poojarsn/AzureB2c-CodeVerifier

## AzureB2c-CodeVerifier
  #region private methods
        private void RememberCodeVerifier(RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> n, string codeVerifier)
        {
            var properties = new AuthenticationProperties();
            properties.Dictionary.Add("cv", codeVerifier);

            //if left blank or set to 0, the setting is not used. OOTB default is 15min
            if(ConfigurationManager.AppSettings[AzureB2CConstants.Keys.NonceLifetime] != null &&
                double.TryParse("30", out double lifetime) && lifetime > 0)
            {
                n.Options.ProtocolValidator.NonceLifetime = TimeSpan.FromMinutes(lifetime);
            }
            n.Options.CookieManager.AppendResponseCookie(
                n.OwinContext,
                GetCodeVerifierKey(n.ProtocolMessage.State),
                Convert.ToBase64String(Encoding.UTF8.GetBytes(n.Options.StateDataFormat.Protect(properties))),
                new CookieOptions
                {
                    SameSite = SameSiteMode.None,
                    HttpOnly = true,
                    Secure = n.Request.IsSecure,
                    Expires = DateTime.UtcNow + n.Options.ProtocolValidator.NonceLifetime
                });
        }

        private string GetCodeVerifierKey(string state)
        {
            using (var hash = SHA256.Create())
            {
                return OpenIdConnectAuthenticationDefaults.CookiePrefix + "cv." + Convert.ToBase64String(hash.ComputeHash(Encoding.UTF8.GetBytes(state)));
            }
        }

        private string RetrieveCodeVerifier(AuthorizationCodeReceivedNotification n)
        {
            string key = GetCodeVerifierKey(n.ProtocolMessage.State);

            string codeVerifierCookie = n.Options.CookieManager.GetRequestCookie(n.OwinContext, key);
            if (codeVerifierCookie != null)
            {
                var cookieOptions = new CookieOptions
                {
                    SameSite = SameSiteMode.None,
                    HttpOnly = true,
                    Secure = n.Request.IsSecure
                };

                n.Options.CookieManager.DeleteCookie(n.OwinContext, key, cookieOptions);
                var cookieProperties = n.Options.StateDataFormat.Unprotect(Encoding.UTF8.GetString(Convert.FromBase64String(codeVerifierCookie)));
                cookieProperties.Dictionary.TryGetValue("cv", out var codeVerifier);
                return codeVerifier;
            }

            return string.Empty;
        }
	#region private methods
	private void RememberCodeVerifier(RedirectToIdentityProviderNotification<OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> n, string codeVerifier)
	{
	var properties = new AuthenticationProperties();
	properties.Dictionary.Add("cv", codeVerifier);

	//if left blank or set to 0, the setting is not used. OOTB default is 15min
	if(ConfigurationManager.AppSettings[AzureB2CConstants.Keys.NonceLifetime] != null &&
	double.TryParse("30", out double lifetime) && lifetime > 0)
	{
	n.Options.ProtocolValidator.NonceLifetime = TimeSpan.FromMinutes(lifetime);
	}
	n.Options.CookieManager.AppendResponseCookie(
	n.OwinContext,
	GetCodeVerifierKey(n.ProtocolMessage.State),
	Convert.ToBase64String(Encoding.UTF8.GetBytes(n.Options.StateDataFormat.Protect(properties))),
	new CookieOptions
	{
	SameSite = SameSiteMode.None,
	HttpOnly = true,
	Secure = n.Request.IsSecure,
	Expires = DateTime.UtcNow + n.Options.ProtocolValidator.NonceLifetime
	});
	}

	private string GetCodeVerifierKey(string state)
	{
	using (var hash = SHA256.Create())
	{
	return OpenIdConnectAuthenticationDefaults.CookiePrefix + "cv." + Convert.ToBase64String(hash.ComputeHash(Encoding.UTF8.GetBytes(state)));
	}
	}

	private string RetrieveCodeVerifier(AuthorizationCodeReceivedNotification n)
	{
	string key = GetCodeVerifierKey(n.ProtocolMessage.State);

	string codeVerifierCookie = n.Options.CookieManager.GetRequestCookie(n.OwinContext, key);
	if (codeVerifierCookie != null)
	{
	var cookieOptions = new CookieOptions
	{
	SameSite = SameSiteMode.None,
	HttpOnly = true,
	Secure = n.Request.IsSecure
	};

	n.Options.CookieManager.DeleteCookie(n.OwinContext, key, cookieOptions);
	var cookieProperties = n.Options.StateDataFormat.Unprotect(Encoding.UTF8.GetString(Convert.FromBase64String(codeVerifierCookie)));
	cookieProperties.Dictionary.TryGetValue("cv", out var codeVerifier);
	return codeVerifier;
	}

	return string.Empty;
	}