oxd .Net#
The following documentation demonstrates how to use Gluu's commercial OAuth 2.0 client software, oxd, to send users from a .Net app to an OpenID Connect Provider (OP) for login. You can securely send users to any standard OP for login, including Google and the free open source Gluu Server.
Note
Refer to the oxd csharp library docs for more details on c# classes.
Installation:#
Attention:
Application will not work if your host does not have https://.
Configuration:#
First set the GluuDemoWebsite as startup project and run.
How to use:#
- Download source code for demo client application oxd-csharp
- First set the GluuDemoWebsite as startup project
- Run the project
Sample Code#
Register Site#
Required parameters: * op_host * port - the port of the oxd server * redirectURI - A URL which the OP is authorized to redirect the user after authorization.
Request:
public RegisterSiteResponse RegisterSite(string host, int port, string redirectUrl)
{
try
{
CommandClient client = new CommandClient(host, port);
RegisterSiteParams param = new RegisterSiteParams();
param.SetAuthorizationRedirectUri(redirectUrl);
param.SetPostLogoutRedirectUri(redirectUrl);
param.SetClientLogoutUri(Lists.newArrayList(new string[] { "" }));
Command cmd = new Command(CommandType.register_site);
cmd.setParamsObject(param);
string commandresponse = client.send(cmd);
RegisterSiteResponse response = new RegisterSiteResponse(JsonConvert.DeserializeObject<dynamic>(commandresponse).data);
Assert.IsNotNull(response);
Assert.IsTrue(!String.IsNullOrEmpty(response.getOxdId()));
StoredValues._oxd_id = response.getOxdId();
return response;
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
Logger.Debug(ex.Message);
return null;
}
}
Response:
{
"status":"ok",
"data":{
"oxd_id":"6F9619FF-8B86-D011-B42D-00CF4FC964FF"
}
}
Update Site Registration#
Required parameters: * op_host * port
Request:
public UpdateSiteResponse UpdateSiteRegisteration(string host, int port)
{
try
{
CommandClient client = new CommandClient(host, port);
UpdateSiteParams param = new UpdateSiteParams();
param.SetOxdId(StoredValues._oxd_id);
param.SetAuthorizationRedirectUri("http://www.test.com/wp-login.php");
param.SetPostLogoutRedirectUri("http://www.test.com/wp-login.php?action=logout&_wpnonce=a3c70643e9");
param.SetApplicationType("web");
param.SetRedirectUris(Lists.newArrayList(new string[] { "http://www.test.com/wp-login.php" }));
param.SetAcrValues(new List<string>());
param.SetClientJwksUri("");
param.SetContacts(Lists.newArrayList(new string[] { "test@gmail.com" }));
param.SetGrantType(Lists.newArrayList(new string[] { "authorization_code" }));
param.SetClientTokenEndpointAuthMethod("");
param.SetClientLogoutUri(Lists.newArrayList(new string[] { "http://www.test.com/wp-login.php?action=logout&_wpnonce=a3c70643e9" }));
Command cmd = new Command(CommandType.update_site_registration);
cmd.setParamsObject(param);
string commandresponse = client.send(cmd);
UpdateSiteResponse response = new UpdateSiteResponse(JsonConvert.DeserializeObject<dynamic>(commandresponse).data);
Assert.IsNotNull(response);
Assert.IsTrue(!String.IsNullOrEmpty(response.getOxdId()));
return response;
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
Logger.Debug(ex.Message);
return null;
}
}
Response:
{
"status":"ok"
}
Get Authorization URL#
Required parameters: * op_host * port
Request:
public string GetAuthorizationURL(string host, int port)
{
try
{
CommandClient client = new CommandClient(host, port);
GetAuthorizationUrlParams param = new GetAuthorizationUrlParams();
param.SetOxdId(StoredValues._oxd_id);
param.SetAcrValues(new List<string>());
Command cmd = new Command(CommandType.get_authorization_url);
cmd.setParamsObject(param);
string response = client.send(cmd);
GetAuthorizationUrlResponse res = new GetAuthorizationUrlResponse(JsonConvert.DeserializeObject<dynamic>(response).data);
Assert.IsNotNull(res);
Assert.IsTrue(!String.IsNullOrEmpty(res.getAuthorizationUrl()));
return res.getAuthorizationUrl();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
