Indetityserver4-implicit-grant-types-request flow Description-Part 2

The previous article describes the request process. This article describes the relevant source code.

1. Access the protected resources of the Client

GET/home/secure HTTP/1.1 HTTP/1.1 302 found

Date: Tue, 23 Oct 2018 09:02:40 GMT
Location: http: // 127.0.0.1: 5000/connect/authorize? Client_id = MVC & redirect_uri = http: // 127.0.0.1: 5002/signin-oidc & response_type = id_token & scope = openid Profile & response_mode = form_post & nonce = 636758... & State = CFD... Zli0fuvlcmps & X-client-SKU = id_net & X-client-ver = 2.1.4.0

 

The secure action code is as follows:

        [Authorize]        public IActionResult Secure()        {            ViewData["Message"] = "Secure page.";            return View();        }

View code

1.1 authorizationpolicy

The difference is that the authorize is used to modify the action, which is somewhat tortuous. In the end, it is equivalent to adding an authorizerfilte to the filterdescriptors attribute of actioncontext. The policy of this filter is denyanonymousauthorizationrequirement, it is consistent with the [authorize] definition.

For more information about the MVC filter, see the official documentation. I personally think it is mainly to practice the idea of AOP.

1.2 challenged

The result of the filter execution is

 

The Project address is here. The principles of DOTNET core authorization and authentication are mainly five extension methods. The relevant code is in the http?actions project.

1.3 generate redirect

 

The options for configuring oidc in mvcclient will be assigned to the openidconnectmessage object, and the redirecturl in the final stitching will be:

    public class Startup    {        public void ConfigureServices(IServiceCollection services)        {            services.AddMvc();            JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();            services.AddAuthentication(options =>                {                    options.DefaultScheme = "Cookies";                    options.DefaultChallengeScheme = "oidc";                })                .AddCookie("Cookies")                .AddOpenIdConnect("oidc", options =>                {                    options.SignInScheme = "Cookies";                    options.Authority = "http://127.0.0.1:5000";                    options.RequireHttpsMetadata = false;                    options.ClientId = "mvc";                    options.SaveTokens = true;                });        }

View code

1.4 openidconnectoptions

Many default settings of oidc can be seen here. For example, if the scope is not set, "openid" and "Profile" are requested by default"

 

2 redirect to: Request identity service authorization

 

GET/connect/authorize? Client_id = MVC & redirect_uri = http % 3A % 2f % 2f127. 0.0.1% 3a5002% 2fsignin-oidc & response_type = id_tok

 

HTTP/1.1 302 found

Location: http: // 127.0.0.1: 5000/account/login? Returnurl = % 2 fconnect % 2 fauthorize % 2fca... % 26x-client-ver % 3d2. 1.4.0

2.1 identityservermiddleware

The Project address is here

In starup of identityserver

App. useidentityserver ();

It submits the identityservermiddleware middleware to the app pipeline,

2.2 endpoint

I personally think that various endpoints are used to implement the identityserver, And the endpoints are linked to the path,

        public static class ProtocolRoutePaths        {            public const string Authorize              = "connect/authorize";            public const string AuthorizeCallback      = Authorize + "/callback";            public const string DiscoveryConfiguration = ".well-known/openid-configuration";            public const string DiscoveryWebKeys       = DiscoveryConfiguration + "/jwks";            public const string Token                  = "connect/token";            public const string Revocation             = "connect/revocation";            public const string UserInfo               = "connect/userinfo";            public const string Introspection          = "connect/introspect";            public const string EndSession             = "connect/endsession";            public const string EndSessionCallback     = EndSession + "/callback";            public const string CheckSession           = "connect/checksession";                        public static readonly string[] CorsPaths =            {                DiscoveryConfiguration,                DiscoveryWebKeys,                Token,                UserInfo,                Revocation            };

View code

 

For example, the request address is/connect/authorize ?, It obtains authorizeendpoint.

 

2.3 loginpageresult

VaR result = endpoint. processasync (context );

The endpoint is the result object after processing,

 

Similar to endpoint, identityserver implements various results

 

But loginpageresult is about requesting redirect to/account/login ?, This is consistent with the packet capture process 3 description.

In the subsequent jump process in identityserver, you can view the source code in a similar way and do not describe it one by one.

 

------- I feel that writing code is now becoming physical, and there is no technology at all.

 

Indetityserver4-implicit-grant-types-request flow Description-Part 2