using System; using System.Collections.Generic; using System.Net.Http; using System.Net.Http.Headers; using System.Text; using System.Threading.Tasks; using Microsoft.AspNetCore.Http; using Microsoft.Extensions.Logging; using Newtonsoft.Json; using WebAPI.Data.Dto.OIDC; namespace WebAPI.Data { public class OIDCService { protected class IntrospectionResponse { public bool Active { get; set; } } private HttpClient _httpClient { get; set; } private ILogger _logger { get; set; } public OIDCService(ILogger logger) { _logger = logger; _httpClient = new HttpClient(); } /// /// Simple check of an OIDC access token by attempting to hit the userinfo endpoint. /// /// access token to check /// success public async Task ValidateAccessToken(string accessToken) { Uri requestUri = new Uri($"https://{AppSettings.OIDCIntrospectionEndpoint}"); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, requestUri); request.Content = new FormUrlEncodedContent(new Dictionary() { {"token", accessToken} }); string encodedAuth = Convert.ToBase64String(Encoding.GetEncoding(Encoding.Latin1.CodePage) .GetBytes($"{AppSettings.OIDCClientId}:{AppSettings.OIDCClientSecret}")); request.Headers.Authorization = new AuthenticationHeaderValue("Basic", encodedAuth); HttpResponseMessage response = await _httpClient.SendAsync(request); if (!response.IsSuccessStatusCode) { return false; } var responsecontent = await response.Content.ReadAsStringAsync(); return JsonConvert.DeserializeObject(responsecontent).Active; } public async Task GetTokenDetails(string accessToken) { HttpRequestMessage requestMessage = new HttpRequestMessage(HttpMethod.Get, $"https://{AppSettings.OIDCUserInfoEndpoint}"); requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken); HttpResponseMessage response = await _httpClient.SendAsync(requestMessage); if (!response.IsSuccessStatusCode) { return null; } var responsecontent = await response.Content.ReadAsStringAsync(); return JsonConvert.DeserializeObject(responsecontent); } } }