CSharp#
Installation#
Prerequisites#
- .Net Framework 4.5 or higher
- Gluu oxd server - Installation docs
Library#
- Install from NuGet - Use the NuGet Package Manager Console of Visual Studio
Tools>NuGet Package Manager>Package Manager Consoleto install the Gluu.Oxd.OxdCSharp package, by running the following command:
PM> Install-Package Gluu.Oxd.OxdCSharp
- Source from Github - Download the zip of the oxd CSharp library
Important Links#
- oxd docs
- oxd-Csharp API docs for the auto-generated Csharp docs, which includes more in-depth information about the various functions and parameters
- See the code of a sample .Net app built using oxd-sharp
- Browse the oxd-csharp source code on Github
Configuration#
oxd-csharp uses a configuration file to specify information needed to configure the OpenID Connect client. If OpenID dynamic client registration is used, the config file needs to be writable by the app, because oxd will save the client id and client secret to this file.
oxd-csharp can communicate with the oxd server via sockets or HTTPS.
Below are minimal configuration examples for sockets and HTTPS transport. The oxd_config.json file contains a full list of configuration parameters and sample values.
Note
The client hostname should be a valid hostname (FQDN), not a localhost or an IP Address
Configuration for oxd-server via sockets:
"connection_type": "local",
"oxd_host": "127.0.0.1",
"oxd_host_port": 8099
Configuration for oxd-https-extension:
"connection_type": "web",
"http_rest_url": "https://127.0.0.1:8443"
Sample Code#
oxdCsharp OpenID Connect Namespaces
using oxdCSharp.Clients;
using oxdCSharp.CommandResponses;
using oxdCSharp.CommandParameters;
oxdCsharp UMA Namespaces
using oxdCSharp.UMA.Clients;
using oxdCSharp.UMA.CommandParameters;
using oxdCSharp.UMA.CommandResponses;
Set Up Client#
Setup Client using oxd-server
public ActionResult SetupClient(string oxdHost, int oxdPort, string OpHost, string redirectUrl)
{
//prepare input params for Setup client
var setupClientInputParams = new SetupClientParams()
{
AuthorizationRedirectUri = redirectUrl,
OpHost = OpHost,
ClientName = "<Your Client Name>",
Scope = new List<string> { "openid", "profile", "email", "uma_protection", "uma_authorization" },
GrantTypes = new List<string> { "authorization_code", "client_credentials", "uma_ticket" }
};
var setupClientClient = new SetupClientClient();
var setupClientResponse = new SetupClientResponse();
setupClientResponse = setupClientClient.SetupClient(oxdHost, oxdPort, setupClientInputParams);
return Json(new { oxdId = oxd.OxdId, clientId = setupClientResponse.Data.clientId, clientSecret = setupClientResponse.Data.clientSecret });
}
Set Up Client using oxd-https-extension
public ActionResult SetupClient( string oxdHttpsUrl, string OpHost, string redirectUrl)
{
//prepare input params for Setup client
var setupClientInputParams = new SetupClientParams()
{
AuthorizationRedirectUri = redirectUrl,
OpHost = OpHost,
ClientName = "<Your Client Name>",
Scope = new List<string> { "openid", "profile", "email", "uma_protection", "uma_authorization" },
GrantTypes = new List<string> { "authorization_code", "client_credentials", "uma_ticket" }
};
var setupClientClient = new SetupClientClient();
var setupClientResponse = new SetupClientResponse();
setupClientResponse = setupClientClient.SetupClient(oxdHttpsUrl, setupClientInputParams);
return Json(new { oxdId = oxd.OxdId, clientId = setupClientResponse.Data.clientId, clientSecret = setupClientResponse.Data.clientSecret });
}
Response:
{
"status": "ok",
"data": {
"oxd_id": "6F9619FF-8B86-D011-B42D-00CF4FC964FF",
"op_host": "https://idp.example.com",
"client_id": "@!E64E.B7E6.3AC4.6CB9!0001!C05E.F402!0008!98F7.EB7B.6213.6527",
"client_secret": "173d55ff-5a4f-429c-b50d-7899b616912a",
"client_registration_access_token": "f8975472-240a-4395-b96d-6ef492f50b9e",
