Skip to content

Authentication

Matthias edited this page Apr 14, 2020 · 5 revisions

The logic for the authentication can be found here.

Authentication flow

  1. User wants to link the TimeCockpit account
  2. Server responds with an unique link
  3. User goes to the link and gets redirected to the TimeCockpit login
  4. User logs in
  5. Server receives the callback and saves the refresh token
  6. User can use the bot

TODO: Create an graph for that

Implementation

The entire process basically looks like this:

OIDC Code Grant Flow

Configuration

The ASP.NET configuration can be found in Startup.cs. There we have to set all the needed options to be able to use the existing ASP.NET wrappers around the code grant flow.

Requesting tokens

var refreshToken = await HttpContext.GetTokenAsync(CookieAuthenticationDefaults.AuthenticationScheme, "refresh_token");

Renewing the tokens

//
// Find the discovery endpoint
//
var discoveryResponse = await client.GetDiscoveryDocumentAsync("https://auth.timecockpit.com/");

//
// Send request to the auth endpoint
//
var response = await client.RequestRefreshTokenAsync(new RefreshTokenRequest
{
	Address = discoveryResponse.TokenEndpoint,
	ClientId = _configuration["TimeCockpit-ClientId"],
	ClientSecret = _configuration["TimeCockpit-ClientSecret"],
	Scope = "openid offline_access",
	RefreshToken = oldRefreshToken,
	ClientCredentialStyle = ClientCredentialStyle.AuthorizationHeader
});

// Could not renew the tokens
if (response.IsError)
{
	return default;
}

//
// Get the new access and refresh token
//
var accessToken = response.AccessToken;
var refreshToken = response.RefreshToken;

Resources

Clone this wiki locally