public async Task <IActionResult> AccessToken(AccessTokenRequest tokenRequest)
{
if (!string.IsNullOrEmpty(tokenRequest.refresh_token))
{
var refreshTokenModel = await _repository.GetRefreshToken(tokenRequest.refresh_token);
if (refreshTokenModel == null)
{
return(BadRequest());
}
string tokenKey = _accountSettings.TokenKey;
JWToken token = GenerateAccessToken(tokenKey);
string serializedToken = JsonConvert.SerializeObject(token);
var response = new
{
access_token = serializedToken,
token_type = "example",
expires_in = 3600,
refresh_token = refreshTokenModel.Token
};
return(Ok(response));
}
//TODO: code should be generated in memory and disposed of after one use
else if (!string.IsNullOrEmpty(tokenRequest.code))
{
// validating that the code is a valid one
if (_codeStore.VerifyCode(tokenRequest.code) == null)
{
//TOOD: check the expected answer
return(BadRequest());
}
//we need to make sure nobody else can re-use the same code twice
_codeStore.ClearCode(tokenRequest.code);
string tokenKey = _accountSettings.TokenKey;
JWToken token = GenerateAccessToken(tokenKey);
string serializedToken = JsonConvert.SerializeObject(token);
string refreshToken = Guid.NewGuid().ToString();
await _repository.AddRefreshToken(new Models.RefreshTokenModel {
Application = "Alexa", Token = refreshToken
});
var response = new
{
access_token = serializedToken,
token_type = "example",
expires_in = 3600,
refresh_token = refreshToken
};
return(Ok(response));
}
return(BadRequest());
}
private JWToken GenerateAccessToken(string key)
{
var token = new JWToken
{
Timestamp = DateTimeOffset.Now.ToString(),
ExpiresIn = 3600,
Application = "Alexa"
};
token.GenerateSignature(key);
return(token);
}
