davidfowl · April 23, 2020 18:03
diff --git a/oidc.cs b/oidc.cs
 services.AddOptions<OpenIdConnectOptions>()
        .Configure<IOIDCPipelineStore, IHttpContextAccessor>((oidcPipelineStore, accessor, options) => 
        {
            options.ProtocolValidator = new MyOpenIdConnectProtocolValidator(oidcPipelineStore, accessor)
            {
                RequireTimeStampInNonce = false,
                RequireStateValidation = false,
                RequireNonce = true,
                NonceLifetime = TimeSpan.FromMinutes(15)
            };
        });

 public class MyOpenIdConnectProtocolValidator : OpenIdConnectProtocolValidator
 {
    private readonly IOIDCPipelineStore _oidcPipelineStore;
    private readonly IHttpContextAccessor _accessor;
    
    public MyOpenIdConnectProtocolValidator(IOIDCPipelineStore oidcPipelineStore, IHttpContextAccessor accessor)
    {
        _oidcPipelineStore = oidcPipelineStore;
        _accessor = accessor;
    }
    
    public override string GenerateNonce()
    {
        var oidcPipelineStore = _oidcPipelineStore;
        var httpContextAccessor = _accessor
        string nonce = httpContextAccessor.HttpContext.GetOIDCPipeLineKey();

        // This is bad, file an issue to support making this call to GenerateNonce async.
        var original = oidcPipelineStore.GetOriginalIdTokenRequestAsync(nonce).GetAwaiter().GetResult();

        if (original != null)
        {
          
            if (!string.IsNullOrWhiteSpace(original.Nonce))
            {
                return original.Nonce;
            }
        }

        nonce = Convert.ToBase64String(Encoding.UTF8.GetBytes(Guid.NewGuid().ToString() + Guid.NewGuid().ToString()));
        if (RequireTimeStampInNonce)
        {
            return DateTime.UtcNow.Ticks.ToString(CultureInfo.InvariantCulture) + "." + nonce;
        }

        return nonce;
    }
 }
	services.AddOptions<OpenIdConnectOptions>()
	.Configure<IOIDCPipelineStore, IHttpContextAccessor>((oidcPipelineStore, accessor, options) =>
	{
	options.ProtocolValidator = new MyOpenIdConnectProtocolValidator(oidcPipelineStore, accessor)
	{
	RequireTimeStampInNonce = false,
	RequireStateValidation = false,
	RequireNonce = true,
	NonceLifetime = TimeSpan.FromMinutes(15)
	};
	});

	public class MyOpenIdConnectProtocolValidator : OpenIdConnectProtocolValidator
	{
	private readonly IOIDCPipelineStore _oidcPipelineStore;
	private readonly IHttpContextAccessor _accessor;

	public MyOpenIdConnectProtocolValidator(IOIDCPipelineStore oidcPipelineStore, IHttpContextAccessor accessor)
	{
	_oidcPipelineStore = oidcPipelineStore;
	_accessor = accessor;
	}

	public override string GenerateNonce()
	{
	var oidcPipelineStore = _oidcPipelineStore;
	var httpContextAccessor = _accessor
	string nonce = httpContextAccessor.HttpContext.GetOIDCPipeLineKey();

	// This is bad, file an issue to support making this call to GenerateNonce async.
	var original = oidcPipelineStore.GetOriginalIdTokenRequestAsync(nonce).GetAwaiter().GetResult();

	if (original != null)
	{

	if (!string.IsNullOrWhiteSpace(original.Nonce))
	{
	return original.Nonce;
	}
	}

	nonce = Convert.ToBase64String(Encoding.UTF8.GetBytes(Guid.NewGuid().ToString() + Guid.NewGuid().ToString()));
	if (RequireTimeStampInNonce)
	{
	return DateTime.UtcNow.Ticks.ToString(CultureInfo.InvariantCulture) + "." + nonce;
	}

	return nonce;
	}
	}