Created
January 10, 2024 02:34
-
-
Save poojarsn/be12ac3c49d65c7d9b78d57fa220b32c to your computer and use it in GitHub Desktop.
Code Verifier and Nonce
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#region private methods | |
private void RememberCodeVerifier(RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> n, string codeVerifier) | |
{ | |
var properties = new AuthenticationProperties(); | |
properties.Dictionary.Add("cv", codeVerifier); | |
//if left blank or set to 0, the setting is not used. OOTB default is 15min | |
if(ConfigurationManager.AppSettings[AzureB2CConstants.Keys.NonceLifetime] != null && | |
double.TryParse("30", out double lifetime) && lifetime > 0) | |
{ | |
n.Options.ProtocolValidator.NonceLifetime = TimeSpan.FromMinutes(lifetime); | |
} | |
n.Options.CookieManager.AppendResponseCookie( | |
n.OwinContext, | |
GetCodeVerifierKey(n.ProtocolMessage.State), | |
Convert.ToBase64String(Encoding.UTF8.GetBytes(n.Options.StateDataFormat.Protect(properties))), | |
new CookieOptions | |
{ | |
SameSite = SameSiteMode.None, | |
HttpOnly = true, | |
Secure = n.Request.IsSecure, | |
Expires = DateTime.UtcNow + n.Options.ProtocolValidator.NonceLifetime | |
}); | |
} | |
private string GetCodeVerifierKey(string state) | |
{ | |
using (var hash = SHA256.Create()) | |
{ | |
return OpenIdConnectAuthenticationDefaults.CookiePrefix + "cv." + Convert.ToBase64String(hash.ComputeHash(Encoding.UTF8.GetBytes(state))); | |
} | |
} | |
private string RetrieveCodeVerifier(AuthorizationCodeReceivedNotification n) | |
{ | |
string key = GetCodeVerifierKey(n.ProtocolMessage.State); | |
string codeVerifierCookie = n.Options.CookieManager.GetRequestCookie(n.OwinContext, key); | |
if (codeVerifierCookie != null) | |
{ | |
var cookieOptions = new CookieOptions | |
{ | |
SameSite = SameSiteMode.None, | |
HttpOnly = true, | |
Secure = n.Request.IsSecure | |
}; | |
n.Options.CookieManager.DeleteCookie(n.OwinContext, key, cookieOptions); | |
var cookieProperties = n.Options.StateDataFormat.Unprotect(Encoding.UTF8.GetString(Convert.FromBase64String(codeVerifierCookie))); | |
cookieProperties.Dictionary.TryGetValue("cv", out var codeVerifier); | |
return codeVerifier; | |
} | |
return string.Empty; | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment