
/// from the identity token hint, if applicable.
///
public ClaimsPrincipal? IdentityTokenHintPrincipal { get; set; }
///
/// Gets or sets the security principal extracted from the
/// request token, if applicable.
///
public ClaimsPrincipal? RequestTokenPrincipal { get; set; }
///
/// Populates the property with the specified redirect_uri.
///
/// The redirect_uri to use when redirecting the user agent.
public void SetRedirectUri([StringSyntax(StringSyntaxAttribute.Uri)] string uri)
{
ArgumentException.ThrowIfNullOrEmpty(uri);
// Don't allow validation to alter the redirect_uri parameter extracted
// from the request if the URI was explicitly provided by the client.
if (!string.IsNullOrEmpty(Request?.RedirectUri) &&
!string.Equals(Request.RedirectUri, uri, StringComparison.Ordinal))
{
throw new InvalidOperationException(SR.GetResourceString(SR.ID0101));
}
RedirectUri = uri;
}
}
///
/// Represents an event called for each validated authorization request
/// to allow the user code to decide how the request should be handled.
///
public sealed class HandleAuthorizationRequestContext : BaseValidatingTicketContext
{
///
/// Creates a new instance of the class.
///
public HandleAuthorizationRequestContext(OpenIddictServerTransaction transaction)
: base(transaction)
{
}
///
/// Gets or sets the request.
///
public OpenIddictRequest Request
{
get => Transaction.Request!;
set => Transaction.Request = value;
}
///
/// Gets or sets the security principal extracted
/// from the identity token hint, if applicable.
///
public ClaimsPrincipal? IdentityTokenHintPrincipal { get; set; }
///
/// Gets the additional parameters returned to the client application.
///
public Dictionary Parameters { get; private set; }
= new(StringComparer.Ordinal);
///
/// Allows OpenIddict to return a sign-in response using the specified principal.
///
/// The claims principal.
public void SignIn(ClaimsPrincipal principal) => Principal = principal;
///
/// Allows OpenIddict to return a sign-in response using the specified principal.
///
/// The claims principal.
/// The additional parameters returned to the client application.
public void SignIn(ClaimsPrincipal principal, IDictionary parameters)
{
Principal = principal;
Parameters = new(parameters, StringComparer.Ordinal);
}
}
///
/// Represents an event called before the authorization response is returned to the caller.
///
public sealed class ApplyAuthorizationResponseContext : BaseRequestContext
{
///
/// Creates a new instance of the class.
///
public ApplyAuthorizationResponseContext(OpenIddictServerTransaction transaction)
: base(transaction)
{
}
///
/// Gets or sets the request, or if it couldn't be extracted.
///
public OpenIddictRequest? Request
{
get => Transaction.Request;
set => Transaction.Request = value;
}
///
/// Gets or sets the response.
///
public OpenIddictResponse Response
{
get => Transaction.Response!;
set => Transaction.Response = value;
}
///
/// Gets the access code expected to
/// be returned to the client application.
/// Depending on the flow, it may be null.
///
public string? AccessToken => Response?.AccessToken;
///
/// Gets the authorization code expected to
/// be returned to the client application.
/// Depending on the flow, it may be null.
///
public string? AuthorizationCode => Response?.Code;
///
/// Gets the error code returned to the client application.
/// When the response indicates a successful response,
/// this property returns .
///
public string? Error => Response?.Error;
///
/// Gets or sets the redirect URI the user agent will be redirected to, if applicable.
/// Note: manually changing the value of this property is generally not recommended
/// and extreme caution must be taken to ensure the user agent is not redirected to
/// an untrusted URI, which would result in an "open redirection" vulnerability.
///
public string? RedirectUri { get; set; }
///
/// Gets or sets the response mode used to redirect the user agent, if applicable.
/// Note: manually changing the value of this property is generally not recommended.
///
public string? ResponseMode { get; set; }
}
///
/// Represents an event called for each request to the pushed authorization endpoint to give the
/// user code a chance to manually extract the authorization request from the ambient HTTP context.
///
public sealed class ExtractPushedAuthorizationRequestContext : BaseValidatingContext
{
///
/// Creates a new instance of the class.
///
public ExtractPushedAuthorizationRequestContext(OpenIddictServerTransaction transaction)
: base(transaction)
{
}
///
/// Gets or sets the request or if it was extracted yet.
