/// <summary>
/// Prepares the response to an access token request.
/// </summary>
/// <param name="request">The request for an access token.</param>
/// <param name="allowRefreshToken">If set to <c>true</c>, the response will include a long-lived refresh token.</param>
/// <returns>The response message to send to the client.</returns>
private AccessTokenSuccessResponse PrepareAccessTokenResponse(AccessTokenRequestBase request, bool allowRefreshToken = true)
{
Requires.NotNull(request, "request");
if (allowRefreshToken)
{
if (request is AccessTokenClientCredentialsRequest)
{
// Per OAuth 2.0 section 4.4.3 (draft 23), refresh tokens should never be included
// in a response to an access token request that used the client credential grant type.
Logger.OAuth.Debug("Suppressing refresh token in access token response because the grant type used by the client disallows it.");
allowRefreshToken = false;
}
}
var tokenRequest = (IAuthorizationCarryingRequest)request;
var accessTokenRequest = (IAccessTokenRequestInternal)request;
var response = new AccessTokenSuccessResponse(request)
{
HasRefreshToken = allowRefreshToken,
};
response.Scope.ResetContents(tokenRequest.AuthorizationDescription.Scope);
return(response);
}
private AccessTokenSuccessResponse PrepareAccessTokenResponse(AccessTokenRequestBase request, bool allowRefreshToken = true)
{
if (allowRefreshToken)
{
if (request is AccessTokenClientCredentialsRequest)
{
Logger.OAuth.Debug("Suppressing refresh token in access token response because the grant type used by the client disallows it.");
allowRefreshToken = false;
}
}
var tokenRequest = (IAuthorizationCarryingRequest)request;
var accessTokenRequest = (IAccessTokenRequestInternal)request;
var response = new AccessTokenSuccessResponse(request)
{
HasRefreshToken = allowRefreshToken
};
response.Scope.ResetContents(tokenRequest.AuthorizationDescription.Scope);
return(response);
}
/// <summary>
/// Handles an incoming request to the authorization server's token endpoint.
/// </summary>
/// <param name="nonce">The nonce data.</param>
/// <param name="clientIdentifier">The client identifier.</param>
/// <param name="accessTokenSuccessResponse">The access token success response.</param>
/// <param name="request">The HTTP request.</param>
/// <returns>The HTTP response to send to the client.</returns>
public IProtocolMessage HandleTokenRequest(string nonce, out string clientIdentifier,
out AccessTokenSuccessResponse accessTokenSuccessResponse, HttpRequestBase request = null)
{
if (request == null)
{
request = this.Channel.GetRequestFromContext();
}
AccessTokenResult accessTokenResult = null;
AccessTokenRequestBase requestMessage;
IProtocolMessage responseMessage;
AccessTokenSuccessResponse successResponseMessage = null;
try
{
if (this.Channel.TryReadFromRequest(request, out requestMessage))
{
accessTokenResult = this.AuthorizationServerServices.CreateAccessToken(requestMessage, nonce);
ErrorUtilities.VerifyHost(accessTokenResult != null, "IAuthorizationServerHost.CreateAccessToken must not return null.");
IAccessTokenRequestInternal accessRequestInternal = requestMessage;
accessRequestInternal.AccessTokenResult = accessTokenResult;
successResponseMessage = this.PrepareAccessTokenResponse(requestMessage, accessTokenResult.AllowRefreshToken);
successResponseMessage.Lifetime = accessTokenResult.AccessToken.Lifetime;
var authCarryingRequest = requestMessage as IAuthorizationCarryingRequest;
if (authCarryingRequest != null)
{
accessTokenResult.AccessToken.ApplyAuthorization(authCarryingRequest.AuthorizationDescription);
IAccessTokenIssuingResponse accessTokenIssuingResponse = successResponseMessage;
accessTokenIssuingResponse.AuthorizationDescription = accessTokenResult.AccessToken;
}
responseMessage = successResponseMessage;
}
else
{
responseMessage = new AccessTokenFailedResponse()
{
Error = Protocol.AccessTokenRequestErrorCodes.InvalidRequest
};
}
}
catch (TokenEndpointProtocolException ex)
{
responseMessage = ex.GetResponse();
}
catch (ProtocolException)
{
responseMessage = new AccessTokenFailedResponse()
{
Error = Protocol.AccessTokenRequestErrorCodes.InvalidRequest
};
}
if (accessTokenResult != null)
{
clientIdentifier = accessTokenResult.AccessToken.ClientIdentifier;
accessTokenSuccessResponse = successResponseMessage;
}
else
{
clientIdentifier = "";
accessTokenSuccessResponse = successResponseMessage;
}
return(responseMessage);
}
/// <summary>
/// Updates the authorization state maintained by the client with the content of an outgoing response.
