Skip to content

Instantly share code, notes, and snippets.

@davidfowl

davidfowl/oidc.cs

Last active Apr 23, 2020
Embed
What would you like to do?
services.AddOptions<OpenIdConnectOptions>()
.Configure<IOIDCPipelineStore, IHttpContextAccessor>((oidcPipelineStore, accessor, options) =>
{
options.ProtocolValidator = new MyOpenIdConnectProtocolValidator(oidcPipelineStore, accessor)
{
RequireTimeStampInNonce = false,
RequireStateValidation = false,
RequireNonce = true,
NonceLifetime = TimeSpan.FromMinutes(15)
};
});
public class MyOpenIdConnectProtocolValidator : OpenIdConnectProtocolValidator
{
private readonly IOIDCPipelineStore _oidcPipelineStore;
private readonly IHttpContextAccessor _accessor;
public MyOpenIdConnectProtocolValidator(IOIDCPipelineStore oidcPipelineStore, IHttpContextAccessor accessor)
{
_oidcPipelineStore = oidcPipelineStore;
_accessor = accessor;
}
public override string GenerateNonce()
{
var oidcPipelineStore = _oidcPipelineStore;
var httpContextAccessor = _accessor
string nonce = httpContextAccessor.HttpContext.GetOIDCPipeLineKey();
// This is bad, file an issue to support making this call to GenerateNonce async.
var original = oidcPipelineStore.GetOriginalIdTokenRequestAsync(nonce).GetAwaiter().GetResult();
if (original != null)
{
if (!string.IsNullOrWhiteSpace(original.Nonce))
{
return original.Nonce;
}
}
nonce = Convert.ToBase64String(Encoding.UTF8.GetBytes(Guid.NewGuid().ToString() + Guid.NewGuid().ToString()));
if (RequireTimeStampInNonce)
{
return DateTime.UtcNow.Ticks.ToString(CultureInfo.InvariantCulture) + "." + nonce;
}
return nonce;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment