public async Task CreateAsync(AuthenticationTokenCreateContext context) { Client client; var newSessionToken = CreateSessionToken(context.OwinContext, context.Ticket, out client); if (object.Equals(newSessionToken, null)) { return; } var scope = context.OwinContext.Get <string[]>("scope"); var sessionToken = context.OwinContext.Get <SessionToken>("sessionToken"); context.Ticket.Properties.IssuedUtc = newSessionToken.IssuedUtc; context.Ticket.Properties.ExpiresUtc = newSessionToken.ExpiresUtc; newSessionToken.Scope = SaaSScopeWorkerFactory.ScopeToString(scope); newSessionToken.ProtectedTicket = AccessTokenFormat.Protect(context.Ticket); Guid?oldSessionId = null; if (!object.Equals(sessionToken, null)) //come from grant_refresh { oldSessionId = sessionToken.Id; newSessionToken.ClientVersion = sessionToken.ClientVersion; newSessionToken.AccountProductId = sessionToken.AccountProductId; newSessionToken.ExternalClient = sessionToken.ExternalClient; newSessionToken.InstallationID = sessionToken.InstallationID; } using (var auth = new AuthRepository()) { try { var scopeWorker = SaaSScopeWorkerFactory.Create(scope, auth); await scopeWorker.SessionTokenInsertAsync(newSessionToken, oldSessionId); context.SetToken(newSessionToken.Id.ToString("N")); } catch (Exception exc) { var builder = new StringBuilder(); builder.AppendLine(exc.Message); builder.AppendLine($"Old session token Id: '{oldSessionId}'"); builder.AppendLine($"Client: '{client.Name}'"); builder.AppendLine($"Client version: '{newSessionToken.ClientVersion}'"); _oauthRefreshTokenLogger.Error(exc, builder.ToString()); } } }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { Account user = null; using (var auth = new AuthRepository()) { using (var authProduct = new AuthProductRepository()) { user = await GrantLocalUser(context, auth); if (object.Equals(user, null)) { return; } await auth.AccountNeverLoginSetAsync(user); await auth.AccountVisitorIdSetAsync(user, context.OwinContext.Get <Guid?>("visitorId")); var client = context.OwinContext.Get <Client>("client"); var externalClient = context.OwinContext.Get <ExternalClient?>("externalClient"); var scope = context.OwinContext.Get <string[]>("scope"); var scopeWorker = SaaSScopeWorkerFactory.Create(scope, context, auth, authProduct); if (!await scopeWorker.ValidateDeviceAsync(user)) { return; } var identity = new ClaimsIdentity(context.Options.AuthenticationType); var properties = new Dictionary <string, string> { { "session", Guid.NewGuid().ToString("N") } }; if (externalClient.HasValue) { properties["externalClient"] = OauthManager.GetExternalClientName(externalClient.Value); } identity.AddClaim(ClaimTypes.NameIdentifier, user.Id); identity.AddClaims(user, client); context.OwinContext.Set("user", user); context.Validated(new AuthenticationTicket(identity, new AuthenticationProperties(properties))); } } }
public override async Task GrantRefreshToken(OAuthGrantRefreshTokenContext context) { var identity = new ClaimsIdentity(context.Ticket.Identity); var properties = context.Ticket.Properties.Dictionary; var client = context.OwinContext.Get <Client>("client"); var sessionToken = context.OwinContext.Get <SessionToken>("sessionToken"); properties["session"] = Guid.NewGuid().ToString("N"); if (!string.IsNullOrEmpty(sessionToken.ExternalClientName)) { properties["externalClient"] = sessionToken.ExternalClientName; } string[] scope = context.OwinContext.Get <string[]>("scope"); var accountId = Guid.Parse(identity.GetUserId()); using (var auth = new AuthRepository()) { using (var authProduct = new AuthProductRepository()) { var account = await auth.AccountGetAsync(accountId); if (object.Equals(account, null)) { return; } context.OwinContext.Set("user", account); identity.TryRemoveClaim("module"); identity.AddClaims(account, client); var scopeWorker = SaaSScopeWorkerFactory.Create(scope, context, auth, authProduct); await scopeWorker.GrantClaims(identity); } } context.Validated(new AuthenticationTicket(identity, context.Ticket.Properties)); }
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context) { Guid sessionTokenId; if (!Guid.TryParseExact(context.Token, "N", out sessionTokenId)) { return; } var sessionToken = await GetSessionToken(context.OwinContext, sessionTokenId); if (object.Equals(sessionToken, null)) { context.Response.Headers.Add("Refresh-Token-Expired", new[] { string.Format("token: {0}", sessionTokenId.ToString("N")) }); context.Response.Headers.Add("Access-Control-Expose-Headers", new[] { "Refresh-Token-Expired" }); return; } //TODO external provider password verification context.OwinContext.Set("scope", SaaSScopeWorkerFactory.StringToScope(sessionToken.Scope)); context.OwinContext.Set("systemId", sessionToken.SystemId); context.OwinContext.Set("sessionToken", sessionToken); //context.DeserializeTicket(token.ProtectedTicket); var ticket = AccessTokenFormat.Unprotect(sessionToken.ProtectedTicket); var issued = DateTime.UtcNow; var expires = issued.Add(Startup.OAuthServerOptions.AccessTokenExpireTimeSpan); ticket.Properties.IssuedUtc = issued; ticket.Properties.ExpiresUtc = expires; context.SetTicket(ticket); }