public override async Task GrantRefreshToken(OAuthGrantRefreshTokenContext context)
{
var identity = context.Ticket.Identity;
var id = identity.GetUserId();
var domain = identity.FindFirst("ac_domain");
var companyToken = identity.FindFirst("c_token");
Identity.AdobeConnectUser user = null;
using (Identity.AdobeConnectUserManager userManager = _userManagerFactory())
{
try
{
user = await userManager.RefreshSession(id, companyToken.Value, domain.Value, identity.Name);
_logger?.Info($"[GrantRefreshToken.AfterLogin] ACSession={user.AcSessionToken}");
}
catch (Exception ex)
{
// TODO: production-ready exceptions
context.SetError("server_error", ex.Message);
return;
}
}
if (user == null)
{
context.SetError("token_refresh_error", "User session has not been updated successfully.");
return;
}
// check for existing claim and remove it
var existingClaims = identity.Claims.Where(x => x.Type == "ac_session" || x.Type == ClaimTypes.Role);
foreach (var existingClaim in existingClaims)
{
identity.RemoveClaim(existingClaim);
}
identity.AddClaim(new Claim("ac_session", user.AcSessionToken));
if (user.Roles != null)
{
foreach (var role in user.Roles)
{
var roleClaim = new Claim(ClaimTypes.Role, role);
identity.AddClaim(roleClaim);
}
}
context.Validated(context.Ticket);
_logger?.Info($"[GrantRefreshToken.Success] PrincipalId={user.Id}, ACSession={context.Ticket.Identity.FindFirst("ac_session")}");
// return Task.FromResult<object>(null);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
using (Identity.AdobeConnectUserManager userManager = _userManagerFactory())
{
Identity.AdobeConnectUser user = null;
try
{
user = await userManager.FindAsync(context.UserName, context.Password);
}
catch (Exception ex)
{
// TODO: production-ready exceptions
context.SetError("server_error", ex.Message);
return;
}
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
ClaimsIdentity oAuthIdentity = await userManager.CreateIdentityAsync(user,
context.Options.AuthenticationType);
oAuthIdentity.AddClaim(new Claim("c_token", user.CompanyToken));
oAuthIdentity.AddClaim(new Claim("ac_domain", user.AcDomain));
oAuthIdentity.AddClaim(new Claim("ac_session", user.AcSessionToken));
if (user.Roles != null)
{
foreach (var role in user.Roles)
{
var roleClaim = new Claim(ClaimTypes.Role, role);
oAuthIdentity.AddClaim(roleClaim);
}
}
// cookie: ClaimsIdentity cookiesIdentity = await userManager.CreateIdentityAsync(user,
// cookie: CookieAuthenticationDefaults.AuthenticationType);
AuthenticationProperties properties = CreateProperties(user.UserName);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
_logger.Info($"[GrantResourceOwnerCredentials] PrincipalId={user.Id}, ACSession={context.Ticket.Identity.FindFirst("ac_session")}");
// cookie: context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
}