///
public OpenIddictRequest? Request
{
get => Transaction.Request;
set => Transaction.Request = value;
}
}
///
/// Represents an event called for each request to the pushed authorization request
/// endpoint to determine if the request is valid and should continue to be processed.
///
public sealed class ValidatePushedAuthorizationRequestContext : BaseValidatingContext
{
///
/// Creates a new instance of the class.
///
public ValidatePushedAuthorizationRequestContext(OpenIddictServerTransaction transaction)
: base(transaction)
// Infer the redirect_uri from the value specified by the client application.
=> RedirectUri = Request?.RedirectUri;
///
/// Gets or sets the request.
///
public OpenIddictRequest Request
{
get => Transaction.Request!;
set => Transaction.Request = value;
}
///
/// Gets the client_id specified by the client application.
///
public string? ClientId => Request?.ClientId;
///
/// Gets the redirect_uri specified by the client application.
/// If it's not provided by the client, it must be set by
/// the user code by calling .
///
[StringSyntax(StringSyntaxAttribute.Uri)]
public string? RedirectUri { get; private set; }
///
/// Gets or sets the security principal extracted
/// from the identity token hint, if applicable.
///
public ClaimsPrincipal? IdentityTokenHintPrincipal { get; set; }
///
/// Populates the property with the specified redirect_uri.
///
/// The redirect_uri to use when redirecting the user agent.
public void SetRedirectUri([StringSyntax(StringSyntaxAttribute.Uri)] string uri)
{
ArgumentException.ThrowIfNullOrEmpty(uri);
// Don't allow validation to alter the redirect_uri parameter extracted
// from the request if the URI was explicitly provided by the client.
if (!string.IsNullOrEmpty(Request?.RedirectUri) &&
!string.Equals(Request.RedirectUri, uri, StringComparison.Ordinal))
{
throw new InvalidOperationException(SR.GetResourceString(SR.ID0101));
}
RedirectUri = uri;
}
}
///
/// Represents an event called for each validated pushed authorization request
/// to allow the user code to decide how the request should be handled.
///
public sealed class HandlePushedAuthorizationRequestContext : BaseValidatingTicketContext
{
///
/// Creates a new instance of the class.
///
public HandlePushedAuthorizationRequestContext(OpenIddictServerTransaction transaction)
: base(transaction)
{
}
///
/// Gets or sets the request.
///
public OpenIddictRequest Request
{
get => Transaction.Request!;
set => Transaction.Request = value;
}
///
/// Gets or sets the security principal extracted
/// from the identity token hint, if applicable.
///
public ClaimsPrincipal? IdentityTokenHintPrincipal { get; set; }
///
/// Gets the additional parameters returned to the client application.
///
public Dictionary Parameters { get; private set; }
= new(StringComparer.Ordinal);
///
/// Allows OpenIddict to return a sign-in response using the specified principal.
///
/// The claims principal.
public void SignIn(ClaimsPrincipal principal) => Principal = principal;
///
/// Allows OpenIddict to return a sign-in response using the specified principal.
///
/// The claims principal.
/// The additional parameters returned to the client application.
public void SignIn(ClaimsPrincipal principal, IDictionary parameters)
{
Principal = principal;
Parameters = new(parameters, StringComparer.Ordinal);
}
}
///
/// Represents an event called before the pushed authorization response is returned to the caller.
///
public sealed class ApplyPushedAuthorizationResponseContext : BaseRequestContext
{
///
/// Creates a new instance of the class.
///
public ApplyPushedAuthorizationResponseContext(OpenIddictServerTransaction transaction)
: base(transaction)
{
}
///
/// Gets or sets the request, or if it couldn't be extracted.
///
public OpenIddictRequest? Request
{
get => Transaction.Request;
set => Transaction.Request = value;
}
///
/// Gets or sets the response.
///
public OpenIddictResponse Response
{
get => Transaction.Response!;
set => Transaction.Response = value;
}
///
/// Gets the access code expected to
/// be returned to the client application.
/// Depending on the flow, it may be null.
///
public string? AccessToken => Response?.AccessToken;
///
/// Gets the authorization code expected to
/// be returned to the client application.
/// Depending on the flow, it may be null.
///
public string? AuthorizationCode => Response?.Code;
///
/// Gets the error code returned to the client application.
/// When the response indicates a successful response,
/// this property returns .
///
public string? Error => Response?.Error;
}
}