You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
219 lines
8.1 KiB
219 lines
8.1 KiB
/*
|
|
* Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0)
|
|
* See https://github.com/openiddict/openiddict-core for more information concerning
|
|
* the license and the contributors participating to this project.
|
|
*/
|
|
|
|
using System.Security.Claims;
|
|
using Microsoft.IdentityModel.JsonWebTokens;
|
|
using Microsoft.IdentityModel.Tokens;
|
|
|
|
namespace OpenIddict.Server;
|
|
|
|
public static partial class OpenIddictServerEvents
|
|
{
|
|
/// <summary>
|
|
/// Represents an event called when generating a token.
|
|
/// </summary>
|
|
public sealed class GenerateTokenContext : BaseValidatingContext
|
|
{
|
|
/// <summary>
|
|
/// Creates a new instance of the <see cref="GenerateTokenContext"/> class.
|
|
/// </summary>
|
|
public GenerateTokenContext(OpenIddictServerTransaction transaction)
|
|
: base(transaction)
|
|
{
|
|
}
|
|
|
|
/// <summary>
|
|
/// Gets or sets the request, or <see langword="null"/> if it is not available.
|
|
/// </summary>
|
|
public OpenIddictRequest? Request
|
|
{
|
|
get => Transaction.Request;
|
|
set => Transaction.Request = value;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Gets or sets the client identifier of the application
|
|
/// the resulting token will be issued to, if applicable.
|
|
/// </summary>
|
|
public string? ClientId { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets a boolean indicating whether a token entry
|
|
/// should be created to persist token metadata in a database.
|
|
/// </summary>
|
|
public bool CreateTokenEntry { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets a boolean indicating whether a reference token should be used
|
|
/// and, if applicable, returned to the caller instead of the actual token payload.
|
|
/// </summary>
|
|
public bool IsReferenceToken { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets a boolean indicating whether the token payload
|
|
/// should be persisted alongside the token metadata in the database.
|
|
/// </summary>
|
|
public bool PersistTokenPayload { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets the security principal that will be derived to create the token.
|
|
/// </summary>
|
|
public ClaimsPrincipal Principal { get; set; } = default!;
|
|
|
|
/// <summary>
|
|
/// Gets or sets the encryption credentials used to encrypt the token.
|
|
/// </summary>
|
|
public EncryptingCredentials? EncryptionCredentials
|
|
{
|
|
get => SecurityTokenDescriptor.EncryptingCredentials;
|
|
set => SecurityTokenDescriptor.EncryptingCredentials = value;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Gets or sets the signing credentials used to sign the token.
|
|
/// </summary>
|
|
public SigningCredentials? SigningCredentials
|
|
{
|
|
get => SecurityTokenDescriptor.SigningCredentials;
|
|
set => SecurityTokenDescriptor.SigningCredentials = value;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Gets the security token descriptor used to create the token.
|
|
/// </summary>
|
|
public SecurityTokenDescriptor SecurityTokenDescriptor { get; } = new();
|
|
|
|
/// <summary>
|
|
/// Gets or sets the security token handler used to serialize the security principal.
|
|
/// </summary>
|
|
public JsonWebTokenHandler SecurityTokenHandler { get; set; } = default!;
|
|
|
|
/// <summary>
|
|
/// Gets or sets the token returned to the client application.
|
|
/// </summary>
|
|
public string? Token { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets the format of the token (e.g JWT or ASP.NET Core Data Protection) to create.
|
|
/// </summary>
|
|
public string TokenFormat { get; set; } = default!;
|
|
|
|
/// <summary>
|
|
/// Gets or sets the type of the token to create.
|
|
/// </summary>
|
|
public string TokenType { get; set; } = default!;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Represents an event called when validating a token.
|
|
/// </summary>
|
|
public sealed class ValidateTokenContext : BaseValidatingContext
|
|
{
|
|
/// <summary>
|
|
/// Creates a new instance of the <see cref="ValidateTokenContext"/> class.
|
|
/// </summary>
|
|
public ValidateTokenContext(OpenIddictServerTransaction transaction)
|
|
: base(transaction)
|
|
{
|
|
}
|
|
|
|
/// <summary>
|
|
/// Gets or sets the request, or <see langword="null"/> if it is not available.
|
|
/// </summary>
|
|
public OpenIddictRequest? Request
|
|
{
|
|
get => Transaction.Request;
|
|
set => Transaction.Request = value;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Gets or sets a boolean indicating whether audience validation is disabled.
|
|
/// </summary>
|
|
public bool DisableAudienceValidation { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets a boolean indicating whether lifetime validation is disabled.
|
|
/// </summary>
|
|
public bool DisableLifetimeValidation { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets a boolean indicating whether presenter validation is disabled.
|
|
/// </summary>
|
|
public bool DisablePresenterValidation { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets the security token handler used to validate the token.
|
|
/// </summary>
|
|
public JsonWebTokenHandler SecurityTokenHandler { get; set; } = default!;
|
|
|
|
/// <summary>
|
|
/// Gets or sets the validation parameters used to verify the authenticity of tokens.
|
|
/// </summary>
|
|
public TokenValidationParameters TokenValidationParameters { get; set; } = default!;
|
|
|
|
/// <summary>
|
|
/// Gets or sets the token to validate.
|
|
/// </summary>
|
|
public string Token { get; set; } = default!;
|
|
|
|
/// <summary>
|
|
/// Gets or sets the format of the token (e.g JWT or ASP.NET Core Data Protection) to validate, if applicable.
|
|
/// </summary>
|
|
public string? TokenFormat { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets the token type hint specified by the client, if applicable.
|
|
/// </summary>
|
|
public string? TokenTypeHint { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets a boolean indicating whether the validated token is a reference token.
|
|
/// </summary>
|
|
public bool IsReferenceToken { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets the authorization entry identifier associated with the token, if applicable.
|
|
/// </summary>
|
|
public string? AuthorizationId { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets the token entry identifier associated with the token, if applicable.
|
|
/// </summary>
|
|
public string? TokenId { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets or sets the security principal resolved from the token.
|
|
/// </summary>
|
|
public ClaimsPrincipal? Principal { get; set; }
|
|
|
|
/// <summary>
|
|
/// Gets the characters that are allowed to be present in tokens.
|
|
/// If no character was added, all characters are considered valid.
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// Characters that are not present in this set are automatically ignored
|
|
/// when validating a self-contained token or making a database lookup.
|
|
/// </remarks>
|
|
public HashSet<string> AllowedCharset { get; } = new(StringComparer.Ordinal);
|
|
|
|
/// <summary>
|
|
/// Gets the audiences that are considered valid. If no value
|
|
/// is explicitly specified, all audiences are considered valid.
|
|
/// </summary>
|
|
public HashSet<string> ValidAudiences { get; } = new(StringComparer.Ordinal);
|
|
|
|
/// <summary>
|
|
/// Gets the presenters that are considered valid. If no value
|
|
/// is explicitly specified, all presenters are considered valid.
|
|
/// </summary>
|
|
public HashSet<string> ValidPresenters { get; } = new(StringComparer.Ordinal);
|
|
|
|
/// <summary>
|
|
/// Gets the token types that are considered valid.
|
|
/// </summary>
|
|
public HashSet<string> ValidTokenTypes { get; } = new(StringComparer.OrdinalIgnoreCase);
|
|
}
|
|
}
|
|
|