いよいよ今回はid_tokenを実装してImplicit Flowを書いてみます。
https://qiita.com/gunji10/items/59deea8326aa75eeea6c
今回はAuthコントローラーのみ修正します。
http://localhost:5000/op/auth
Controllers/AuthController.cs
usingSystem;usingSystem.IO;usingSystem.Collections.Generic;usingSystem.Linq;usingSystem.Threading.Tasks;usingMicrosoft.AspNetCore.Http;usingMicrosoft.AspNetCore.Mvc;usingMicrosoft.EntityFrameworkCore;usingmyop.Models;usingMicrosoft.IdentityModel.Tokens;usingSystem.Security.Claims;usingSystem.Security.Cryptography;usingSystem.IdentityModel.Tokens.Jwt;usingSystem.Text;namespacemyop.Controllers{[Route("op/[controller]")][ApiController]publicclassAuthController:ControllerBase{privatereadonlymyopContext_context;stringCLIENT_ID;stringRESPONSE_TYPE;stringREDIRECT_URI;stringSCOPE;stringSTATE;stringNONCE;publicAuthController(myopContextcontext){_context=context;}// GET: op/auth[HttpGet]publicasyncTask<ActionResult>doGet(){CLIENT_ID=HttpContext.Request.Query["client_id"].ToString();RESPONSE_TYPE=HttpContext.Request.Query["response_type"].ToString();REDIRECT_URI=HttpContext.Request.Query["redirect_uri"].ToString();SCOPE=HttpContext.Request.Query["scope"].ToString();STATE=HttpContext.Request.Query["state"].ToString();NONCE=HttpContext.Request.Query["nonce"].ToString();varclient=await_context.Clients.FindAsync(CLIENT_ID);if(client==null){returnnull;}if(client.RedirectUris!=System.Web.HttpUtility.UrlDecode(REDIRECT_URI))returnnull;stringrandom=Guid.NewGuid().ToString("N").ToUpper();stringrefresh=Guid.NewGuid().ToString("N").ToUpper();stringparam="&state="+STATE;if(RESPONSE_TYPE=="code"){if(client.GrantTypes!="authorization_code")returnnull;varcode=newCode{Id=random,UserId="admin",Query=HttpContext.Request.QueryString.Value.Substring(1),Iat=DateTime.Now};_context.Add(code);param="?code="+random+param;}elseif(RESPONSE_TYPE=="token id_token"){if(client.GrantTypes!="implicit")returnnull;varaccess_token=await_context.Tokens.FindAsync("admin");if(access_token!=null){_context.Tokens.Remove(access_token);await_context.SaveChangesAsync();}access_token=newToken{Id="admin",AccessToken=random,RefreshToken=refresh,Scope=SCOPE,Iat=DateTime.Now};_context.Add(access_token);SHA256Managedhashstring=newSHA256Managed();byte[]bytes=Encoding.Default.GetBytes(random);byte[]hash=hashstring.ComputeHash(bytes);Byte[]sixteen_bytes=newByte[16];Array.Copy(hash,sixteen_bytes,16);varclaims=new[]{newClaim(JwtRegisteredClaimNames.Sub,"admin"),newClaim(JwtRegisteredClaimNames.AtHash,Convert.ToBase64String(sixteen_bytes).Trim('=')),newClaim(JwtRegisteredClaimNames.Nonce,NONCE)};varpemStr=System.IO.File.ReadAllText(@"./private.pem");varbase64=pemStr.Replace("-----BEGIN RSA PRIVATE KEY-----",string.Empty).Replace("-----END RSA PRIVATE KEY-----",string.Empty).Replace("\r\n",string.Empty).Replace("\n",string.Empty);varder=Convert.FromBase64String(base64);usingvarrsa=RSA.Create();rsa.ImportRSAPrivateKey(der,out_);varkey=newRsaSecurityKey(rsa);key.KeyId="testkey";varcreds=newSigningCredentials(key,SecurityAlgorithms.RsaSha256);varjwtHeader=newJwtHeader(creds);varjwtPayload=newJwtPayload(issuer:"https://raspberry.pi/op",audience:CLIENT_ID,claims:claims,notBefore:DateTime.Now,expires:DateTime.Now.AddMinutes(600),issuedAt:DateTime.Now);varjwt=newJwtSecurityToken(jwtHeader,jwtPayload);varid_token=newJwtSecurityTokenHandler().WriteToken(jwt);param="#access_token="+random+"&token_type=bearer&id_token="+id_token+param;}else{returnnull;}await_context.SaveChangesAsync();returnRedirect(REDIRECT_URI+param);}}}