C# Class OpenIdConnect.Client.Common.OpenIdConnectClient

This client will handle the require steps to perform the user's SignIn and SignOut flows. Note that most flows require a Start (redirect to somewhere else) and a Complete invocation, that should be done in the endpoint that is provided in the "redirectUri" parameter.

Inheritance: IOpenIdConnectClient

Show file Open project: sapo/sapo-services-sdk Class Usage Examples

Public Methods

Method	Description
CompleteSignIn ( string code, string state, string redirectUri ) : Task	Completes the SignIn flow. This is the final step in the SignIn flow, that will exchange the authorization code for a access_token. At this point, the client will perform a "backend" request where it will authenticate itself on the token_endpoint, so the access_token can be generated.
GetUserInfo ( AccessTokenResponse accessTokenResponse ) : string>>.Task	Obtains the user's claims, from the userInfo endpoint, given the user's access_token
OpenIdConnectClient ( OpenIdConnectAuthenticationSettings openIdSettings, ISessionStateStore sessionSessionStateStore ) : System	Creates a new OpenIdConnectAuthenticationHandler with the default exchanger (uses HttpClient).
OpenIdConnectClient ( OpenIdConnectAuthenticationSettings openIdSettings, ISessionStateStore sessionSessionStateStore, ICodeForAccessTokenExchanger codeForAccessTokenExchanger ) : System	Creates a new OpenIdConnectAuthenticationHandler.
StartSignIn ( string redirectUri ) : HttpRedirectResponse	Starts the SignIn flow. This will redirect the user to the SDB Connect IdG Endpoint, where the user will perform a series for redirect hops until authenticated. Then, the user will be redirect to redirectUri to complete the SignIn at application level. The steps are: 1. Redirect to SDB Connect IdG to perform the sign in 2. The user performs a series of hops (transparent to the application) to complete the authentication at federation level. 3. Callback to the application sign in redirect URI, where the application receives a "code" (authorization code) 4. The application should then call the CompleteSignIn method to retrieve the access_token from the given "code" The next step should be to exchange the received "code" for an access_token, using the CompleteSignIn method.
StartSignOut ( AccessTokenResponse accessTokenResponse, string redirectUri ) : HttpRedirectResponse	Starts the SignOut flow. You should start this step before cleaning up the user session, because this can be done in the final redirect. The steps are: 1. Redirect to SDB Connect IdG to perform the sign out at federation level 2. Callback to the application sign out redirect URI to cleanup at application level

Private Methods

Method	Description
GetIdentityGatewayOicSignInEndpoint ( string redirectUri ) : Uri	Build the sign in endpoint URI
GetIdentityGatewayOicSignOutEndpoint ( AccessTokenResponse accessTokenResponse, string redirectUri ) : Uri	Build the sign out endpoint URI

Method Details

CompleteSignIn() public method

Completes the SignIn flow. This is the final step in the SignIn flow, that will exchange the authorization code for a access_token. At this point, the client will perform a "backend" request where it will authenticate itself on the token_endpoint, so the access_token can be generated.

public CompleteSignIn ( string code, string state, string redirectUri ) : Task
code	string	The "code" that was provided in the StartSignIn callback.
state	string	The "state" that was provided in the StartSignIn callback.
redirectUri	string	The original redirect URI that was provided to the StartSignIn method.
return	Task

GetUserInfo() public method

Obtains the user's claims, from the userInfo endpoint, given the user's access_token

public GetUserInfo ( AccessTokenResponse accessTokenResponse ) : string>>.Task
accessTokenResponse	OpenIdConnect.Client.Common.Representations.AccessTokenResponse	/// The token endpoint's access token response (when the user completed the SignIn flow). /// We need the access_token that was returned in this response. ///
return	string>>.Task

OpenIdConnectClient() public method

Creates a new OpenIdConnectAuthenticationHandler with the default exchanger (uses HttpClient).

public OpenIdConnectClient ( OpenIdConnectAuthenticationSettings openIdSettings, ISessionStateStore sessionSessionStateStore ) : System
openIdSettings	OpenIdConnectAuthenticationSettings	/// The OpenId client and server settings. /// This includes the client_id and client_secret, as well as the server endpoints. ///
sessionSessionStateStore	ISessionStateStore	/// A session store that will be used to save the state parameters, for CSRF protection. ///
return	System

OpenIdConnectClient() public method

Creates a new OpenIdConnectAuthenticationHandler.

public OpenIdConnectClient ( OpenIdConnectAuthenticationSettings openIdSettings, ISessionStateStore sessionSessionStateStore, ICodeForAccessTokenExchanger codeForAccessTokenExchanger ) : System
openIdSettings	OpenIdConnectAuthenticationSettings	/// The OpenId client and server settings. /// This includes the client_id and client_secret, as well as the server endpoints. ///
sessionSessionStateStore	ISessionStateStore	/// A session store that will be used to save the state parameters, for CSRF protection. ///
codeForAccessTokenExchanger	ICodeForAccessTokenExchanger	/// A instance of someone that can exchange authorization codes for access tokens. ///
return	System

StartSignIn() public method

Starts the SignIn flow. This will redirect the user to the SDB Connect IdG Endpoint, where the user will perform a series for redirect hops until authenticated. Then, the user will be redirect to redirectUri to complete the SignIn at application level. The steps are: 1. Redirect to SDB Connect IdG to perform the sign in 2. The user performs a series of hops (transparent to the application) to complete the authentication at federation level. 3. Callback to the application sign in redirect URI, where the application receives a "code" (authorization code) 4. The application should then call the CompleteSignIn method to retrieve the access_token from the given "code" The next step should be to exchange the received "code" for an access_token, using the CompleteSignIn method.

public StartSignIn ( string redirectUri ) : HttpRedirectResponse
redirectUri	string	/// The callback URI where the application will call the CompleteSignIn, to exchange the "code" for an "access_token". ///
return	OpenIdConnect.Client.Common.Representations.HttpRedirectResponse

StartSignOut() public method

Starts the SignOut flow. You should start this step before cleaning up the user session, because this can be done in the final redirect. The steps are: 1. Redirect to SDB Connect IdG to perform the sign out at federation level 2. Callback to the application sign out redirect URI to cleanup at application level

public StartSignOut ( AccessTokenResponse accessTokenResponse, string redirectUri ) : HttpRedirectResponse
accessTokenResponse	OpenIdConnect.Client.Common.Representations.AccessTokenResponse	/// The token endpoint's access token response (when the user completed the sign in flow). /// We need the id_token that was returned in this response. ///
redirectUri	string	/// The callback URI where the application will cleanup the user's session ///
return	OpenIdConnect.Client.Common.Representations.HttpRedirectResponse