-
Notifications
You must be signed in to change notification settings - Fork 541
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Adding PingOne Provider * updating documentation * fixing url for tests * adding test with custom domain * adding new version to package validation Co-authored-by: Martin Costello <[email protected]> * fixing casing the exception string Co-authored-by: Martin Costello <[email protected]> * updating changes from PR review * updating docs to reflect code change * Update documentation Minor documentation updates. --------- Co-authored-by: Andrew Killion <[email protected]> Co-authored-by: Martin Costello <[email protected]>
- Loading branch information
3 people
authored
Apr 16, 2023
1 parent
bfa6e42
commit f2be82d
Showing
14 changed files
with
736 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| # Integrating the PingOne Provider | ||
|
|
||
| ## Example | ||
|
|
||
| ```csharp | ||
| services.AddAuthentication(options => /* Auth configuration */) | ||
| .AddPingOne(options => | ||
| { | ||
| options.ClientId = "my-client-id"; | ||
| options.ClientSecret = "my-client-secret"; | ||
| options.EnvironmentId = "63e9d5c3-5bb8-462d-8f71-8e6b2592e516"; | ||
| }); | ||
| ``` | ||
|
|
||
| ## Required Additional Settings | ||
|
|
||
| | Property Name | Property Type | Description | Default Value | | ||
| |:--|:--|:--|:--| | ||
| | `EnvironmentId` | `string` | The PingOne EnvironmentId to use for authentication. This can be found on the `environment.properties` page of the PingOne admin portal for your account. | `""` | | ||
|
|
||
| ## Optional Settings | ||
|
|
||
| | Property Name | Property Type | Description | Default Value | | ||
| |:--|:--|:--|:--| | ||
| | `Domain` | `string?` | The PingOne domain to use for authentication. Can be a custom domain configured in PingOne or one of the following: `auth.pingone.com` for the United States region, `auth.pingone.ca` for the Canada region, `auth.pingone.eu` for the European Union region, or `auth.pingone.asia` for the Asia-Pacific region. | `"auth.pingone.com"` | | ||
|
|
25 changes: 25 additions & 0 deletions
25
src/AspNet.Security.OAuth.PingOne/AspNet.Security.OAuth.PingOne.csproj
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| <Project Sdk="Microsoft.NET.Sdk"> | ||
|
|
||
| <PropertyGroup> | ||
| <TargetFrameworks>$(DefaultNetCoreTargetFramework)</TargetFrameworks> | ||
| </PropertyGroup> | ||
|
|
||
|
|
||
| <!-- TODO Remove once published to NuGet.org --> | ||
| <PropertyGroup> | ||
| <DisablePackageBaselineValidation>true</DisablePackageBaselineValidation> | ||
| <PackageValidationBaselineVersion>7.0.1</PackageValidationBaselineVersion> | ||
| </PropertyGroup> | ||
|
|
||
| <PropertyGroup> | ||
| <Description>ASP.NET Core security provider enabling PingOne authentication.</Description> | ||
| <Authors>Drew Killion</Authors> | ||
| <PackageTags>pingone;aspnetcore;authentication;oauth;security</PackageTags> | ||
| </PropertyGroup> | ||
|
|
||
| <ItemGroup> | ||
| <FrameworkReference Include="Microsoft.AspNetCore.App" /> | ||
| <PackageReference Include="JetBrains.Annotations" PrivateAssets="All" /> | ||
| </ItemGroup> | ||
|
|
||
| </Project> |
53 changes: 53 additions & 0 deletions
53
src/AspNet.Security.OAuth.PingOne/PingOneAuthenticationDefaults.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| /* | ||
| * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0) | ||
| * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers | ||
| * for more information concerning the license and the contributors participating to this project. | ||
| */ | ||
|
|
||
| namespace AspNet.Security.OAuth.PingOne; | ||
|
|
||
| /// <summary> | ||
| /// Default values used by the PingOne authentication provider. | ||
| /// </summary> | ||
| public static class PingOneAuthenticationDefaults | ||
| { | ||
| /// <summary> | ||
| /// Default value for <see cref="AuthenticationScheme.Name"/>. | ||
| /// </summary> | ||
| public const string AuthenticationScheme = "PingOne"; | ||
|
|
||
| /// <summary> | ||
| /// Default value for <see cref="AuthenticationScheme.DisplayName"/>. | ||
| /// </summary> | ||
| public static readonly string DisplayName = "PingOne"; | ||
|
|
||
| /// <summary> | ||
| /// Default value for <see cref="AuthenticationSchemeOptions.ClaimsIssuer"/>. | ||
| /// </summary> | ||
| public static readonly string Issuer = "PingOne"; | ||
|
|
||
| /// <summary> | ||
| /// Default value for PingOne domain. | ||
| /// </summary> | ||
| public static readonly string Domain = "auth.pingone.com"; | ||
