/*
* Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
* See https://github.com/openiddict/openiddict-core for more information concerning
* the license and the contributors participating to this project.
*/
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Security.Claims;
using JetBrains.Annotations;
using Microsoft.Extensions.Logging;
using OpenIddict.Abstractions;
namespace OpenIddict.Server
{
public static partial class OpenIddictServerEvents
{
///
/// Represents an abstract base class used for certain event contexts.
///
[EditorBrowsable(EditorBrowsableState.Never)]
public abstract class BaseContext
{
///
/// Creates a new instance of the class.
///
protected BaseContext([NotNull] OpenIddictServerTransaction transaction)
=> Transaction = transaction ?? throw new ArgumentNullException(nameof(transaction));
///
/// Gets the environment associated with the current request being processed.
///
public OpenIddictServerTransaction Transaction { get; }
///
/// Gets or sets the issuer address associated with the current transaction, if available.
///
public Uri Issuer
{
get => Transaction.Issuer;
set => Transaction.Issuer = value;
}
///
/// Gets or sets the endpoint type that handled the request, if applicable.
///
public OpenIddictServerEndpointType EndpointType
{
get => Transaction.EndpointType;
set => Transaction.EndpointType = value;
}
///
/// Gets the logger responsible of logging processed operations.
///
public ILogger Logger => Transaction.Logger;
///
/// Gets the OpenIddict server options.
///
public OpenIddictServerOptions Options => Transaction.Options;
///
/// Gets or sets the OpenIddict request or null if it couldn't be extracted.
///
public OpenIddictRequest Request
{
get => Transaction.Request;
set => Transaction.Request = value;
}
///
/// Gets or sets the OpenIddict response, if applicable.
///
public OpenIddictResponse Response
{
get => Transaction.Response;
set => Transaction.Response = value;
}
}
[EditorBrowsable(EditorBrowsableState.Never)]
public abstract class BaseRequestContext : BaseContext
{
///
/// Creates a new instance of the class.
///
protected BaseRequestContext([NotNull] OpenIddictServerTransaction transaction)
: base(transaction)
{
}
///
/// Gets a boolean indicating whether the request was fully handled.
///
public bool IsRequestHandled { get; private set; }
///
/// Gets a boolean indicating whether the request processing was skipped.
///
public bool IsRequestSkipped { get; private set; }
///
/// Marks the request as fully handled. Once declared handled,
/// a request shouldn't be processed further by the underlying host.
///
public void HandleRequest() => IsRequestHandled = true;
///
/// Marks the request as skipped. Once declared skipped, a request
/// shouldn't be processed further by OpenIddict but should be allowed
/// to go through the next components in the processing pipeline
/// (if this pattern is supported by the underlying host).
///
public void SkipRequest() => IsRequestSkipped = true;
}
///
/// Represents an abstract base class used for certain event contexts.
///
[EditorBrowsable(EditorBrowsableState.Never)]
public abstract class BaseValidatingClientContext : BaseValidatingContext
{
///
/// Creates a new instance of the class.
///
protected BaseValidatingClientContext([NotNull] OpenIddictServerTransaction transaction)
: base(transaction)
{
}
///
/// Gets the "client_id" parameter for the current request.
/// The authorization server application is responsible for
/// validating this value to ensure it identifies a registered client.
///
public string ClientId => (string) Request[OpenIddictConstants.Parameters.ClientId];
///
/// Gets the "client_secret" parameter for the current request.
/// The authorization server application is responsible for
/// validating this value to ensure it identifies a registered client.
///
public string ClientSecret => (string) Request[OpenIddictConstants.Parameters.ClientSecret];
}
///
/// Represents an abstract base class used for certain event contexts.
///
[EditorBrowsable(EditorBrowsableState.Never)]
public abstract class BaseValidatingContext : BaseRequestContext
{
///
/// Creates a new instance of the class.
///
protected BaseValidatingContext([NotNull] OpenIddictServerTransaction transaction)
: base(transaction)
{
}
///
/// Gets a boolean indicating whether the request will be rejected.
///
public bool IsRejected { get; protected set; }
///
/// Gets or sets the "error" parameter returned to the client application.
///
public string Error { get; private set; }
///
/// Gets or sets the "error_description" parameter returned to the client application.
///
public string ErrorDescription { get; private set; }
///
/// Gets or sets the "error_uri" parameter returned to the client application.
///
public string ErrorUri { get; private set; }
///
/// Rejects the request.
///
public virtual void Reject() => IsRejected = true;
///
/// Rejects the request.
///
/// The "error" parameter returned to the client application.
public virtual void Reject(string error)
{
Error = error;
Reject();
}
///
/// Rejects the request.
///
/// The "error" parameter returned to the client application.
/// The "error_description" parameter returned to the client application.
public virtual void Reject(string error, string description)
{
Error = error;
ErrorDescription = description;
Reject();
}
///
/// Rejects the request.
///
/// The "error" parameter returned to the client application.
/// The "error_description" parameter returned to the client application.