"client_registration_client_uri": "https://idp.example.com/oxauth/restv1/register?client_id=@!E64E.B7E6.3AC4.6CB9!0001!C05E.F402!0008!98F7.EB7B.6213.6527",
"client_id_issued_at": 1504353408,
"client_secret_expires_at": 1504439808
}
}
Get Client Token#
Get Client Token using oxd-server
public string GetProtectionAccessToken(string oxdHost, int oxdPort, string OpHost, string ClientId, string clientSecret)
{
//prepare input params for Client Registration
var getClientAccessTokenParams = new GetClientTokenParams()
{
clientId = clientid,
clientSecret = clientsecret,
opHost = OpHost
};
var getClientAccessToken = new GetClientTokenClient();
string protectionAccessToken = getClientAccessToken.GetClientToken(oxdHost, oxdPort, getClientAccessTokenParams()).Data.accessToken;
return protectionAccessToken;
}
Get Client Token using oxd-https-extension
public string GetProtectionAccessToken( string oxdHttpsUrl, string OpHost, string ClientId, string clientSecret)
{
//prepare input params for Client Registration
var getClientAccessTokenParams = new GetClientTokenParams()
{
clientId = clientid,
clientSecret = clientsecret,
opHost = OpHost
};
var getClientAccessToken = new GetClientTokenClient();
string protectionAccessToken = getClientAccessToken.GetClientToken(oxdHttpsUrl, getClientAccessTokenParams()).Data.accessToken;
return protectionAccessToken;
}
Response:
{
"status": "ok",
"data": {
"scope": "openid",
"access_token": "e88b9739-ab60-4170-ac53-ad5dfb2a1d8d",
"expires_in": 299,
"refresh_token": null
}
}
Introspect Access Token#
Introspect Access Token using oxd-server
public ActionResult IntrospectAccessToken(string oxdHost, int oxdPort, string oxd_id, string access_token)
{
var introspectAccessTokenParams = new IntrospectAccessTokenParams()
{
OxdId = oxd_id,
AccessToken = access_token
};
var introspectAccessTokenClient = new IntrospectAccessTokenClient();
var introspectAccessTokenResponse = new IntrospectAccessTokenResponse();
introspectAccessTokenResponse = introspectAccessTokenClient.IntrospectAccessToken(oxdHost, oxdPort, introspectAccessTokenParams);
return Json(new { status = introspectAccessTokenResponse.Status });
}
Introspect Access Token using oxd-https-extension
public ActionResult IntrospectAccessToken(string oxdHttpsUrl, string oxd_id, string access_token)
{
var introspectAccessTokenParams = new IntrospectAccessTokenParams()
{
OxdId = oxd_id,
AccessToken = access_token
};
var introspectAccessTokenClient = new IntrospectAccessTokenClient();
var introspectAccessTokenResponse = new IntrospectAccessTokenResponse();
introspectAccessTokenResponse = introspectAccessTokenClient.IntrospectAccessToken(oxdHttpsUrl, introspectAccessTokenParams);
return Json(new { status = introspectAccessTokenResponse.Status });
}
Response:
{
"status":"ok",
"data":{
"active": true,
"client_id": "l238j323ds-23ij4",
"username": "John Black",
"scopes": ["read", "write"],
"token_type":"bearer"
"sub": "jblack",
"aud": "l238j323ds-23ij4",
"iss": "https://as.gluu.org/",
"exp": 1419356238,
"iat": 1419350238,
"acr_values": ["basic","duo"],
"jti": null
}
}
Register Site#
!!! Note:
The Register Site endpoint is not required if client is registered using Setup Client
Register Site using oxd-server
public ActionResult RegisterSite(string oxdHost, int oxdPort, string OpHost, string redirectUrl)
{
//prepare input params for Client Registration
var registerSiteInputParams = new RegisterSiteParams()
{
AuthorizationRedirectUri = redirectUrl,
OpHost = OpHost,
ClientName = "<Your Client Name>",
Scope = new List<string> { "openid", "profile", "email" }
};
var registerSiteClient = new RegisterSiteClient();
var registerSiteResponse = new RegisterSiteResponse();
registerSiteResponse = registerSiteClient.RegisterSite(oxdHost, oxdPort, registerSiteInputParams);
//Response
return Json(new { oxdId = registerSiteResponse.Data.OxdId });
}
Register Site using oxd-https-extension
public ActionResult RegisterSite(string oxdHttpsUrl, string OpHost, string redirectUrl, string protectionAccessToken)
