/// <summary>
/// Creates a serialized and protected security token.
/// </summary>
/// <param name="token">The token.</param>
/// <returns>
/// A security token in serialized form
/// </returns>
/// <exception cref="System.InvalidOperationException">Invalid token type.</exception>
public virtual async Task <string> CreateSecurityTokenAsync(Token token)
{
if (token.Type == Constants.TokenTypes.AccessToken)
{
if (token.Client.AccessTokenType == AccessTokenType.Jwt)
{
Logger.Debug("Creating JWT access token");
return(await _signingService.SignTokenAsync(token));
}
Logger.Debug("Creating reference access token");
var handle = Guid.NewGuid().ToString("N");
await _tokenHandles.StoreAsync(handle, token);
return(handle);
}
if (token.Type == Constants.TokenTypes.IdentityToken)
{
Logger.Debug("Creating JWT identity token");
return(await _signingService.SignTokenAsync(token));
}
throw new InvalidOperationException("Invalid token type.");
}
/// <summary>
/// Creates a serialized and protected security token.
/// </summary>
/// <param name="token">The token.</param>
/// <returns>
/// A security token in serialized form
/// </returns>
/// <exception cref="System.InvalidOperationException">Invalid token type.</exception>
public virtual async Task <string> CreateSecurityTokenAsync(Token token)
{
string tokenResult;
if (token.Type == Constants.TokenTypes.AccessToken)
{
if (token.Client.AccessTokenType == AccessTokenType.Jwt)
{
_logger.LogVerbose("Creating JWT access token");
tokenResult = await _signingService.SignTokenAsync(token);
}
else
{
_logger.LogVerbose("Creating reference access token");
var handle = CryptoRandom.CreateUniqueId();
await _tokenHandles.StoreAsync(handle, token);
tokenResult = handle;
}
}
else if (token.Type == Constants.TokenTypes.IdentityToken)
{
_logger.LogVerbose("Creating JWT identity token");
tokenResult = await _signingService.SignTokenAsync(token);
}
else
{
throw new InvalidOperationException("Invalid token type.");
}
await _events.RaiseTokenIssuedEventAsync(token, tokenResult);
return(tokenResult);
}
public async Task <ValidationResult> Validate(NameValueCollection parameters, Client client)
{
Logger.Info("Start token request validation for appid with CPMS.");
string appId = parameters.Get(Constants.TokenRequest.AppId);
string publisherid = parameters.Get(Constants.TokenRequest.PublisherId);
if (appId != null)
{
var outputClaims = new List <Claim>
{
new Claim(Constants.ClaimTypes.ClientId, client.ClientId),
};
// add scope
outputClaims.Add(new Claim(Constants.ClaimTypes.Scope, Constants.StandardScopes.application));
outputClaims.Add(new Claim(Constants.ClaimTypes.Scope, "add"));
//add appid
outputClaims.Add(new Claim(Constants.ClaimTypes.Appid, appId));
var token = new Token(Constants.TokenTypes.AccessToken)
{
Audience = string.Format(Constants.AccessTokenAudience, _options.IssuerUri.EnsureTrailingSlash()),
Issuer = _options.IssuerUri,
Lifetime = client.AccessTokenLifetime,
Claims = outputClaims.Distinct(new ClaimComparer()).ToList(),
Client = client
};
string signedToken = await _signingService.SignTokenAsync(token);
string servicePublisherId = _requestValidatorHelper.CallServiceGet(signedToken, ConfigurationManager.AppSettings["cpmsuri"],
"publisher");
//if publisher id returned from CPMS is null then application
//doesn't belongs to specific user (just created application),or
//if publisher id returned from CPMS equals to parameter one
//which means application belongs to this specific user
if (servicePublisherId == null || servicePublisherId.Equals(publisherid, StringComparison.Ordinal))
{
return(Valid());
}
return(Invalid("Application Id is not valid"));
}
return(Valid());
}