Skip to content

Commit 5e7a36a

Browse files
committed
Triple token exchange
1 parent 25a7c16 commit 5e7a36a

2 files changed

Lines changed: 62 additions & 11 deletions

File tree

src/AasxServerBlazor/Shared/MainLayout.razor

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -184,9 +184,9 @@
184184
_input = CurrentValue;
185185
_role = string.Empty;
186186
}
187-
else if (CurrentValue == "cb" || (CurrentValue.Contains("CREDENTIALS-") && CurrentValue.Contains(".DAT")))
187+
else if (CurrentValue == "c" || (CurrentValue.Contains("CREDENTIALS-") && CurrentValue.Contains(".DAT")))
188188
{
189-
if (CurrentValue == "cb")
189+
if (CurrentValue == "c")
190190
{
191191
CurrentValue = "CREDENTIALS-BEARER.DAT";
192192
}

src/AasxServerStandardBib/Credentials.cs

Lines changed: 60 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -305,16 +305,31 @@ public static void bearerCheckAndInit(AasxCredentialsEntry c, AasxTaskService aa
305305
{
306306
exchange1 = c.parameters[3];
307307
}
308-
var target = "";
308+
var target1 = "";
309309
if (c.parameters.Count > 4)
310310
{
311-
target = c.parameters[4];
311+
target1 = c.parameters[4];
312312
}
313313
var exchange2 = "";
314314
if (c.parameters.Count > 5)
315315
{
316316
exchange2 = c.parameters[5];
317317
}
318+
var target2 = "";
319+
if (c.parameters.Count > 6)
320+
{
321+
target2 = c.parameters[6];
322+
}
323+
var exchange3 = "";
324+
if (c.parameters.Count > 7)
325+
{
326+
exchange3 = c.parameters[7];
327+
}
328+
var target3 = "";
329+
if (c.parameters.Count > 8)
330+
{
331+
target3 = c.parameters[8];
332+
}
318333

319334
if (!authServerEndPoint.EndsWith("/token"))
320335
{
@@ -572,10 +587,9 @@ public static void bearerCheckAndInit(AasxCredentialsEntry c, AasxTaskService aa
572587
{ "requested_token_type", "urn:ietf:params:oauth:token-type:access_token" },
573588
{ "subject_token", c.bearer }
574589
};
575-
if (target != "")
590+
if (target1 != "")
576591
{
577-
parameters.Add("audience", target);
578-
592+
parameters.Add("audience", target1);
579593
}
580594
var request = new HttpRequestMessage(HttpMethod.Post, exchange1)
581595
{
@@ -586,11 +600,12 @@ public static void bearerCheckAndInit(AasxCredentialsEntry c, AasxTaskService aa
586600
var response = client.SendAsync(request);
587601
var content = response.GetAwaiter().GetResult().Content.ContentToString();
588602

603+
c.bearer = "";
589604
doc = JsonDocument.Parse(content);
590605
if (doc.RootElement.TryGetProperty("access_token", out var tokenElement))
591606
{
592607
c.bearer = tokenElement.GetString();
593-
Console.WriteLine("token exchange " + c.bearer);
608+
Console.WriteLine("token exchange1 " + c.bearer);
594609
}
595610
}
596611

@@ -599,13 +614,48 @@ public static void bearerCheckAndInit(AasxCredentialsEntry c, AasxTaskService aa
599614
var handler = new HttpClientHandler { DefaultProxyCredentials = CredentialCache.DefaultCredentials };
600615
var client = new HttpClient(handler);
601616

617+
JsonDocument doc;
618+
var parameters = new Dictionary<string, string>
619+
{
620+
{ "grant_type", "urn:ietf:params:oauth:grant-type:token-exchange" },
621+
{ "subject_token_type", "urn:ietf:params:oauth:token-type:jwt" },
622+
{ "requested_token_type", "urn:ietf:params:oauth:token-type:access_token" },
623+
{ "subject_token", c.bearer }
624+
};
625+
if (target2 != "")
626+
{
627+
parameters.Add("audience", target2);
628+
}
629+
var request = new HttpRequestMessage(HttpMethod.Post, exchange2)
630+
{
631+
Content = new FormUrlEncodedContent(parameters)
632+
};
633+
request.Content.Headers.ContentType = new MediaTypeHeaderValue("application/x-www-form-urlencoded");
634+
635+
var response = client.SendAsync(request);
636+
var content = response.GetAwaiter().GetResult().Content.ContentToString();
637+
638+
c.bearer = "";
639+
doc = JsonDocument.Parse(content);
640+
if (doc.RootElement.TryGetProperty("access_token", out var tokenElement))
641+
{
642+
c.bearer = tokenElement.GetString();
643+
Console.WriteLine("token exchange2 " + c.bearer);
644+
}
645+
}
646+
647+
if (exchange3 != "" && c.bearer != null && c.bearer != "")
648+
{
649+
var handler = new HttpClientHandler { DefaultProxyCredentials = CredentialCache.DefaultCredentials };
650+
var client = new HttpClient(handler);
651+
602652
var service = "service-user-basyx";
603-
if (target == "assetfox")
653+
if (target3 == "assetfox")
604654
{
605655
service = "sts-client";
606656
}
607657
JsonDocument doc;
608-
var request = new HttpRequestMessage(HttpMethod.Post, exchange2)
658+
var request = new HttpRequestMessage(HttpMethod.Post, exchange3)
609659
{
610660
Content = new FormUrlEncodedContent(new Dictionary<string, string>
611661
{
@@ -620,11 +670,12 @@ public static void bearerCheckAndInit(AasxCredentialsEntry c, AasxTaskService aa
620670
var response = client.SendAsync(request);
621671
var content = response.GetAwaiter().GetResult().Content.ContentToString();
622672

673+
c.bearer = "";
623674
doc = JsonDocument.Parse(content);
624675
if (doc.RootElement.TryGetProperty("access_token", out var tokenElement))
625676
{
626677
c.bearer = tokenElement.GetString();
627-
Console.WriteLine("token exchange " + c.bearer);
678+
Console.WriteLine("token exchange3 " + c.bearer);
628679
}
629680
}
630681
}

0 commit comments

Comments
 (0)