{
//prepare input params for Client Registration
var registerSiteInputParams = new RegisterSiteParams()
{
AuthorizationRedirectUri = redirectUrl,
OpHost = OpHost,
ClientName = "<Your Client Name>",
Scope = new List<string> { "openid", "profile", "email" },
ProtectionAccessToken = protectionAccessToken
};
var registerSiteClient = new RegisterSiteClient();
var registerSiteResponse = new RegisterSiteResponse();
registerSiteResponse = registerSiteClient.RegisterSite(oxdHttpsUrl, registerSiteInputParams);
//Response
return Json(new { oxdId = registerSiteResponse.Data.OxdId });
}
Response:
{
"status":"ok",
"data":{
"oxd_id":"6F9619FF-8B86-D011-B42D-00CF4FC964FF"
}
}
Update Site#
Update Site using oxd-server
public ActionResult Update(string oxdHost, int oxdPort, string oxdId, string postLogoutRedirectUrl)
{
//prepare input params for Update Site Registration
var updateSiteInputParams = new UpdateSiteParams()
{
OxdId = oxdId,
Contacts = new List<string> { "support@email.com" },
PostLogoutRedirectUri = postLogoutRedirectUrl
};
var updateSiteClient = new UpdateSiteRegistrationClient();
var updateSiteResponse = new UpdateSiteResponse();
updateSiteResponse = updateSiteClient.UpdateSiteRegistration(oxdHost, oxdPort, updateSiteInputParams);
//Response
return Json(new { status = updateSiteResponse.Status });
}
Update Site using oxd-https-extension
public ActionResult Update(string oxdHttpsUrl, string oxdId, string postLogoutRedirectUrl, string protectionAccessToken)
{
//prepare input params for Update Site Registration
var updateSiteInputParams = new UpdateSiteParams()
{
OxdId = oxdId,
Contacts = new List<string> { "support@email.com" },
PostLogoutRedirectUri = postLogoutRedirectUrl,
ProtectionAccessToken = protectionAccessToken
};
var updateSiteClient = new UpdateSiteRegistrationClient();
var updateSiteResponse = new UpdateSiteResponse();
updateSiteResponse = updateSiteClient.UpdateSiteRegistration(oxdHttpsUrl, updateSiteInputParams);
//Response
return Json(new { status = updateSiteResponse.Status });
}
Response:
{
"status":"ok"
}
Remove Site#
Remove Site using oxd-server
public ActionResult RemoveSite(string oxdHost, int oxdPort, string oxd_id)
{
var removeSiteInputParams = new RemoveSiteParams();
{
OxdId = oxd_id
};
var removeSiteClient = new RemoveSiteClient();
var removeSiteResponse = new RemoveSiteResponse();
removeSiteResponse = removeSiteClient.RemoveSite(oxdHost, oxdPort, removeSiteInputParams);
return Json(new { status = removeSiteResponse.Status });
}
Remove Site using oxd-https-extension
public ActionResult RemoveSite(string oxdHttpsUrl, string oxd_id, string protectionAccessToken)
{
var removeSiteInputParams = new RemoveSiteParams();
{
OxdId = oxd_id,
ProtectionAccessToken = protectionAccessToken
};
var removeSiteClient = new RemoveSiteClient();
var removeSiteResponse = new RemoveSiteResponse();
removeSiteResponse = removeSiteClient.RemoveSite(oxdHttpsUrl, removeSiteInputParams);
return Json(new { status = removeSiteResponse.Status });
}
Response:
{
"status":"ok",
"data": {
"oxd_id": "bcad760f-91ba-46e1-a020-05e4281d91b6"
}
}
Get Authorization URL#
Get Authorization URL using oxd-server
public ActionResult GetAuthorizationURL(string oxdHost, int oxdPort, string oxdId, dictionary<string, string> customParams)
{
//prepare input params for Getting Auth URL from a site
var getAuthUrlInputParams = new GetAuthorizationUrlParams()
{
OxdId = oxdId,
CustomParams = customParams
};
var getAuthUrlClient = new GetAuthorizationUrlClient();
var getAuthUrlResponse = new GetAuthorizationUrlResponse();
getAuthUrlResponse = getAuthUrlClient.GetAuthorizationURL(oxdHost, oxdPort, getAuthUrlInputParams);
//Response
return Json(new { authUrl = getAuthUrlResponse.Data.AuthorizationUrl });
}
Get Authorization URL using oxd-https-extension
