Beispiel #1
0
        /// <summary>
        /// Refreshes an access token.
        /// </summary>
        /// <param name="refreshToken">The refresh token.</param>
        /// <returns>A token response.</returns>
        public async Task <RefreshTokenResult> RefreshTokenAsync(string refreshToken)
        {
            _logger.LogTrace("RefreshTokenAsync");

            await EnsureConfigurationAsync();

            var client   = TokenClientFactory.Create(_options);
            var response = await client.RequestRefreshTokenAsync(refreshToken);

            if (response.IsError)
            {
                return(new RefreshTokenResult {
                    Error = response.Error
                });
            }

            // validate token response
            var validationResult = await _processor.ValidateTokenResponseAsync(response, null, requireIdentityToken : _options.Policy.RequireIdentityTokenOnRefreshTokenResponse);

            if (validationResult.IsError)
            {
                return(new RefreshTokenResult {
                    Error = validationResult.Error
                });
            }

            return(new RefreshTokenResult
            {
                IdentityToken = response.IdentityToken,
                AccessToken = response.AccessToken,
                RefreshToken = response.RefreshToken,
                ExpiresIn = (int)response.ExpiresIn
            });
        }
Beispiel #2
0
        /// <summary>
        /// Refreshes an access token.
        /// </summary>
        /// <param name="refreshToken">The refresh token.</param>
        /// <param name="extraParameters">The extra parameters.</param>
        /// <returns>
        /// A token response.
        /// </returns>
        public virtual async Task <RefreshTokenResult> RefreshTokenAsync(string refreshToken, object extraParameters = null)
        {
            _logger.LogTrace("RefreshTokenAsync");

            await EnsureConfigurationAsync();

            var client   = TokenClientFactory.Create(_options);
            var response = await client.RequestRefreshTokenAsync(refreshToken, extra : extraParameters);

            if (response.IsError)
            {
                return(new RefreshTokenResult {
                    Error = response.Error
                });
            }

            // validate token response
            var validationResult = await _processor.ValidateTokenResponseAsync(response, null, requireIdentityToken : _options.Policy.RequireIdentityTokenOnRefreshTokenResponse);

            if (validationResult.IsError)
            {
                return(new RefreshTokenResult {
                    Error = validationResult.Error
                });
            }

            return(new RefreshTokenResult
            {
                IdentityToken = response.IdentityToken,
                AccessToken = response.AccessToken,
                RefreshToken = response.RefreshToken,
                ExpiresIn = (int)response.ExpiresIn,
                AccessTokenExpiration = DateTime.Now.AddSeconds(response.ExpiresIn)
            });
        }
        private TokenClient GetTokenClient()
        {
            if (_tokenClient == null)
            {
                _tokenClient = TokenClientFactory.Create(_options);
            }

            return(_tokenClient);
        }
Beispiel #4
0
        /// <summary>
        /// Refreshes an access token.
        /// </summary>
        /// <param name="refreshToken">The refresh token.</param>
        /// <returns>A token response.</returns>
        public async Task <RefreshTokenResult> RefreshTokenAsync(string refreshToken, Task <RsaSecurityKey> pregeneratedPopKeyTask = null)
        {
            if (string.IsNullOrEmpty(refreshToken))
            {
                throw new ArgumentException("refreshToken");
            }
            _logger.LogTrace("RefreshTokenAsync");

            await EnsureConfigurationAsync().ConfigureAwait(false);

            var client = TokenClientFactory.Create(_options);