/// The "error_uri" parameter returned to the client application.
public virtual void Reject(string error, string description, string uri)
{
Error = error;
ErrorDescription = description;
ErrorUri = uri;
Reject();
}
}
///
/// Represents an abstract base class used for certain event contexts.
///
[EditorBrowsable(EditorBrowsableState.Never)]
public abstract class BaseValidatingTicketContext : BaseValidatingContext
{
///
/// Creates a new instance of the class.
///
protected BaseValidatingTicketContext([NotNull] OpenIddictServerTransaction transaction)
: base(transaction)
{
}
///
/// Gets or sets the security principal.
///
public ClaimsPrincipal Principal { get; set; }
///
/// Gets the client identifier, or null if the client application is unknown.
///
public string ClientId => Request.ClientId;
}
///
/// Represents an event called when processing an incoming request.
///
public class ProcessRequestContext : BaseValidatingContext
{
///
/// Creates a new instance of the class.
///
public ProcessRequestContext([NotNull] OpenIddictServerTransaction transaction)
: base(transaction)
{
}
}
///
/// Represents an event called when processing an errored response.
///
public class ProcessErrorContext : BaseRequestContext
{
///
/// Creates a new instance of the class.
///
public ProcessErrorContext([NotNull] OpenIddictServerTransaction transaction)
: base(transaction)
{
}
}
///
/// Represents an event called when processing an authentication operation.
///
public class ProcessAuthenticationContext : BaseValidatingContext
{
///
/// Creates a new instance of the class.
///
public ProcessAuthenticationContext([NotNull] OpenIddictServerTransaction transaction)
: base(transaction)
{
}
///
/// Gets or sets the security principal.
///
public ClaimsPrincipal Principal { get; set; }
///
/// Gets or sets the token to validate.
///
public string Token { get; set; }
///
/// Gets or sets the expected type of the token.
///
public string TokenType { get; set; }
}
///
/// Represents an event called when processing a challenge response.
///
public class ProcessChallengeContext : BaseValidatingContext
{
///
/// Creates a new instance of the class.
///
public ProcessChallengeContext([NotNull] OpenIddictServerTransaction transaction)
: base(transaction)
{
}
}
///
/// Represents an event called when processing a sign-in response.
///
public class ProcessSignInContext : BaseValidatingTicketContext
{
///
/// Creates a new instance of the class.
///
public ProcessSignInContext([NotNull] OpenIddictServerTransaction transaction)
: base(transaction)
{
}
///
/// Gets or sets a boolean indicating whether an access token
/// should be returned to the client application.
/// Note: overriding the value of this property is generally not
/// recommended, except when dealing with non-standard clients.
///
public bool IncludeAccessToken { get; set; }
///
/// Gets or sets a boolean indicating whether an authorization code
/// should be returned to the client application.
/// Note: overriding the value of this property is generally not
/// recommended, except when dealing with non-standard clients.
///
public bool IncludeAuthorizationCode { get; set; }
///
/// Gets or sets a boolean indicating whether a device code
/// should be returned to the client application.
/// Note: overriding the value of this property is generally not
/// recommended, except when dealing with non-standard clients.
///
public bool IncludeDeviceCode { get; set; }
///
/// Gets or sets a boolean indicating whether an identity token
/// should be returned to the client application.
/// Note: overriding the value of this property is generally not
/// recommended, except when dealing with non-standard clients.
///
public bool IncludeIdentityToken { get; set; }
///
/// Gets or sets a boolean indicating whether a refresh token
/// should be returned to the client application.
/// Note: overriding the value of this property is generally not
/// recommended, except when dealing with non-standard clients.
///
public bool IncludeRefreshToken { get; set; }
///
/// Gets or sets a boolean indicating whether a user code
/// should be returned to the client application.
/// Note: overriding the value of this property is generally not
/// recommended, except when dealing with non-standard clients.
///
public bool IncludeUserCode { get; set; }
///
/// Gets or sets the principal containing the claims that
/// will be used to create the access token, if applicable.
///
public ClaimsPrincipal AccessTokenPrincipal { get; set; }
///
/// Gets or sets the principal containing the claims that
/// will be used to create the authorization code, if applicable.
///
public ClaimsPrincipal AuthorizationCodePrincipal { get; set; }
///
/// Gets or sets the principal containing the claims that
/// will be used to create the device code, if applicable.
///
public ClaimsPrincipal DeviceCodePrincipal { get; set; }
///
/// Gets or sets the principal containing the claims that
/// will be used to create the identity token, if applicable.
///
public ClaimsPrincipal IdentityTokenPrincipal { get; set; }
///
/// Gets or sets the principal containing the claims that
/// will be used to create the refresh token, if applicable.
///
public ClaimsPrincipal RefreshTokenPrincipal { get; set; }
///
/// Gets or sets the principal containing the claims that
/// will be used to create the user code, if applicable.
///
public ClaimsPrincipal UserCodePrincipal { get; set; }
}
///
/// Represents an event called when processing a sign-out response.
///
public class ProcessSignOutContext : BaseValidatingContext
{
///
/// Creates a new instance of the class.
///
public ProcessSignOutContext([NotNull] OpenIddictServerTransaction transaction)
: base(transaction)
{
}
}
}
}