public ActionResult GetAuthorizationURL(string oxdHttpsUrl, string oxdId, dictionary<string, string> customParams, string protectionAccessToken)
{
//prepare input params for Getting Auth URL from a site
var getAuthUrlInputParams = new GetAuthorizationUrlParams()
{
OxdId = oxdId,
CustomParams = customParams,
ProtectionAccessToken = protectionAccessToken
};
var getAuthUrlClient = new GetAuthorizationUrlClient();
var getAuthUrlResponse = new GetAuthorizationUrlResponse();
getAuthUrlResponse = getAuthUrlClient.GetAuthorizationURL(oxdHttpsUrl, getAuthUrlInputParams);
//Response
return Json(new { authUrl = getAuthUrlResponse.Data.AuthorizationUrl });
}
Response:
{
"status":"ok",
"data":{
"authorization_url":"https://client.example.com/authorize?response_type=code&client_id=s6BhdRkqt3&redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb&scope=openid%20profile&acr_values=duo&state=af0ifjsldkj&nonce=n-0S6_WzA2Mj¶m2=value2¶m1=value1"
}
}
Get Tokens by Code#
Get Tokens by Code using oxd-server
public ActionResult GetTokenByCode(string oxdHost, int oxdPort, string oxdId, string authCode, string authState)
{
//prepare input params for Getting Tokens from a site
var getTokenByCodeInputParams = new GetTokensByCodeParams()
{
OxdId = oxdId,
Code = authCode,
State = authState
};
var getTokenByCodeClient = new GetTokensByCodeClient();
var getTokensByCodeResponse = new GetTokensByCodeResponse();
getTokensByCodeResponse = getTokenByCodeClient.GetTokensByCode(oxdHost, oxdPort, getTokenByCodeInputParams);
//Response
return Json(new { accessToken = getTokensByCodeResponse.Data.AccessToken, refreshToken = getTokensByCodeResponse.Data.RefreshToken });
}
Get Tokens by Code using oxd-https-extension
public ActionResult GetTokenByCode( string oxdHttpsUrl, string oxdId, string authCode, string authState, string protectionAccessToken)
{
//prepare input params for Getting Tokens from a site
var getTokenByCodeInputParams = new GetTokensByCodeParams()
{
OxdId = oxdId,
Code = authCode,
State = authState,
ProtectionAccessToken = protectionAccessToken
};
var getTokenByCodeClient = new GetTokensByCodeClient();
var getTokensByCodeResponse = new GetTokensByCodeResponse();
getTokensByCodeResponse = getTokenByCodeClient.GetTokensByCode(oxdHttpsUrl, getTokenByCodeInputParams);
//Response
return Json(new { accessToken = getTokensByCodeResponse.Data.AccessToken, refreshToken = getTokensByCodeResponse.Data.RefreshToken });
}
Response:
{
"status":"ok",
"data":{
"access_token":"SlAV32hkKG",
"expires_in":3600,
"refresh_token":"aaAV32hkKG1"
"id_token":"eyJ0 ... NiJ9.eyJ1c ... I6IjIifX0.DeWt4Qu ... ZXso",
"id_token_claims": {
"iss": "https://client.example.com",
"sub": "24400320",
"aud": "s6BhdRkqt3",
"nonce": "n-0S6_WzA2Mj",
"exp": 1311281970,
"iat": 1311280970,
"at_hash": "MTIzNDU2Nzg5MDEyMzQ1Ng"
}
}
}
Get Access Token by Refresh Token#
Get Access Token by Refresh Token using oxd-server
public ActionResult GetAccessTokenByRefreshToken(string oxdHost, int oxdPort, string oxdId, string refreshToken)
{
//prepare input params for Getting Tokens from a site
var getAccessTokenByRefreshTokenInputParams = new GetAccessTokenByRefreshTokenParams()
{
OxdId = oxdId,
RefreshToken = refreshToken
};
var getTokenByCodeClient = new GetTokensByCodeClient();
var getAccessTokenByRefreshTokenResponse = new GetAccessTokenByRefreshTokenResponse();
getAccessTokenByRefreshTokenResponse = getAccessTokenByRefreshTokenClient.GetAccessTokenByRefreshToken(oxdHost, oxdPort, getAccessTokenByRefreshTokenInputParams);
//Response
return Json(new { accessToken = getAccessTokenByRefreshTokenResponse.Data.AccessToken, refreshToken = getAccessTokenByRefreshTokenResponse.Data.RefreshToken });
}
Get Access Token by Refresh Token using oxd-https-extension
public ActionResult GetAccessTokenByRefreshToken(string oxdHttpsUrl, string oxdId, string refreshToken, string protectionAccessToken)
{
//prepare input params for Getting Tokens from a site