|
|
||
| /// <summary> | ||
| /// Default value for <see cref="RemoteAuthenticationOptions.CallbackPath"/>. | ||
| /// </summary> | ||
| public static readonly string CallbackPath = "/signin-pingone"; | ||
|
|
||
| /// <summary> | ||
| /// Default path format to use for <see cref="OAuthOptions.AuthorizationEndpoint"/>. | ||
| /// </summary> | ||
| public static readonly string AuthorizationEndpointPathFormat = "/{0}/as/authorize"; | ||
|
|
||
| /// <summary> | ||
| /// Default path format to use for <see cref="OAuthOptions.TokenEndpoint"/>. | ||
| /// </summary> | ||
| public static readonly string TokenEndpointPathFormat = "/{0}/as/token"; | ||
|
|
||
| /// <summary> | ||
| /// Default path format to use for <see cref="OAuthOptions.UserInformationEndpoint"/>. | ||
| /// </summary> | ||
| public static readonly string UserInformationEndpointPathFormat = "/{0}/as/userinfo"; | ||
| } |
77 changes: 77 additions & 0 deletions
77
src/AspNet.Security.OAuth.PingOne/PingOneAuthenticationExtensions.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,77 @@ | ||
| /* | ||
| * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0) | ||
| * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers | ||
| * for more information concerning the license and the contributors participating to this project. | ||
| */ | ||
|
|
||
| using AspNet.Security.OAuth.PingOne; | ||
| using Microsoft.Extensions.DependencyInjection.Extensions; | ||
| using Microsoft.Extensions.Options; | ||
|
|
||
| namespace Microsoft.Extensions.DependencyInjection; | ||
|
|
||
| /// <summary> | ||
| /// Extension methods to add PingOne authentication capabilities to an HTTP application pipeline. | ||
| /// </summary> | ||
| public static class PingOneAuthenticationExtensions | ||
| { | ||
| /// <summary> | ||
| /// Adds <see cref="PingOneAuthenticationHandler"/> to the specified | ||
| /// <see cref="AuthenticationBuilder"/>, which enables PingOne authentication capabilities. | ||
| /// </summary> | ||
| /// <param name="builder">The authentication builder.</param> | ||
| /// <returns>The <see cref="AuthenticationBuilder"/>.</returns> | ||
| public static AuthenticationBuilder AddPingOne([NotNull] this AuthenticationBuilder builder) | ||
| { | ||
| return builder.AddPingOne(PingOneAuthenticationDefaults.AuthenticationScheme, options => { }); | ||
| } | ||
|
|
||
| /// <summary> | ||
| /// Adds <see cref="PingOneAuthenticationHandler"/> to the specified | ||
| /// <see cref="AuthenticationBuilder"/>, which enables PingOne authentication capabilities. | ||
| /// </summary> | ||
| /// <param name="builder">The authentication builder.</param> | ||
| /// <param name="configuration">The delegate used to configure the PingOne options.</param> | ||
| /// <returns>The <see cref="AuthenticationBuilder"/>.</returns> | ||
| public static AuthenticationBuilder AddPingOne( | ||
| [NotNull] this AuthenticationBuilder builder, | ||
| [NotNull] Action<PingOneAuthenticationOptions> configuration) | ||
| { | ||
| return builder.AddPingOne(PingOneAuthenticationDefaults.AuthenticationScheme, configuration); | ||
| } | ||
|
|
||
| /// <summary> | ||
| /// Adds <see cref="PingOneAuthenticationHandler"/> to the specified | ||
| /// <see cref="AuthenticationBuilder"/>, which enables PingOne authentication capabilities. | ||
| /// </summary> | ||
| /// <param name="builder">The authentication builder.</param> | ||
| /// <param name="scheme">The authentication scheme associated with this instance.</param> | ||
| /// <param name="configuration">The delegate used to configure the PingOne options.</param> | ||
| /// <returns>The <see cref="AuthenticationBuilder"/>.</returns> | ||
| public static AuthenticationBuilder AddPingOne( | ||
| [NotNull] this AuthenticationBuilder builder, | ||
| [NotNull] string scheme, | ||
| [NotNull] Action<PingOneAuthenticationOptions> configuration) | ||
| { | ||
| return builder.AddPingOne(scheme, PingOneAuthenticationDefaults.DisplayName, configuration); | ||
| } | ||
|
|
||
| /// <summary> | ||
| /// Adds <see cref="PingOneAuthenticationHandler"/> to the specified | ||
| /// <see cref="AuthenticationBuilder"/>, which enables PingOne authentication capabilities. | ||
| /// </summary> | ||
| /// <param name="builder">The authentication builder.</param> | ||
| /// <param name="scheme">The authentication scheme associated with this instance.</param> | ||
| /// <param name="caption">The optional display name associated with this instance.</param> | ||
