Setup runthrough of OAuth process
Docker Build and Release Upload / build (push) Failing after 2m18s
Docker Build and Release Upload / build (push) Failing after 2m18s
This commit is contained in:
@@ -2,6 +2,8 @@
|
||||
using Auth.Services.DatabaseService;
|
||||
using System.Web.Http;
|
||||
using Auth.Entities;
|
||||
using System.Text;
|
||||
using System.Security.Cryptography;
|
||||
|
||||
namespace Auth.Controllers {
|
||||
[ApiController]
|
||||
@@ -10,10 +12,28 @@ namespace Auth.Controllers {
|
||||
|
||||
public OAuthController(DatabaseService db) : base(db) {}
|
||||
|
||||
private string GenerateCodeChallenge(string codeVerifier) {
|
||||
using var sha256 = SHA256.Create();
|
||||
var bytes = sha256.ComputeHash(Encoding.ASCII.GetBytes(codeVerifier));
|
||||
return Base64UrlEncode(bytes);
|
||||
}
|
||||
|
||||
private string Base64UrlEncode(byte[] input) {
|
||||
return Convert.ToBase64String(input)
|
||||
.TrimEnd('=')
|
||||
.Replace('+', '-')
|
||||
.Replace('/', '_');
|
||||
}
|
||||
|
||||
[HttpGet("/authorize")]
|
||||
public async Task<ActionResult> Authorize([FromQuery] AuthorizationRequest request) {
|
||||
try {
|
||||
|
||||
// Verify login
|
||||
// create guid
|
||||
// set guid to account
|
||||
// save account to database
|
||||
|
||||
return NotFound("User is not logged in");
|
||||
} catch (Exception ex) {
|
||||
Console.WriteLine("Delete Error: " + ex.Message);
|
||||
@@ -21,11 +41,55 @@ namespace Auth.Controllers {
|
||||
}
|
||||
}
|
||||
|
||||
[HttpGet("/token")]
|
||||
[HttpPost("/token")]
|
||||
public async Task<ActionResult> Token([FromForm] TokenRequest request) {
|
||||
try {
|
||||
|
||||
return NotFound("User is not logged in");
|
||||
// Validate Grant Code
|
||||
if (request.GrantType != "authorization_code") {
|
||||
return BadRequest(new { error = "unsupported_grant_type" });
|
||||
}
|
||||
|
||||
// Validate Required Parameters
|
||||
if (string.IsNullOrEmpty(request.Code) || string.IsNullOrEmpty(request.RedirectUri) || string.IsNullOrEmpty(request.CodeVerifier)) {
|
||||
return BadRequest(new { error = "invalid_request" });
|
||||
}
|
||||
|
||||
// Check if LoginToken is expired
|
||||
var authCode = AuthorizationCodeStore.Get(request.Code);
|
||||
if (authCode == null || authCode.IsExpired) {
|
||||
return BadRequest(new { error = "invalid_grant" });
|
||||
}
|
||||
|
||||
// Verify redirect_uri matches
|
||||
if (!string.Equals(authCode.RedirectUri, request.RedirectUri, StringComparison.Ordinal)) {
|
||||
return BadRequest(new { error = "invalid_grant" });
|
||||
}
|
||||
|
||||
// 5. Verify code_verifier (PKCE check)
|
||||
var expectedChallenge = GenerateCodeChallenge(request.CodeVerifier);
|
||||
if (authCode.CodeChallenge != expectedChallenge) {
|
||||
return BadRequest(new { error = "invalid_grant", error_description = "PKCE verification failed" });
|
||||
}
|
||||
|
||||
// 6. Optionally verify client_id/client_secret (for confidential clients)
|
||||
// ...
|
||||
|
||||
// 7. Issue access token (and refresh token if needed)
|
||||
var accessToken = TokenService.GenerateAccessToken(authCode.UserId, authCode.ClientId, authCode.Scope);
|
||||
var refreshToken = TokenService.GenerateRefreshToken(authCode.UserId, authCode.ClientId);
|
||||
|
||||
// 8. Invalidate used authorization code (one-time use)
|
||||
AuthorizationCodeStore.Remove(request.Code);
|
||||
|
||||
// 9. Return token response
|
||||
return Ok(new {
|
||||
access_token = accessToken,
|
||||
token_type = "Bearer",
|
||||
expires_in = 3600,
|
||||
refresh_token = refreshToken
|
||||
});
|
||||
|
||||
} catch (Exception ex) {
|
||||
Console.WriteLine("Delete Error: " + ex.Message);
|
||||
return NotFound("An internal server error has occured");
|
||||
|
||||
Reference in New Issue
Block a user