var getAccessTokenByRefreshTokenInputParams = new GetAccessTokenByRefreshTokenParams()
{
OxdId = oxdId,
RefreshToken = refreshToken,
ProtectionAccessToken = protectionAccessToken
};
var getTokenByCodeClient = new GetTokensByCodeClient();
var getAccessTokenByRefreshTokenResponse = new GetAccessTokenByRefreshTokenResponse();
getAccessTokenByRefreshTokenResponse = getAccessTokenByRefreshTokenClient.GetAccessTokenByRefreshToken(oxdHttpsUrl, getAccessTokenByRefreshTokenInputParams);
//Response
return Json(new { accessToken = getAccessTokenByRefreshTokenResponse.Data.AccessToken, refreshToken = getAccessTokenByRefreshTokenResponse.Data.RefreshToken });
}
Response:
{
"status": "ok",
"data": {
"scope": "openid",
"access_token": "35bedaf4-88e3-4d64-86b9-e59eb0ebde75",
"expires_in": 299,
"refresh_token": "f687fb69-aa77-4a1e-a730-55f296ffa074"
}
}
Get User Info#
Get User Info using oxd-server
public ActionResult GetUserInfo(string oxdHost, int oxdPort, string oxdId, string accessToken)
{
//prepare input params for Getting User Info from a site
var getUserInfoInputParams = new GetUserInfoParams()
{
OxdId = oxdId,
AccessToken = accessToken
};
var getUserInfoClient = new GetUserInfoClient();
var getUserInfoResponse = new GetUserInfoResponse();
getUserInfoResponse = getUserInfoClient.GetUserInfo(oxdHost, oxdPort, getUserInfoInputParams);
//Response
var userName = getUserInfoResponse.Data.UserClaims.Name.First();
var userEmail = getUserInfoResponse.Data.UserClaims.Email == null ? string.Empty : getUserInfoResponse.Data.UserClaims.Email.FirstOrDefault();
return Json(new { userName = userName, userEmail = userEmail });
}
Get User Info using oxd-https-extension
public ActionResult GetUserInfo(string oxdHttpsUrl, string oxdId, string accessToken, string protectionAccessToken)
{
//prepare input params for Getting User Info from a site
var getUserInfoInputParams = new GetUserInfoParams()
{
OxdId = oxdId,
AccessToken = accessToken,
ProtectionAccessToken = protectionAccessToken
};
var getUserInfoClient = new GetUserInfoClient();
var getUserInfoResponse = new GetUserInfoResponse();
getUserInfoResponse = getUserInfoClient.GetUserInfo(oxdHttpsUrl, getUserInfoInputParams);
//Response
var userName = getUserInfoResponse.Data.UserClaims.Name.First();
var userEmail = getUserInfoResponse.Data.UserClaims.Email == null ? string.Empty : getUserInfoResponse.Data.UserClaims.Email.FirstOrDefault();
return Json(new { userName = userName, userEmail = userEmail });
}
Response:
{
"status":"ok",
"data":{
"claims":{
"sub": ["248289761001"],
"name": ["Jane Doe"],
"given_name": ["Jane"],
"family_name": ["Doe"],
"preferred_username": ["j.doe"],
"email": ["janedoe@example.com"],
"picture": ["http://example.com/janedoe/me.jpg"]
}
}
}
Get Logout URI#
Get Logout URI using oxd-server
public ActionResult GetLogoutUrl(string oxdHost, int oxdPort, string oxdId)
{
//prepare input params for Getting Logout URI from a site
var getLogoutUriInputParams = new GetLogoutUrlParams()
{
OxdId = oxdId
};
var getLogoutUriClient = new GetLogoutUriClient();
var getLogoutUriResponse = new GetLogoutUriResponse();
getLogoutUriResponse = getLogoutUriClient.GetLogoutURL(oxdHost, oxdPort, getLogoutUriInputParams);
//Response
return Json(new { logoutUri = getLogoutUriResponse.Data.LogoutUri });
}
Get Logout URI using oxd-https-extension
public ActionResult GetLogoutUrl(string oxdHttpsUrl, string oxdId, string protectionAccessToken)
{
//prepare input params for Getting Logout URI from a site
var getLogoutUriInputParams = new GetLogoutUrlParams()
{
OxdId = oxdId,
ProtectionAccessToken = protectionAccessToken
};
var getLogoutUriClient = new GetLogoutUriClient();
var getLogoutUriResponse = new GetLogoutUriResponse();
getLogoutUriResponse = getLogoutUriClient.GetLogoutURL(oxdHttpsUrl, getLogoutUriInputParams);
//Response
return Json(new { logoutUri = getLogoutUriResponse.Data.LogoutUri });
}
Response:
{
"status":"ok",
"data":{