Logger.Debug(ex.Message);
return ex.Message;
}
}
Response:
{
"status":"ok",
"data":{
"authorization_url":"https://server.example.com/authorize?response_type=code&client_id=s6BhdRkqt3&redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb&scope=openid%20profile&acr_values=duo&state=af0ifjsldkj&nonce=n-0S6_WzA2Mj"
}
}
Get Tokens by Code#
Required parameters: * op_host * port * userId * userSecret
Request:
public GetTokensByCodeResponse GetTokenByCode(string host, int port, string userId, string userSecret)
{
try
{
CommandClient client = new CommandClient(host, port);
GetTokensByCodeParams param = new GetTokensByCodeParams();
param.SetOxdId(StoredValues._oxd_id);
param.SetCode(get_authorization_code.GetAuthorizationCode(host, port, userId, userSecret));
param.SetScopes(Lists.newArrayList(new string[] { "openid", "profile" }));
Command cmd = new Command(CommandType.get_tokens_by_code);
cmd.setParamsObject(param);
string commandresponse = client.send(cmd);
GetTokensByCodeResponse response = new GetTokensByCodeResponse(JsonConvert.DeserializeObject<dynamic>(commandresponse).data);
Assert.IsNotNull(response);
return response;
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
Logger.Debug(ex.Message);
return null;
}
}
Response:
{
"status":"ok",
"data":{
"access_token":"SlAV32hkKG",
"expires_in":3600,
"refresh_token":"aaAV32hkKG1"
"id_token":"eyJ0 ... NiJ9.eyJ1c ... I6IjIifX0.DeWt4Qu ... ZXso",
"id_token_claims": {
"iss": "https://server.example.com",
"sub": "24400320",
"aud": "s6BhdRkqt3",
"nonce": "n-0S6_WzA2Mj",
"exp": 1311281970,
"iat": 1311280970,
"at_hash": "MTIzNDU2Nzg5MDEyMzQ1Ng"
}
}
}
public static string GetAuthorizationCode(string host, int port, string userId, string userSecret)
{
try
{
CommandClient client = new CommandClient(host, port);
GetAuthorizationCodeParams param = new GetAuthorizationCodeParams();
param.SetOxdId(StoredValues._oxd_id);
param.SetUserName(userId);
param.SetPassword(userSecret);
param.SetAcrValues(new List<string>());
Command cmd = new Command(CommandType.get_authorization_code);
cmd.setParamsObject(param);
string response = client.send(cmd);
GetAuthorizationCodeResponse res = new GetAuthorizationCodeResponse(JsonConvert.DeserializeObject<dynamic>(response).data);
Assert.IsNotNull(res);
Assert.IsTrue(!String.IsNullOrEmpty(res.getCode()));
return res.getCode();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
Logger.Debug(ex.Message);
return ex.Message;
}
}
Get User Info#
Required parameters: * op_host * port * accessToken
Request:
public GetUserInfoResponse GetUserInfo(string host, int port, string accessToken)
{
try
{
CommandClient client = new CommandClient(host, port);
GetUserInfoParams param = new GetUserInfoParams();
param.setOxdId(StoredValues._oxd_id);
param.setAccessToken(accessToken);
Command cmd = new Command(CommandType.get_user_info);
cmd.setParamsObject(param);
string response = client.send(cmd);
GetUserInfoResponse res = new GetUserInfoResponse(JsonConvert.DeserializeObject<dynamic>(response).data);
Assert.IsNotNull(res);
return res;
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
Logger.Debug(ex.Message);
return null;
}
}
Response:
{
"status":"ok",
"data":{
"claims":{
"sub": ["248289761001"],
"name": ["Jane Doe"],
"given_name": ["Jane"],
"family_name": ["Doe"],
"preferred_username": ["j.doe"],
"email": ["janedoe@example.com"],
"picture": ["http://example.com/janedoe/me.jpg"]
}
}
}
Logout#
Required parameters: * op_host * port
Request:
public LogoutResponse GetLogoutURL(string host, int port)
{
try
{
CommandClient client = new CommandClient(host, port);
GetLogoutUrlParams param = new GetLogoutUrlParams();
param.setOxdId(StoredValues._oxd_id);
param.setIdTokenHint("dummy_token");
param.setState(Guid.NewGuid().ToString());
Command cmd = new Command(CommandType.get_logout_uri);
cmd.setParamsObject(param);
string response = client.send(cmd);
LogoutResponse res = new LogoutResponse(JsonConvert.DeserializeObject<dynamic>(response).data);
Assert.IsNotNull(res);
return res;
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
