Temp save

Author: justinyoo

src/Aliencube.Azure.Extensions.EasyAuth.Emulator/Components/Pages/EasyAuthLogin.razor

@@ -1,4 +1,4 @@
-@page "/.auth/login/{authenticationType}"
+@page "/.auth/login/{identityProvider}"
 @inject IEasyAuthService EasyAuthService
 @inject NavigationManager NavigationManager
 @rendermode @(new InteractiveServerRenderMode(prerender: false))
@@ -12,7 +12,7 @@
             <div class="row mb-3">
                 <label class="form-label col-2 text-end" for="authentication-type">Provider</label>
                 <div class="col-10">
-                    <input type="text" class="form-control" id="authentication-type" placeholder="Choose an auth provider" value="@AuthenticationType" disabled>
+                    <input type="text" class="form-control" id="authentication-type" placeholder="Choose an auth provider" value="@IdentityProvider" disabled>
                     <small class="form-text text-muted">Name of the identity provider</small>
                 </div>
             </div>
@@ -70,29 +70,39 @@
     private string? UserClaims { get; set; }
 
     [Parameter]
-    public string? AuthenticationType { get; set; }
+    public string? IdentityProvider { get; set; }
+
+    [CascadingParameter]
+    private HttpContext? HttpContext { get; set; }
 
     protected override async Task OnInitializedAsync()
     {
         this.UserId = this.EasyAuthService.UserId.ToString("N");
         this.Username = string.Empty;
         this.UserRoles = this.ParseUserRoles(this.EasyAuthService.UserRoles);
-        this.UserClaims = this.ParseUserClaims(await this.EasyAuthService.GetUserClaims(this.AuthenticationType));
+        this.UserClaims = this.ParseUserClaims(await this.EasyAuthService.GetUserClaims(this.IdentityProvider));
 
         await Task.CompletedTask;
     }
 
     protected async Task LoginAsync()
     {
-        this.NavigationManager.NavigateTo("/.auth/login/done");
+        var signedIn = await this.EasyAuthService.UserSignInAsync(this.HttpContext, this.IdentityProvider, this.UserId, this.Username, this.UserRoles, this.UserClaims);
+
+        if (signedIn)
+        {
+            this.NavigationManager.NavigateTo("/.auth/login/done");
+        }
+
+        await Task.CompletedTask;
     }
 
     protected async Task ClearAsync()
     {
         this.UserId = this.EasyAuthService.UserId.ToString("N");
         this.Username = string.Empty;
         this.UserRoles = this.ParseUserRoles(this.EasyAuthService.UserRoles);
-        this.UserClaims = this.ParseUserClaims(await this.EasyAuthService.GetUserClaims(this.AuthenticationType));
+        this.UserClaims = this.ParseUserClaims(await this.EasyAuthService.GetUserClaims(this.IdentityProvider));
 
         await Task.CompletedTask;
     }

src/Aliencube.Azure.Extensions.EasyAuth.Emulator/Models/IdentityProviderType.cs

@@ -0,0 +1,13 @@
+namespace Aliencube.Azure.Extensions.EasyAuth.Emulator.Models;
+
+public enum IdentityProviderType
+{
+    None,
+    Apple,
+    EntraID,
+    Facebook,
+    GitHub,
+    Google,
+    OpenIDConnect,
+    Twitter,
+}

src/Aliencube.Azure.Extensions.EasyAuth.Emulator/Services/EasyAuthService.cs

@@ -1,23 +1,32 @@
+using System.Text;
 using System.Text.Json;
 
+using Aliencube.Azure.Extensions.EasyAuth.Emulator.Models;
+
 namespace Aliencube.Azure.Extensions.EasyAuth.Emulator.Services;
 
 public interface IEasyAuthService
 {
     JsonSerializerOptions JsonSerializerOptions { get; }
+
     Guid UserId { get; }
 
     IEnumerable<string> UserRoles { get; }
 
-    Task<IEnumerable<MsClientPrincipalClaim>> GetUserClaims(string? authenticationType);
+    Task<IEnumerable<MsClientPrincipalClaim>> GetUserClaims(string? identityProvider);
+
+    Task<bool> UserSignInAsync(HttpContext? context, string? identityProvider, string? userId, string? username, string? userRoles, string? userClaims);
 }
 
 public class EasyAuthService(UserIdGenerator userId) : IEasyAuthService
 {
     public JsonSerializerOptions JsonSerializerOptions { get; } = new() { WriteIndented = true };
+
     public Guid UserId { get; } = userId.Value;
+
     public IEnumerable<string> UserRoles { get; } = [ "User", "Admin" ];
-    public async Task<IEnumerable<MsClientPrincipalClaim>> GetUserClaims(string? authenticationType)
+
+    public async Task<IEnumerable<MsClientPrincipalClaim>> GetUserClaims(string? identityProvider)
     {
         var claims = new List<MsClientPrincipalClaim>()
         {
@@ -28,4 +37,90 @@ public async Task<IEnumerable<MsClientPrincipalClaim>> GetUserClaims(string? aut
 
