public async Task SaveCodeGrantAsync(CodeGrant codeGrant)
{
var clientIntId = await _outbackDbContext.Clients.Where(m => m.ClientId == codeGrant.ClientId).Select(m => m.Id).SingleAsync();
var outbackCodeGrant = new OutbackCodeGrant
{
ClientId = clientIntId,
Code = codeGrant.Code,
CodeChallange = codeGrant.CodeChallange,
CodeChallangeMethod = codeGrant.CodeChallangeMethod,
Created = codeGrant.Created,
Expires = codeGrant.Expires,
Nonce = codeGrant.Nonce,
RedirectUri = codeGrant.RedirectUri,
Scope = codeGrant.Scope,
State = codeGrant.State,
SubjectId = Guid.Parse(codeGrant.SubjectId),
};
await _outbackDbContext.CodeGrants.AddAsync(outbackCodeGrant);
await _outbackDbContext.SaveChangesAsync();
}
public Task SaveCodeGrant(CodeGrant grant)
{
_persistedGrants.TryAdd(grant.Code, grant);
return(Task.CompletedTask);
}
public async Task <AccessTokenResponse> CreateTokenResponse(Client client, CodeGrant persistedGrant, string issuer)
{
var tokenHandler = new JwtSecurityTokenHandler();
var key = await _tokenSigningAccessor.GetSigningSecurityKey();
var identityTokenDescriptor = new SecurityTokenDescriptor
{
Subject = null,
TokenType = null,
Expires = DateTime.UtcNow.AddSeconds(client.AccessTokenLifetime),
Issuer = issuer,
IssuedAt = DateTime.UtcNow,
Audience = client.ClientId,
SigningCredentials = new SigningCredentials(key.SecurityKey, key.Algorithm),
};
identityTokenDescriptor.Claims = new Dictionary <string, object>
{
{ StandardClaims.Subject, persistedGrant.SubjectId }
};
if (!string.IsNullOrEmpty(persistedGrant.Nonce))
{
identityTokenDescriptor.Claims.Add(StandardClaims.Nonce, persistedGrant.Nonce);
}
if (client.AddUserInfoClaimsInIdentityToken)
{
var scopes = persistedGrant.Scope.Split(' ');
var claims = await _userInfoAccessor.GetUserInfoClaims(persistedGrant.SubjectId, scopes);
foreach (var claim in claims)
{
switch (claim.Key)
{
case StandardClaims.Issuer:
case StandardClaims.Subject:
case StandardClaims.Audience:
case StandardClaims.Expiration:
case StandardClaims.IssuedAt:
case StandardClaims.AuthenticationTime:
case StandardClaims.Nonce:
case StandardClaims.AuthenticationContextClassReference:
case StandardClaims.AuthorizedParty:
// Ignore OpenId standard claims
break;
default:
identityTokenDescriptor.Claims.Add(claim.Key, claim.Value);
break;
}
}
}
var identityToken = tokenHandler.CreateToken(identityTokenDescriptor);
var identityTokenString = tokenHandler.WriteToken(identityToken);
var accessTokenDescriptor = new SecurityTokenDescriptor
{
Subject = null,
TokenType = "at+jwt",
Expires = DateTime.UtcNow.AddSeconds(client.IdentityTokenLifetime),
Issuer = issuer,
IssuedAt = DateTime.UtcNow,
Audience = client.ClientId,
SigningCredentials = new SigningCredentials(key.SecurityKey, key.Algorithm),
};
accessTokenDescriptor.Claims = new Dictionary <string, object>
{
{ StandardClaims.ClientIdentifier, client.ClientId },
{ StandardClaims.Scope, persistedGrant.Scope },
{ StandardClaims.Subject, persistedGrant.SubjectId }
};
var accessToken = tokenHandler.CreateToken(accessTokenDescriptor);
var tokenString = tokenHandler.WriteToken(accessToken);
if (client.IssueRefreshToken)
{
// Create refresh token
throw new NotImplementedException();
//return new RefreshTokenResponse
//{
// AccessToken = tokenString,
// IdentityToken = identityTokenString,
// ExpiresIn = client.AccessTokenLifetime,
// RefreshToken = string.Empty,
// TokenType = "Bearer"
//};
}
return(new IdentityTokenResponse
{
AccessToken = tokenString,
IdentityToken = identityTokenString,
ExpiresIn = client.AccessTokenLifetime,
TokenType = "Bearer"
});
}