            TokenResponse      response;
            SigningCredentials popSigner = null;

            if (_options.RequestPopTokens)
            {
                //-- PoP Key Creation
                _logger.LogTrace("CreateProviderForPopToken");
                var popKey = await(pregeneratedPopKeyTask ?? PopTokenExtensions.CreateProviderForPopTokenAsync()).ConfigureAwait(false);
                var jwk    = popKey.ToJwk();
                response = await client.RequestRefreshTokenPopAsync(refreshToken, jwk.Alg, jwk.ToJwkString()).ConfigureAwait(false);

                popSigner = new SigningCredentials(popKey, "RS256");
            }
            else
            {
                response = await client.RequestRefreshTokenAsync(refreshToken).ConfigureAwait(false);
            }

            if (response.IsError)
            {
                return(new RefreshTokenResult {
                    Error = response.Error
                });
            }

            // validate token response
            var validationResult = await _processor.ValidateTokenResponseAsync(response, null, requireIdentityToken : _options.Policy.RequireIdentityTokenOnRefreshTokenResponse).ConfigureAwait(false);

            if (validationResult.IsError)
            {
                return(new RefreshTokenResult {
                    Error = validationResult.Error
                });
            }

            return(new RefreshTokenResult
            {
                IdentityToken = response.IdentityToken,
                AccessToken = response.AccessToken,
                RefreshToken = response.RefreshToken,
                ExpiresIn = (int)response.ExpiresIn,
                PopTokenKey = popSigner
            });
        }
Beispiel #5
0
        /// <summary>
        /// Processes the authorize response.
        /// </summary>
        /// <param name="data">The response data.</param>
        /// <param name="state">The state.</param>
        /// <returns>Result of the login response validation</returns>
        public async Task <LoginResult> ProcessResponseAsync(string data, AuthorizeState state)
        {
            _logger.LogTrace("ProcessResponseAsync");
            _logger.LogInformation("Processing response.");

            await EnsureConfigurationAsync();

            _logger.LogDebug("Authorize response: {response}", data);
            var authorizeResponse = new AuthorizeResponse(data);

            if (authorizeResponse.IsError)
            {
                _logger.LogError(authorizeResponse.Error);
                return(new LoginResult(authorizeResponse.Error));
            }

            var result = await _processor.ProcessResponseAsync(authorizeResponse, state);

            if (result.IsError)
            {
                _logger.LogError(result.Error);
                return(new LoginResult(result.Error));
            }

            var userInfoClaims = Enumerable.Empty <Claim>();

            if (_options.LoadProfile)
            {
                var userInfoResult = await GetUserInfoAsync(result.TokenResponse.AccessToken);

                if (userInfoResult.IsError)
                {
                    var error = $"Error contacting userinfo endpoint: {userInfoResult.Error}";
                    _logger.LogError(error);

                    return(new LoginResult(error));
                }

                userInfoClaims = userInfoResult.Claims;

                var userInfoSub = userInfoClaims.FirstOrDefault(c => c.Type == JwtClaimTypes.Subject);
                if (userInfoSub == null)
                {
                    var error = "sub claim is missing from userinfo endpoint";
                    _logger.LogError(error);

                    return(new LoginResult(error));
                }

                if (!string.Equals(userInfoSub.Value, result.User.FindFirst(JwtClaimTypes.Subject).Value))
                {
                    var error = "sub claim from userinfo endpoint is different than sub claim from identity token.";
                    _logger.LogError(error);

                    return(new LoginResult(error));
                }
            }

            var user = ProcessClaims(result.User, userInfoClaims);

            var loginResult = new LoginResult
            {
                User                  = user,
                AccessToken           = result.TokenResponse.AccessToken,
                RefreshToken          = result.TokenResponse.RefreshToken,
                AccessTokenExpiration = DateTime.Now.AddSeconds(result.TokenResponse.ExpiresIn),
                IdentityToken         = result.TokenResponse.IdentityToken,
                AuthenticationTime    = DateTime.Now
            };

            if (!string.IsNullOrWhiteSpace(loginResult.RefreshToken))
            {
                loginResult.RefreshTokenHandler = new RefreshTokenHandler(
                    TokenClientFactory.Create(_options),
                    loginResult.RefreshToken,
                    loginResult.AccessToken);
            }

            return(loginResult);
        }