using System;
|
using System.Collections.Generic;
|
using System.ComponentModel;
|
using System.Linq;
|
using System.Text.Json;
|
using System.Xml.Serialization;
|
|
namespace OpenTap.Authentication
|
{
|
/// <summary>
|
/// Represents a set of Oauth2/OpenID Connect tokens (access and possibly refresh token) that grants access to a given domain.
|
/// </summary>
|
public class TokenInfo
|
{
|
/// <summary>
|
/// An enumeration of known token kinds
|
/// </summary>
|
private enum TokenKind
|
{
|
Jwt,
|
UserToken
|
}
|
|
/// <summary>
|
/// The kind of token this instance contains
|
/// </summary>
|
private TokenKind Kind => DetermineTokenKind();
|
|
private TokenKind DetermineTokenKind()
|
{
|
// Repository user tokens are guaranteed to never contain a period.
|
return AccessToken.Contains(".") ? TokenKind.Jwt : TokenKind.UserToken;
|
}
|
|
static DateTime unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc);
|
|
/// <summary>
|
/// Raw access token string. This value can be used as a Bearer token. The HttpClient
|
/// returned from <see cref="AuthenticationSettings.GetClient"/> will automatically do
|
/// this for requests that go to domains that match <see cref="Domain"/>.
|
/// </summary>
|
public string AccessToken { get; set; }
|
|
/// <summary>
|
/// Raw refresh token string. May be null if no refresh token is available.
|
/// </summary>
|
public string RefreshToken { get; set; }
|
|
private string domain;
|
/// <summary>
|
/// The hostname or IP address this token is intended for. Used by the HttpClient
|
/// returned from <see cref="AuthenticationSettings.GetClient"/> to determine which TokenInfo
|
/// in the <see cref="AuthenticationSettings.Tokens"/> list to use for a given request.
|
/// </summary>
|
public string Domain
|
{
|
get => domain;
|
set
|
{
|
if (Uri.IsWellFormedUriString(value, UriKind.Absolute))
|
throw new ArgumentException("Domain should only be the host part of a URI and not a full absolute URI.");
|
domain = value;
|
}
|
}
|
|
private Dictionary<string, string> _Claims;
|
/// <summary>
|
/// Claims contained in the <see cref="AccessToken"/>.
|
/// </summary>
|
public IReadOnlyDictionary<string, string> Claims
|
{
|
get
|
{
|
if (_Claims == null)
|
_Claims = GetClaims();
|
return _Claims;
|
}
|
}
|
|
private Dictionary<string, string> GetClaims()
|
{
|
if (Kind == TokenKind.Jwt)
|
return GetPayload().RootElement.EnumerateObject().ToDictionary(c => c.Name, c => c.Value.ToString());
|
return new Dictionary<string, string>();
|
}
|
|
/// <summary> Expiration date of the <see cref="AccessToken"/>. </summary>
|
[XmlIgnore]
|
[Obsolete("Expiration time is not supported. Future token types may not contain expiration information. " +
|
"Consider manually decoding the token if you know the specific format.")]
|
public DateTime Expiration =>
|
Kind == TokenKind.Jwt ? unixEpoch.AddSeconds(long.Parse(Claims["exp"])) : DateTime.MaxValue;
|
|
JsonDocument payload;
|
|
JsonDocument GetPayload()
|
{
|
if (payload != null) return payload;
|
var payloadData = AccessToken.Split('.')[1];
|
payload = JsonDocument.Parse(Base64UrlDecode(payloadData));
|
return payload;
|
}
|
|
|
byte[] Base64UrlDecode(string encoded)
|
{
|
string substituded = encoded;
|
substituded = substituded.Replace('-', '+');
|
substituded = substituded.Replace('_', '/');
|
while (substituded.Length % 4 != 0)
|
{
|
substituded += '=';
|
}
|
return Convert.FromBase64String(substituded);
|
}
|
|
/// <summary>
|
/// Constructor used by serializer, please use constructor with arguments from user code.
|
/// </summary>
|
[EditorBrowsable(EditorBrowsableState.Never)]
|
public TokenInfo()
|
{
|
|
}
|
|
/// <summary>
|
/// Default constructor from user code
|
/// </summary>
|
/// <param name="access_token">The raw token string for the access token</param>
|
/// <param name="refresh_token">Access, Refresh or ID type</param>
|
/// <param name="domain">Domain name for which this token is valid</param>
|
public TokenInfo(string access_token, string refresh_token, string domain)
|
{
|
AccessToken = access_token;
|
RefreshToken = refresh_token;
|
Domain = domain;
|
}
|
|
/// <summary> Creates a TokenInfo object based on the given OAuth response (json format). </summary>
|
public static TokenInfo FromResponse(string response, string domain)
|
{
|
var ti = new TokenInfo();
|
ti.Domain = domain;
|
var json = JsonDocument.Parse(response);
|
|
if (json.RootElement.TryGetProperty("access_token", out var accessTokenData))
|
ti.AccessToken = accessTokenData.GetString();
|
|
if (json.RootElement.TryGetProperty("refresh_token", out var refreshTokenData))
|
ti.RefreshToken = refreshTokenData.GetString();
|
return ti;
|
}
|
}
|
}
|
