From 9641250601b8cf60e5f3ca4bd22cbaf7362c8a5b Mon Sep 17 00:00:00 2001 From: Alex Klaus Date: Tue, 7 May 2024 16:29:58 +1000 Subject: [PATCH] Handle fake POST requests to `/signin-oidc` (#8) Added handling of fake POST requests to `/signin-oidc` --- .../AddAndConfigureAuthorisation.cs | 21 +++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/OpenIdDict.Server/Configuration/AddAndConfigureAuthorisation.cs b/OpenIdDict.Server/Configuration/AddAndConfigureAuthorisation.cs index 378af0a..f51d64e 100644 --- a/OpenIdDict.Server/Configuration/AddAndConfigureAuthorisation.cs +++ b/OpenIdDict.Server/Configuration/AddAndConfigureAuthorisation.cs @@ -1,12 +1,13 @@ -using Microsoft.Identity.Web; - using OpenIddict.Server; using OpenIddict.Validation.AspNetCore; -using AK.OAuthSamples.OpenIdDict.Server.Authorisation; - +using Microsoft.AspNetCore.Authentication; +using Microsoft.AspNetCore.Authentication.OpenIdConnect; using Microsoft.Extensions.Caching.Memory; using Microsoft.Extensions.DependencyInjection.Extensions; +using Microsoft.Identity.Web; + +using AK.OAuthSamples.OpenIdDict.Server.Authorisation; namespace AK.OAuthSamples.OpenIdDict.Server.Configuration; @@ -91,6 +92,18 @@ internal static IServiceCollection AddAndConfigureAuthorisation(this IServiceCol options.TenantId = settings.AzureAd.Tenant; options.ClientId = settings.AzureAd.ClientId; // Note: Scopes can be ignored if you need from MS a token_id only + + options.Events = new OpenIdConnectEvents + { // Incorrect /signin-oidc requests + OnRemoteFailure = async context => + { + // Without this handler an exception will be thrown on sending a simple `curl --request POST 'https://LOCALHOST/signin-oidc'` + // NOTE: Add logging of the exception to the log sink + await context.Request.HttpContext.ForbidAsync(); + await context.Response.WriteAsync("Incorrect response from Azure AD"); + context.HandleResponse(); + } + }; }); return services; }