You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
82 lines
3.0 KiB
82 lines
3.0 KiB
using IdentityModel.Client;
|
|
using Microsoft.AspNetCore.Authentication;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using System.Globalization;
|
|
using System.Net.Http;
|
|
using System.Net.Http.Headers;
|
|
using System.Text.Json;
|
|
using System.Threading.Tasks;
|
|
|
|
namespace Client.Controllers
|
|
{
|
|
public class HomeController : Controller
|
|
{
|
|
private readonly IHttpClientFactory _httpClientFactory;
|
|
private readonly IDiscoveryCache _discoveryCache;
|
|
|
|
public HomeController(IHttpClientFactory httpClientFactory, IDiscoveryCache discoveryCache)
|
|
{
|
|
_httpClientFactory = httpClientFactory;
|
|
_discoveryCache = discoveryCache;
|
|
}
|
|
|
|
[AllowAnonymous]
|
|
public IActionResult Index() => View();
|
|
|
|
public IActionResult Secure() => View();
|
|
|
|
public IActionResult Logout() => SignOut("oidc");
|
|
|
|
public async Task<IActionResult> CallApi()
|
|
{
|
|
var token = await HttpContext.GetTokenAsync("access_token");
|
|
|
|
var client = _httpClientFactory.CreateClient();
|
|
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
|
|
|
|
var response = await client.GetStringAsync(Urls.SampleApi + "/identity");
|
|
var json = JsonDocument.Parse(response);
|
|
|
|
ViewBag.Json = JsonSerializer.Serialize(json, new JsonSerializerOptions { WriteIndented = true });
|
|
return View();
|
|
}
|
|
|
|
public async Task<IActionResult> RefreshToken()
|
|
{
|
|
var disco = await _discoveryCache.GetAsync();
|
|
if (disco.IsError) throw new Exception(disco.Error);
|
|
|
|
var rt = await HttpContext.GetTokenAsync("refresh_token");
|
|
var tokenClient = _httpClientFactory.CreateClient();
|
|
|
|
var tokenResult = await tokenClient.RequestRefreshTokenAsync(new RefreshTokenRequest
|
|
{
|
|
Address = disco.TokenEndpoint,
|
|
ClientId = "interactive",
|
|
ClientSecret = "49C1A7E1-0C79-4A89-A3D6-A37998FB86B0",
|
|
RefreshToken = rt
|
|
});
|
|
|
|
if (!tokenResult.IsError)
|
|
{
|
|
//var oldIdToken = await HttpContext.GetTokenAsync("id_token");
|
|
var newAccessToken = tokenResult.AccessToken;
|
|
var newRefreshToken = tokenResult.RefreshToken;
|
|
var expiresAt = DateTime.UtcNow + TimeSpan.FromSeconds(tokenResult.ExpiresIn);
|
|
|
|
var info = await HttpContext.AuthenticateAsync("Cookies");
|
|
|
|
info.Properties.UpdateTokenValue("refresh_token", newRefreshToken);
|
|
info.Properties.UpdateTokenValue("access_token", newAccessToken);
|
|
info.Properties.UpdateTokenValue("expires_at", expiresAt.ToString("o", CultureInfo.InvariantCulture));
|
|
|
|
await HttpContext.SignInAsync("Cookies", info.Principal, info.Properties);
|
|
return Redirect("~/Home/Secure");
|
|
}
|
|
|
|
ViewData["Error"] = tokenResult.Error;
|
|
return View("Error");
|
|
}
|
|
}
|
|
}
|