"uri":"https://<server>/end_session?id_token_hint=<id token>&state=<state>&post_logout_redirect_uri=<...>"
}
}
UMA RS Protect#
RS Protect using oxd-server
public ActionResult ProtectResources(string oxdHost, int oxdPort, string oxdId)
{
//prepare input params for Protect Resource
var protectParams = new UmaRsProtectParams()
{
OxdId = oxdId,
Overwrite = true,
ProtectResources = new List<ProtectResource>
{
new ProtectResource
{
Path = "/scim",
ProtectConditions = new List<ProtectCondition>
{
new ProtectCondition
{
HttpMethods = new List<string> { "GET" },
Scopes = new List<string> { "https://scim-test.gluu.org/identity/seam/resource/restv1/scim/vas1" },
TicketScopes = new List<string> { "https://scim-test.gluu.org/identity/seam/resource/restv1/scim/vas1" }
}
}
}
}
};
var protectClient = new UmaRsProtectClient();
var protectResponse = new UmaRsProtectResponse();
protectResponse = protectClient.ProtectResources(oxdHost, oxdPort, protectParams);
return Json(new { Response = protectResponse.Status });
}
RS Protect with scope_expression using oxd-server
public ActionResult ProtectResources(string oxdHost, int oxdPort, string oxd_id)
{
var protectParams = new UmaRsProtectParams()
{
OxdId = oxd_id,
Overwrite = true,
ProtectResources = new List<ProtectResource>
{
new ProtectResource
{
Path = "/photo",
ProtectConditions = new List<ProtectCondition>
{
new ProtectCondition
{
HttpMethods = new List<string> { "GET" },
ScopeExpressions = new ScopeExpression
{
Rule = JsonConvert.DeserializeObject("{'and':[{'or':[{'var':0},{'var':1}]},{'var':2}]}"),
Data = new List<string>{"http://photoz.example.com/dev/actions/all","http://photoz.example.com/dev/actions/add","http://photoz.example.com/dev/actions/internalClient" }
}
}
}
}
}
};
var protectClient = new UmaRsProtectClient();
var protectResponse = new UmaRsProtectResponse();
protectResponse = protectClient.ProtectResources(oxdHost, oxdPort, protectParams);
return Json(new { Response = protectResponse.Status });
}
RS Protect using oxd-https-extension
public ActionResult ProtectResources(string oxdHttpsUrl, string oxdId, string protectionAccessToken)
{
//prepare input params for Protect Resource
var protectParams = new UmaRsProtectParams()
{
OxdId = oxdId,
Overwrite = true,
ProtectResources = new List<ProtectResource>
{
new ProtectResource
{
Path = "/scim",
ProtectConditions = new List<ProtectCondition>
{
new ProtectCondition
{
HttpMethods = new List<string> { "GET" },
Scopes = new List<string> { "https://scim-test.gluu.org/identity/seam/resource/restv1/scim/vas1" },
TicketScopes = new List<string> { "https://scim-test.gluu.org/identity/seam/resource/restv1/scim/vas1" }
}
}
}
},
ProtectionAccessToken = protectionAccessToken
};
var protectClient = new UmaRsProtectClient();
var protectResponse = new UmaRsProtectResponse();
protectResponse = protectClient.ProtectResources(oxdHttpsUrl, protectParams);
return Json(new { Response = protectResponse.Status });
}
RS Protect with scope_expression using oxd-https-extension
public ActionResult ProtectResources(string oxdHttpsUrl, string oxd_id, string protectionAccessToken)
{
var protectParams = new UmaRsProtectParams()
{
OxdId = oxd_id,
Overwrite = true,
ProtectResources = new List<ProtectResource>
{
new ProtectResource
{
Path = "/photo",
ProtectConditions = new List<ProtectCondition>
{
new ProtectCondition
{
HttpMethods = new List<string> { "GET" },
ScopeExpressions = new ScopeExpression
{
Rule = JsonConvert.DeserializeObject("{'and':[{'or':[{'var':0},{'var':1}]},{'var':2}]}"),
Data = new List<string>{"http://photoz.example.com/dev/actions/all","http://photoz.example.com/dev/actions/add","http://photoz.example.com/dev/actions/internalClient" }
}
}
}
}
},
ProtectionAccessToken = protectionAccessToken
};
var protectClient = new UmaRsProtectClient();
var protectResponse = new UmaRsProtectResponse();
protectResponse = protectClient.ProtectResources(oxdHttpsUrl, protectParams);