| /// <param name="configuration">The delegate used to configure the PingOne options.</param> | ||
| /// <returns>The <see cref="AuthenticationBuilder"/>.</returns> | ||
| public static AuthenticationBuilder AddPingOne( | ||
| [NotNull] this AuthenticationBuilder builder, | ||
| [NotNull] string scheme, | ||
| [CanBeNull] string caption, | ||
| [NotNull] Action<PingOneAuthenticationOptions> configuration) | ||
| { | ||
| builder.Services.TryAddSingleton<IPostConfigureOptions<PingOneAuthenticationOptions>, PingOnePostConfigureOptions>(); | ||
| return builder.AddOAuth<PingOneAuthenticationOptions, PingOneAuthenticationHandler>(scheme, caption, configuration); | ||
| } | ||
| } |
84 changes: 84 additions & 0 deletions
84
src/AspNet.Security.OAuth.PingOne/PingOneAuthenticationHandler.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,84 @@ | ||
| /* | ||
| * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0) | ||
| * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers | ||
| * for more information concerning the license and the contributors participating to this project. | ||
| */ | ||
|
|
||
| using System.Net.Http.Headers; | ||
| using System.Security.Claims; | ||
| using System.Text.Encodings.Web; | ||
| using System.Text.Json; | ||
| using Microsoft.Extensions.Logging; | ||
| using Microsoft.Extensions.Options; | ||
|
|
||
| namespace AspNet.Security.OAuth.PingOne; | ||
|
|
||
| /// <summary> | ||
| /// Defines a handler for authentication using PingOne. | ||
| /// </summary> | ||
| public partial class PingOneAuthenticationHandler : OAuthHandler<PingOneAuthenticationOptions> | ||
| { | ||
| /// <summary> | ||
| /// Initializes a new instance of the <see cref="PingOneAuthenticationHandler"/> class. | ||
| /// </summary> | ||
| /// <param name="options">The authentication options.</param> | ||
| /// <param name="logger">The logger to use.</param> | ||
| /// <param name="encoder">The URL encoder to use.</param> | ||
| /// <param name="clock">The system clock to use.</param> | ||
| public PingOneAuthenticationHandler( | ||
| [NotNull] IOptionsMonitor<PingOneAuthenticationOptions> options, | ||
| [NotNull] ILoggerFactory logger, | ||
| [NotNull] UrlEncoder encoder, | ||
| [NotNull] ISystemClock clock) | ||
| : base(options, logger, encoder, clock) | ||
| { | ||
| } | ||
|
|
||
| /// <inheritdoc /> | ||
| protected override async Task<AuthenticationTicket> CreateTicketAsync( | ||
| [NotNull] ClaimsIdentity identity, | ||
| [NotNull] AuthenticationProperties properties, | ||
| [NotNull] OAuthTokenResponse tokens) | ||
| { | ||
| string endpoint = Options.UserInformationEndpoint; | ||
|
|
||
| using var request = new HttpRequestMessage(HttpMethod.Get, endpoint); | ||
| request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); | ||
| request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.AccessToken); | ||
|
|
||
| using var response = await Backchannel.SendAsync(request, HttpCompletionOption.ResponseHeadersRead, Context.RequestAborted); | ||
| if (!response.IsSuccessStatusCode) | ||
| { | ||
| await Log.UserProfileErrorAsync(Logger, response, Context.RequestAborted); | ||
| throw new HttpRequestException("An error occurred while retrieving the user profile from PingOne."); | ||
| } | ||
|
|
||
| using var payload = JsonDocument.Parse(await response.Content.ReadAsStringAsync(Context.RequestAborted)); | ||
|
|
||
| var principal = new ClaimsPrincipal(identity); | ||
| var context = new OAuthCreatingTicketContext(principal, properties, Context, Scheme, Options, Backchannel, tokens, payload.RootElement); | ||
| context.RunClaimActions(); | ||
|
|
||
| await Events.CreatingTicket(context); | ||
| return new AuthenticationTicket(context.Principal!, context.Properties, Scheme.Name); | ||
| } | ||
|
|
||
| private static partial class Log | ||
| { | ||
| internal static async Task UserProfileErrorAsync(ILogger logger, HttpResponseMessage response, CancellationToken cancellationToken) | ||
| { | ||
| UserProfileError( | ||
| logger, | ||
| response.StatusCode, | ||
| response.Headers.ToString(), | ||
| await response.Content.ReadAsStringAsync(cancellationToken)); | ||
| } | ||
|
|
||
| [LoggerMessage(1, LogLevel.Error, "An error occurred while retrieving the user profile: the remote server returned a {Status} response with the following payload: {Headers} {Body}.")] | ||
| private static partial void UserProfileError( | ||
| ILogger logger, | ||
| System.Net.HttpStatusCode status, | ||
| string headers, | ||
| string body); | ||
| } | ||
| } |
Oops, something went wrong.