Logger.Debug(ex.Message);
return null;
}
}
Response:
{
"status":"ok",
"data":{
"uri":"https://<server>/end_session?id_token_hint=<id token>&state=<state>&post_logout_redirect_uri=<...>"
}
}
UMA RS Resource protection#
Request:
private UmaRsProtectResponse ProtectResources(OxdModel oxdModel)
{
var protectParams = new UmaRsProtectParams();
var protectClient = new UmaRsProtectClient();
//prepare input params for Protect Resource
protectParams.OxdId = oxdModel.OxdId;
protectParams.ProtectResources = new List<ProtectResource>
{
new ProtectResource
{
Path = "/scim",
ProtectConditions = new List<ProtectCondition>
{
new ProtectCondition
{
HttpMethods = new List<string> { "GET" },
Scopes = new List<string> { "https://scim-test.gluu.org/identity/seam/resource/restv1/scim/vas1" }, // Your hosted Gluu server URL
TicketScopes = new List<string> { "https://scim-test.gluu.org/identity/seam/resource/restv1/scim/vas1" } // Your hosted Gluu server URL
}
}
}
};
//Protect Resources
var protectResponse = protectClient.ProtectResources(oxdModel.OxdHost, oxdModel.OxdPort, protectParams);
//process response
if(protectResponse.Status.ToLower().Equals("ok"))
{
return protectResponse;
}
throw new Exception("Procteting Resource is not successful. Check OXD Server log for error details.");
}
UMA RS Check access#
Request:
private UmaRsCheckAccessResponse CheckAccess(string rpt, string path, string httpMethod, OxdModel oxdModel)
{
var checkAccessParams = new UmaRsCheckAccessParams();
var checkAccessClient = new UmaRsCheckAccessClient();
//prepare input params for Check Access
checkAccessParams.OxdId = oxdModel.OxdId;
checkAccessParams.RPT = rpt;
checkAccessParams.Path = path;
checkAccessParams.HttpMethod = httpMethod;
//Check Access
var checkAccessResponse = checkAccessClient.CheckAccess(oxdModel.OxdHost, oxdModel.OxdPort, checkAccessParams);
//process response
return checkAccessResponse;
}
Response:
Access Denied with valid Ticket
UMA Get RPT#
Request:
private GetRPTResponse ObtainRpt(OxdModel oxdModel)
{
var getRptParams = new UmaRpGetRptParams();
var getRptClient = new UmaRpGetRptClient();
//prepare input params for Protect Resource
getRptParams.OxdId = oxdModel.OxdId;
getRptParams.ForceNew = false;
//Get RPT
var getRptResponse = getRptClient.GetRPT(oxdModel.OxdHost, oxdModel.OxdPort, getRptParams);
//process response
if (getRptResponse.Status.ToLower().Equals("ok"))
{
return getRptResponse;
}
throw new Exception("Obtaining RPT is not successful. Check OXD Server log for error details.");
}
Response:
Expect a valid RPT is returned
1) UMA RS Check access with valid RPT Request:
UMA RS Check access again with valid RPT
Response:
Access Denied with valid data
2) Authorize RPT
Request:
private UmaRpAuthorizeRptResponse AuthorizeRpt(string rpt, string ticket, OxdModel oxdModel)
{
var authorizeRptParams = new UmaRpAuthorizeRptParams();
var authorizeRptClient = new UmaRpAuthorizeRptClient();
//prepare input params for Check Access
authorizeRptParams.OxdId = oxdModel.OxdId;
authorizeRptParams.RPT = rpt;
authorizeRptParams.Ticket = ticket;
//Authorize RPT
var authorizeRptResponse = authorizeRptClient.AuthorizeRpt(oxdModel.OxdHost, oxdModel.OxdPort, authorizeRptParams);
//process response
return authorizeRptResponse;
}
Response:
Status should be ok
3) UMA RS Check access (Check Access again after authorizing RPT) Request:
UMA RS Check access again after authorizing RPT
Response:
Access Granted
UMA Get GAT#
Request:
public ActionResult GetGat(OxdModel oxd)
{
var getGatInputParams = new GetGATParams();
var getGatClient = new GetGATClient();
//prepare input params for Getting GAT
getGatInputParams.OxdId = oxd.OxdId;
getGatInputParams.Scopes = new List<string> {
"https://scim-test.gluu.org/identity/seam/resource/restv1/scim/vas1",
"https://scim-test.gluu.org/identity/seam/resource/restv1/scim/vas2" };
//Get GAT
var getGatResponse = getGatClient.GetGat(oxd.OxdHost, oxd.OxdPort, getGatInputParams);
//Process response
return Json(new { getGatResponse = getGatResponse.Data.Rpt });
}