return Json(new { Response = protectResponse.Status });
}
Response:
{
"status":"ok"
}
UMA RS Check Access#
Check Access using oxd-server
public ActionResult CheckAccess(string oxdHost, int oxdPort, string oxdId, string rpt)
{
//prepare input params for Check Access
var checkAccessParams = new UmaRsCheckAccessParams()
{
OxdId = oxdId,
RPT = rpt,
Path = "/scim",
HttpMethod = "GET"
};
var checkAccessClient = new UmaRsCheckAccessClient();
var checkAccessResponse = new UmaRsCheckAccessResponse();
checkAccessResponse = checkAccessClient.CheckAccess(oxdHost, oxdPort, checkAccessParams);
if (checkAccessResponse.Status.ToLower().Equals("ok"))
{
return Json(new { Response = JsonConvert.SerializeObject(checkAccessResponse.Data) });
}
}
Check Access using oxd-https-extension
public ActionResult CheckAccess( string oxdHttpsUrl, string oxdId, string rpt, string protectionAccessToken)
{
//prepare input params for Check Access
var checkAccessParams = new UmaRsCheckAccessParams()
{
OxdId = oxdId,
RPT = rpt,
Path = "/scim",
HttpMethod = "GET",
ProtectionAccessToken = protectionAccessToken
};
var checkAccessClient = new UmaRsCheckAccessClient();
var checkAccessResponse = new UmaRsCheckAccessResponse();
checkAccessResponse = checkAccessClient.CheckAccess(oxdHttpsUrl, checkAccessParams);
if (checkAccessResponse.Status.ToLower().Equals("ok"))
{
return Json(new { Response = JsonConvert.SerializeObject(checkAccessResponse.Data) });
}
}
Response:
Access Granted Response:
{
"status":"ok",
"data":{
"access":"granted"
}
}
Access Denied with Ticket Response:
{
"status":"ok",
"data":{
"access":"denied"
"www-authenticate_header":"UMA realm=\"example\",
as_uri=\"https://as.example.com\",
error=\"insufficient_scope\",
ticket=\"016f84e8-f9b9-11e0-bd6f-0021cc6004de\"",
"ticket":"016f84e8-f9b9-11e0-bd6f-0021cc6004de"
}
}
Access Denied without Ticket Response:
{
"status":"ok",
"data":{
"access":"denied"
}
}
Resource is not Protected:
{
"status":"error",
"data":{
"error":"invalid_request",
"error_description":"Resource is not protected. Please protect your resource first with uma_rs_protect command."
}
}
UMA Introspect RPT#
Introspect RPT using oxd-server
public ActionResult IntrospectRPT(string oxdHost, int oxdPort, string oxd_id, string rpt)
{
var umaIntrospectRptParams = new UmaIntrospectRptParams()
{
OxdId = oxd_id,
RPT = rpt
};
var umaIntrospectRptClient = new UmaIntrospectRptClient();
var umaIntrospectRptResponse = new UmaIntrospectRptResponse();
umaIntrospectRptResponse = umaIntrospectRptClient.IntrospectRpt(oxdHost, oxdPort, umaIntrospectRptParams);
return Json(new { Response = umaIntrospectRptResponse.Data });
}
Introspect RPT using oxd-https-extension
public ActionResult IntrospectRPT(string oxdHttpsUrl, string oxd_id, string rpt)
{
var umaIntrospectRptParams = new UmaIntrospectRptParams()
{
OxdId = oxd_id,
RPT = rpt
};
var umaIntrospectRptClient = new UmaIntrospectRptClient();
var umaIntrospectRptResponse = new UmaIntrospectRptResponse();
umaIntrospectRptResponse = umaIntrospectRptClient.IntrospectRpt(oxdHttpsUrl, umaIntrospectRptParams);
return Json(new { Response = umaIntrospectRptResponse.Data });
}
Response:
{
"status":"ok",
"data":{
"active":true,
"exp":1256953732,
"iat":1256912345,
"permissions":[
{
"resource_id":"112210f47de98100",
"resource_scopes":[
"view",
"http://photoz.example.com/dev/actions/print"
],
"exp":1256953732
}
]
}
}
UMA RP Get RPT#
RP Get RPT using oxd-server
public ActionResult ObtainRpt(string oxdHost, int oxdPort, string oxdId, string ticket, string pct, string rpt )
{
//prepare input params for Protect Resource
var getRptParams = new UmaRpGetRptParams()
{
getRptParams.OxdId = oxdId,
getRptParams.ticket = ticket
};
var getRptClient = new UmaRpGetRptClient();
var getRptResponse = new GetRPTResponse();
getRptResponse = getRptClient.GetRPT(oxdHost, oxdPort, getRptParams);
//process response
if (getRptResponse.Status.ToLower().Equals("ok"))
{