/// </summary>
/// <param name="authorizationState">The authorization state maintained by the client.</param>
/// <param name="accessTokenSuccess">The access token containing response message.</param>
internal static void UpdateAuthorizationWithResponse(IAuthorizationState authorizationState, AccessTokenSuccessResponse accessTokenSuccess)
{
Requires.NotNull(authorizationState, "authorizationState");
Requires.NotNull(accessTokenSuccess, "accessTokenSuccess");
authorizationState.AccessToken = accessTokenSuccess.AccessToken;
authorizationState.AccessTokenExpirationUtc = DateTime.UtcNow + accessTokenSuccess.Lifetime;
authorizationState.AccessTokenIssueDateUtc = DateTime.UtcNow;
// The authorization server MAY choose to renew the refresh token itself.
if (accessTokenSuccess.RefreshToken != null)
{
authorizationState.RefreshToken = accessTokenSuccess.RefreshToken;
}
// An included scope parameter in the response only describes the access token's scope.
// Don't update the whole authorization state object with that scope because that represents
// the refresh token's original scope.
if ((authorizationState.Scope == null || authorizationState.Scope.Count == 0) && accessTokenSuccess.Scope != null)
{
authorizationState.Scope.ResetContents(accessTokenSuccess.Scope);
}
authorizationState.SaveChanges();
}
public static void UpdateAuthorizationWithResponse(IAuthorizationState authorizationState, AccessTokenSuccessResponse accessTokenSuccess)
{
authorizationState.AccessToken = accessTokenSuccess.AccessToken;
authorizationState.AccessTokenExpirationUtc = DateTime.UtcNow + accessTokenSuccess.Lifetime;
authorizationState.AccessTokenIssueDateUtc = DateTime.UtcNow;
if (accessTokenSuccess.RefreshToken != null)
{
authorizationState.RefreshToken = accessTokenSuccess.RefreshToken;
}
if ((authorizationState.Scope == null || authorizationState.Scope.Count == 0) && accessTokenSuccess.Scope != null)
{
authorizationState.Scope.ResetContents(accessTokenSuccess.Scope);
}
authorizationState.SaveChanges();
}
/// <summary>
/// Create a request token from the request.
/// </summary>
/// <param name="httpRequest">The current http request.</param>
/// <param name="rawUri">A System.Uri object containing information regarding the URL of the current request.</param>
/// <param name="queryString">The collection of HTTP query string variables.</param>
/// <param name="form">The collection of form variables.</param>
/// <param name="headers">The collection of HTTP headers.</param>
/// <param name="cookies">The collection of cookies sent by the client.</param>
/// <param name="responseHeaders">The response headers for the request.</param>
/// <param name="returnType">The type of response to return.</param>
/// <returns>The token if successful; else null.</returns>
private object CreateToken(HttpRequestBase httpRequest, Uri rawUri, NameValueCollection queryString,
NameValueCollection form, NameValueCollection headers, HttpCookieCollection cookies,
out System.Net.WebHeaderCollection responseHeaders, int returnType)
{
OutgoingWebResponse outgoingWebResponse = null;
AccessTokenSuccessResponse accessTokenSuccessResponse = null;
IProtocolMessage message = null;
string codeKey = null;
string refreshToken = null;
string clientID = null;
string nonce = null;
try
{
// Make sure that all the passed parameters are valid.
