diff --git a/src/EAVFW.Extensions.EasyAuth.MicrosoftEntraId/EAVFW.Extensions.EasyAuth.MicrosoftEntraId.csproj b/src/EAVFW.Extensions.EasyAuth.MicrosoftEntraId/EAVFW.Extensions.EasyAuth.MicrosoftEntraId.csproj index 491b88b..27681c0 100644 --- a/src/EAVFW.Extensions.EasyAuth.MicrosoftEntraId/EAVFW.Extensions.EasyAuth.MicrosoftEntraId.csproj +++ b/src/EAVFW.Extensions.EasyAuth.MicrosoftEntraId/EAVFW.Extensions.EasyAuth.MicrosoftEntraId.csproj @@ -1,7 +1,7 @@ - net6.0 + net6.0;net8.0 EAVFW.Extensions.EasyAuth.MicrosoftEntraId Poul Kjeldager diff --git a/src/EAVFW.Extensions.EasyAuth.MicrosoftEntraId/MicrosoftEntraEasyAuthProvider.cs b/src/EAVFW.Extensions.EasyAuth.MicrosoftEntraId/MicrosoftEntraEasyAuthProvider.cs index 6177054..dc8971f 100644 --- a/src/EAVFW.Extensions.EasyAuth.MicrosoftEntraId/MicrosoftEntraEasyAuthProvider.cs +++ b/src/EAVFW.Extensions.EasyAuth.MicrosoftEntraId/MicrosoftEntraEasyAuthProvider.cs @@ -48,14 +48,16 @@ public async Task OnAuthenticate(HttpContext httpcontext, string handleId, strin { var email = httpcontext.Request.Query["email"].FirstOrDefault(); var redirectUri = httpcontext.Request.Query["redirectUri"].FirstOrDefault(); - - var ru = new RequestUrl(_options.Value.AuthorizationUrl); + var callbackUri = $"{httpcontext.Request.Scheme}://{httpcontext.Request.Host}{httpcontext.Request.Path}/callback"; + + var ru = new RequestUrl(_options.Value.GetMicrosoftAuthorizationUrl(httpcontext)); var authUri = ru.CreateAuthorizeUrl( clientId: _options.Value.ClientId, - redirectUri: _options.Value.RedirectUrl, + redirectUri: callbackUri, responseType: ResponseTypes.Code, responseMode: ResponseModes.FormPost, scope: _options.Value.Scope, + loginHint: String.IsNullOrEmpty(email) || email == "undefined" ? null : email, state: handleId + "&" + redirectUri); httpcontext.Response.Redirect(authUri); } @@ -66,25 +68,22 @@ public async Task OnAuthenticate(HttpContext httpcontext, string handleId, strin var state = m.State.Split(new char[] { '&' }, 2); var handleId = state[0]; var redirectUri = state[1]; + var callbackUri = $"{httpcontext.Request.Scheme}://{httpcontext.Request.Host}{httpcontext.Request.Path}"; + var http = _clientFactory.CreateClient(); var response = await http.RequestAuthorizationCodeTokenAsync(new AuthorizationCodeTokenRequest { - Address = _options.Value.TokenEndpoint, + Address = _options.Value.GetMicrosoftTokenEndpoint(httpcontext), ClientId = _options.Value.ClientId, ClientSecret = _options.Value.ClientSecret, Code = m.Code, - RedirectUri = _options.Value.RedirectUrl, + RedirectUri = callbackUri, }); - var handler = new JwtSecurityTokenHandler(); - var jwtSecurityToken = handler.ReadJwtToken(response.IdentityToken); - var jti = jwtSecurityToken.Claims.First(claim => claim.Type == "email").Value; - ClaimsPrincipal identity = await _options.Value.ValidateUserAsync(httpcontext, handleId, response); - if (identity == null) { - httpcontext.Response.Redirect("error=access_denied&error_subcode=user_not_found"); + httpcontext.Response.Redirect($"{httpcontext.Request.Scheme}://{httpcontext.Request.Host}callback?error=access_denied&error_subcode=user_not_found"); //return; } return await Task.FromResult((new ClaimsPrincipal(identity), redirectUri, handleId)); diff --git a/src/EAVFW.Extensions.EasyAuth.MicrosoftEntraId/MicrosoftEntraIdEasyAuthExtensions.cs b/src/EAVFW.Extensions.EasyAuth.MicrosoftEntraId/MicrosoftEntraIdEasyAuthExtensions.cs index 466371e..01cd745 100644 --- a/src/EAVFW.Extensions.EasyAuth.MicrosoftEntraId/MicrosoftEntraIdEasyAuthExtensions.cs +++ b/src/EAVFW.Extensions.EasyAuth.MicrosoftEntraId/MicrosoftEntraIdEasyAuthExtensions.cs @@ -12,12 +12,14 @@ namespace EAVFW.Extensions.EasyAuth.MicrosoftEntraId { public static class MicrosoftEntraIdEasyAuthExtensions { - public static AuthenticatedEAVFrameworkBuilder AddMicrosoftEntraIdEasyAuth(this AuthenticatedEAVFrameworkBuilder builder, Func> validateUserAsync) + public static AuthenticatedEAVFrameworkBuilder AddMicrosoftEntraIdEasyAuth(this AuthenticatedEAVFrameworkBuilder builder, Func> validateUserAsync, Func getMicrosoftAuthorizationUrl, Func getMicrosoftTokenEndpoint) { builder.AddAuthenticationProvider((options, config) => { config.GetSection("EAVEasyAuth:MicrosoftEntraId").Bind(options); options.ValidateUserAsync = validateUserAsync; + options.GetMicrosoftAuthorizationUrl = getMicrosoftAuthorizationUrl; + options.GetMicrosoftTokenEndpoint = getMicrosoftTokenEndpoint; }); return builder; diff --git a/src/EAVFW.Extensions.EasyAuth.MicrosoftEntraId/MicrosoftEntraIdEasyAuthOptions.cs b/src/EAVFW.Extensions.EasyAuth.MicrosoftEntraId/MicrosoftEntraIdEasyAuthOptions.cs index 2b7100a..6c4299d 100644 --- a/src/EAVFW.Extensions.EasyAuth.MicrosoftEntraId/MicrosoftEntraIdEasyAuthOptions.cs +++ b/src/EAVFW.Extensions.EasyAuth.MicrosoftEntraId/MicrosoftEntraIdEasyAuthOptions.cs @@ -1,7 +1,6 @@ using IdentityModel.Client; using Microsoft.AspNetCore.Http; using System; -using System.Collections.Generic; using System.Security.Claims; using System.Threading.Tasks; @@ -9,15 +8,14 @@ namespace EAVFW.Extensions.EasyAuth.MicrosoftEntraId { public class MicrosoftEntraIdEasyAuthOptions { - public string AuthorizationUrl { get; set; } public string ClientId { get; set; } public string ClientSecret { get; set; } public string TenantId { get; set; } public string GroupId { get; set; } public string Scope { get; set; } - public string TokenEndpoint { get; set; } - public string RedirectUrl { get; set; } - + + public Func GetMicrosoftAuthorizationUrl { get; set; } + public Func GetMicrosoftTokenEndpoint { get; set; } public Func> ValidateUserAsync { get; set; } } } \ No newline at end of file