return Json(new { Response = JsonConvert.SerializeObject(getRptResponse.Data) });
}
}
RP Get RPT using oxd-https-extension
public ActionResult ObtainRpt(string oxdHttpsUrl, string oxdId, string ticket, string protectionAccessToken, , string pct, string rpt)
{
//prepare input params for Protect Resource
var getRptParams = new UmaRpGetRptParams()
{
getRptParams.OxdId = oxdId,
getRptParams.ticket = ticket,
ProtectionAccessToken = protectionAccessToken
};
var getRptClient = new UmaRpGetRptClient();
var getRptResponse = new GetRPTResponse();
getRptResponse = getRptClient.GetRPT(oxdHttpsUrl, getRptParams);
//process response
if (getRptResponse.Status.ToLower().Equals("ok"))
{
return Json(new { Response = JsonConvert.SerializeObject(getRptResponse.Data) });
}
}
Response:
Success Response:
{
"status":"ok",
"data":{
"access_token":"SSJHBSUSSJHVhjsgvhsgvshgsv",
"token_type":"Bearer",
"pct":"c2F2ZWRjb25zZW50",
"upgraded":true
}
}
Needs Information Error Response:
{
"status":"error",
"data":{
"error":"need_info",
"error_description":"The authorization server needs additional information in order to determine whether the client is authorized to have these permissions.",
"details": {
"error":"need_info",
"ticket":"ZXJyb3JfZGV0YWlscw==",
"required_claims":[
{
"claim_token_format":[
"http://openid.net/specs/openid-connect-core-1_0.html#IDToken"
],
"claim_type":"urn:oid:0.9.2342.19200300.100.1.3",
"friendly_name":"email",
"issuer":["https://example.com/idp"],
"name":"email23423453ou453"
}
],
"redirect_user":"https://as.example.com/rqp_claims?id=2346576421"
}
}
}
Invalid Ticket Error Response:
{
"status":"error",
"data":{
"error":"invalid_ticket",
"error_description":"Ticket is not valid (outdated or not present on Authorization Server)."
}
}
UMA RP Get Claims Gathering URL#
RP Get Claims Gathering URL using oxd-server
public ActionResult GetClaimsGatheringUrl(string oxdHost, int oxdPort, string oxdId, string ticket)
{
//prepare input params for Check Access
var getClaimsGatheringUrlParams = new UmaRpGetClaimsGatheringUrlParams()
{
OxdId = oxdId,
Ticket = ticket,
ClaimsRedirectURI = "https://client.example.com"
};
var getClaimsGatheringUrlClient = new UmaRpGetClaimsGatheringUrlClient();
var getClaimsGatheringUrlResponse = new UmaRpGetClaimsGatheringUrlResponse();
getClaimsGatheringUrlResponse = getClaimsGatheringUrlClient.GetClaimsGatheringUrl(oxdHost, oxdPort, getClaimsGatheringUrlParams);
//process response
return Json(new { Response = JsonConvert.SerializeObject(getClaimsGatheringUrlResponse.Data) });
}
RP Get Claims Gathering URL using oxd-https-extension
public ActionResult GetClaimsGatheringUrl( string oxdHttpsUrl, string oxdId, string ticket, string protectionAccessToken)
{
//prepare input params for Check Access
var getClaimsGatheringUrlParams = new UmaRpGetClaimsGatheringUrlParams()
{
OxdId = oxdId,
Ticket = ticket,
ClaimsRedirectURI = "https://client.example.com",
ProtectionAccessToken = protectionAccessToken
};
var getClaimsGatheringUrlClient = new UmaRpGetClaimsGatheringUrlClient();
var getClaimsGatheringUrlResponse = new UmaRpGetClaimsGatheringUrlResponse();
getClaimsGatheringUrlResponse = getClaimsGatheringUrlClient.GetClaimsGatheringUrl(oxdHttpsUrl, getClaimsGatheringUrlParams);
//process response
return Json(new { Response = JsonConvert.SerializeObject(getClaimsGatheringUrlResponse.Data) });
}
Response:
{
"status":"ok",
"data":{
"url":"https://as.com/restv1/uma/gather_claims
?client_id=@!1736.179E.AA60.16B2!0001!8F7C.B9AB!0008!AB77!1A2B
&ticket=4678a107-e124-416c-af79-7807f3c31457
&claims_redirect_uri=https://client.example.com/cb
&state=af0ifjsldkj",
"state":"af0ifjsldkj"
}
}
Example#
- The
GluuDemoWebsitedirectory contains apps and scripts written using oxd-Csharp for OpenID Connect and UM RP Client - The
UMAExampledirectory contains apps and scripts for UMA RS server
Support#
Please report technical issues and suspected bugs on our Support Page.