if (httpRequest == null)
{
throw new ArgumentNullException("httpRequest");
}
if (rawUri == null)
{
throw new ArgumentNullException("rawUri");
}
if (queryString == null)
{
throw new ArgumentNullException("queryString");
}
if (form == null)
{
throw new ArgumentNullException("form");
}
if (headers == null)
{
throw new ArgumentNullException("headers");
}
if (cookies == null)
{
throw new ArgumentNullException("cookies");
}
// Set the crytography key store values.
_authorizationServer.AuthorizationServerServices.CryptoKeyStore.ExpiryDateTime = DateTime.UtcNow.AddYears(1);
_authorizationServer.AuthorizationServerServices.CryptoKeyStore.GetCodeKey = true;
// Attempt to find the 'code' parameter in the form.
IEnumerable <string> codeKeys = form.AllKeys.Where(u => u.EndsWith("code"));
if (codeKeys == null || codeKeys.Count() < 1)
{
// Attempt to find the 'code' parameter in the query string.
if (queryString != null || queryString.Keys.Count > 0)
{
if (queryString["code"] != null)
{
codeKey = queryString["code"];
}
}
}
else
{
codeKey = form["code"];
}
// If a code value exists.
if (!String.IsNullOrEmpty(codeKey))
{
// Get the nonce data for the code value.
nonce = _tokenStore.GetNonce(codeKey);
}
// Attempt to find the 'refresh_token' parameter in the form.
IEnumerable <string> refreshTokens = form.AllKeys.Where(u => u.EndsWith("refresh_token"));
if (refreshTokens == null || refreshTokens.Count() < 1)
{
// Attempt to find the 'refresh_token' parameter in the query string.
if (queryString != null || queryString.Keys.Count > 0)
{
if (queryString["refresh_token"] != null)
{
refreshToken = queryString["refresh_token"];
}
}
}
else
{
refreshToken = form["refresh_token"];
}
// Pass a refresh token
if (!String.IsNullOrEmpty(refreshToken))
{
string clientIdentifier = null;
string clientSecret = null;
// Get the refresh token data from the http request.
_oAuthAuthorizationServer.GetRefreshTokenData(queryString, form, out clientIdentifier, out clientSecret);
// Get the nonce data for the code value.
nonce = _tokenStore.GetNonce(refreshToken, clientIdentifier, clientSecret);
}
// Handles an incoming request to the authorization server's token endpoint.
message = _authorizationServer.HandleTokenRequest(nonce, out clientID, out accessTokenSuccessResponse, httpRequest);
// Set the crytography key store values after finding the client identifier.
_authorizationServer.AuthorizationServerServices.CryptoKeyStore.ClientIndetifier = clientID;
// Handles an incoming request to the authorization server's token endpoint.
outgoingWebResponse = _authorizationServer.HandleTokenRequestPrepareResponse(message);
// Update the access token.
if (accessTokenSuccessResponse != null)
{
if (!String.IsNullOrEmpty(accessTokenSuccessResponse.AccessToken))
{
_tokenStore.UpdateAccessToken(accessTokenSuccessResponse.AccessToken, nonce, accessTokenSuccessResponse.RefreshToken);
}
}
// What type should be returned.
switch (returnType)
{
case 0:
// The complete html body.
responseHeaders = outgoingWebResponse.Headers;
return(outgoingWebResponse.Body);
default:
// Default is html body.
responseHeaders = outgoingWebResponse.Headers;
return(outgoingWebResponse.Body);
}
}
catch (Exception ex)
{
// Get the current token errors.
responseHeaders = null;
_tokenError = ex.Message;
return(null);
}
}