         return await Task.FromResult(claims).ConfigureAwait(false);
     }
+
+    public async Task<bool> UserSignInAsync(HttpContext? context, string? identityProvider, string? userId, string? username, string? userRoles, string? userClaims)
+    {
+        var provider = ParseIdentityProvider(identityProvider);
+        if (provider == IdentityProviderType.None)
+        {
+            return await Task.FromResult(false).ConfigureAwait(false);
+        }
+
+        var clientPrincipal = provider switch
+        {
+            IdentityProviderType.EntraID => this.BuildEntraIDMsClientPrincipal(identityProvider, userId, username, userRoles, userClaims),
+            IdentityProviderType.GitHub => this.BuildGitHubMsClientPrincipal(identityProvider, userId, username, userRoles, userClaims),
+            _ => null,
+        };
+
+        context!.Response.Headers.Append("X-MS-CLIENT-PRINCIPAL-NAME", username!);
+        context!.Response.Headers.Append("X-MS-CLIENT-PRINCIPAL-ID", Guid.NewGuid().ToString());
+        context!.Response.Headers.Append("X-MS-CLIENT-PRINCIPAL-IDP", identityProvider!);
+
+        var serialised = JsonSerializer.Serialize(clientPrincipal, JsonSerializerOptions);
+        var encoded = Convert.ToBase64String(Encoding.UTF8.GetBytes(serialised));
+        context!.Response.Headers.Append("X-MS-CLIENT-PRINCIPAL", encoded);
+
+        return await Task.FromResult(true).ConfigureAwait(false);
+    }
+
+    private MsClientPrincipal BuildEntraIDMsClientPrincipal(string? identityProvider, string? userId, string? username, string? userRoles, string? userClaims)
+    {
+        var utcNow = DateTimeOffset.UtcNow;
+        var defaultClaims = new List<MsClientPrincipalClaim>()
+        {
+            new() { Type = "aud", Value = userId },
+            new() { Type = "iss", Value = "https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000/v2.0" },
+            new() { Type = "iat", Value = $"{utcNow.ToUnixTimeSeconds()}" },
+            new() { Type = "nbf", Value = $"{utcNow.ToUnixTimeSeconds()}" },
+            new() { Type = "nbf", Value = $"{utcNow.AddMinutes(90).ToUnixTimeSeconds()}" },
+            new() { Type = "aio", Value = $"{Convert.ToBase64String(Guid.NewGuid().ToByteArray())}" },
+            new() { Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", Value = username },
+            new() { Type = "http://schemas.microsoft.com/identity/claims/identityprovider", Value = "https://sts.windows.net/00000000-0000-0000-0000-000000000000/" },
+        };
+
+        var userRoleClaims = (userRoles?.Split('\n', StringSplitOptions.RemoveEmptyEntries) ?? []).Select(p => new MsClientPrincipalClaim() { Type = "roles", Value = p });
+        var userClaimClaims = JsonSerializer.Deserialize<IEnumerable<MsClientPrincipalClaim>>(userClaims ?? "[]", JsonSerializerOptions) ?? [];
+
+        var claims = new List<MsClientPrincipalClaim>();
+        claims.AddRange(defaultClaims);
+        if (userRoleClaims.Any() == true)
+        {
+            claims.AddRange(userRoleClaims);
+        }
+        if (userClaimClaims.Any() == true)
+        {
+            var userClaimClaimsWithoutUsername = userClaimClaims.Where(p => p.Type!.Equals("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", StringComparison.InvariantCultureIgnoreCase) != true);
+            claims.AddRange(userClaimClaimsWithoutUsername);
+        }
+        var principal = new MsClientPrincipal()
+        {
+            IdentityProvider = identityProvider,
+            NameClaimType = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
+            RoleClaimType = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role",
+            Claims = claims,
+        };
+
+        return principal;
+    }
+
+    private MsClientPrincipal BuildGitHubMsClientPrincipal(string? identityProvider, string? userId, string? username, string? userRoles, string? userClaims)
+    {
+        throw new NotImplementedException();
+    }
+
+    private static IdentityProviderType ParseIdentityProvider(string? identityProvider)
+    {
+        if (string.IsNullOrWhiteSpace(identityProvider) == true)
+        {
+            return IdentityProviderType.None;
+        }
+
+        if (identityProvider.Equals("aad", StringComparison.InvariantCultureIgnoreCase))
+        {
+            return IdentityProviderType.EntraID;
+        }
+
+        return Enum.TryParse<IdentityProviderType>(identityProvider, true, out var result) ? result : IdentityProviderType.None;
+    }
 }