Beispiel #1
0
        private async Task <AuthenticationTicket> InvokeTokenEndpointRefreshTokenGrantAsync(
            OAuthValidateTokenRequestContext validatingContext,
            DateTimeOffset currentUtc)
        {
            TokenEndpointRequest tokenEndpointRequest = validatingContext.TokenRequest;

            var refreshTokenContext = new AuthenticationTokenReceiveContext(
                Context,
                Options.RefreshTokenFormat,
                tokenEndpointRequest.RefreshTokenGrant.RefreshToken);

            await Options.RefreshTokenProvider.ReceiveAsync(refreshTokenContext);

            AuthenticationTicket ticket = refreshTokenContext.Ticket;

            if (ticket == null)
            {
                _logger.WriteError("invalid refresh token");
                validatingContext.SetError(Constants.Errors.InvalidGrant);
                return(null);
            }

            if (!ticket.Properties.ExpiresUtc.HasValue ||
                ticket.Properties.ExpiresUtc < currentUtc)
            {
                _logger.WriteError("expired refresh token");
                validatingContext.SetError(Constants.Errors.InvalidGrant);
                return(null);
            }

            await Options.Provider.ValidateTokenRequest(validatingContext);

            var grantContext = new OAuthGrantRefreshTokenContext(Context, Options, ticket, validatingContext.ClientContext.ClientId);

            if (validatingContext.IsValidated)
            {
                await Options.Provider.GrantRefreshToken(grantContext);
            }

            return(ReturnOutcome(
                       validatingContext,
                       grantContext,
                       grantContext.Ticket,
                       Constants.Errors.InvalidGrant));
        }
 /// <summary>
 /// Called when a request to the Token endpoint arrives with a "grant_type" of "refresh_token". This occurs if your application has issued a "refresh_token"
 /// along with the "access_token", and the client is attempting to use the "refresh_token" to acquire a new "access_token", and possibly a new "refresh_token".
 /// To issue a refresh token the an Options.RefreshTokenProvider must be assigned to create the value which is returned. The claims and properties
 /// associated with the refresh token are present in the context.Ticket. The application must call context.Validated to instruct the
 /// Authorization Server middleware to issue an access token based on those claims and properties. The call to context.Validated may
 /// be given a different AuthenticationTicket or ClaimsIdentity in order to control which information flows from the refresh token to
 /// the access token. The default behavior when using the OAuthAuthorizationServerProvider is to flow information from the refresh token to
 /// the access token unmodified.
 /// See also http://tools.ietf.org/html/rfc6749#section-6
 /// </summary>
 /// <param name="context">The context of the event carries information in and results out.</param>
 /// <returns>Task to enable asynchronous execution</returns>
 public virtual Task GrantRefreshToken(OAuthGrantRefreshTokenContext context)
 {
     return(OnGrantRefreshToken.Invoke(context));
 }