protected virtual async Task <TokenValidationResult> ValidateReferenceAccessTokenAsync(string tokenHandle) { var token = await _tokenHandles.GetAsync(tokenHandle); if (token == null) { Logger.Error("Token handle not found"); return(Invalid(Constants.ProtectedResourceErrors.InvalidToken)); } if (token.Type != Constants.TokenTypes.AccessToken) { Logger.ErrorFormat("Token handle does not resolve to an access token - but instead to: {1}", tokenHandle, token.Type); return(Invalid(Constants.ProtectedResourceErrors.InvalidToken)); } if (DateTime.UtcNow > token.CreationTime.AddSeconds(token.Lifetime)) { Logger.Error("Token expired."); return(Invalid(Constants.ProtectedResourceErrors.ExpiredToken)); } Logger.Info("Reference access token validation successful"); return(new TokenValidationResult { Claims = ReferenceTokenToClaims(token), ReferenceToken = token }); }
// revoke access token only if it belongs to client doing the request private async Task <bool> RevokeAccessTokenAsync(string handle, Client client) { var token = await _tokenHandles.GetAsync(handle); if (token != null) { if (token.ClientId == client.ClientId) { await _tokenHandles.RemoveAsync(handle); await _events.RaiseTokenRevokedEventAsync(token.SubjectId, handle, Constants.TokenTypeHints.AccessToken); } else { var message = string.Format("Client {0} tried to revoke an access token belonging to a different client: {1}", client.ClientId, token.ClientId); Logger.Warn(message); await RaiseFailureEventAsync(message); } return(true); } return(false); }
protected virtual async Task <TokenValidationResult> ValidateReferenceAccessTokenAsync(string tokenHandle) { _log.TokenHandle = tokenHandle; var token = await _tokenHandles.GetAsync(tokenHandle); if (token == null) { LogError("Token handle not found"); return(Invalid(Constants.ProtectedResourceErrors.InvalidToken)); } if (token.Type != Constants.TokenTypes.AccessToken) { LogError("Token handle does not resolve to an access token - but instead to: " + token.Type); return(Invalid(Constants.ProtectedResourceErrors.InvalidToken)); } if (DateTimeOffsetHelper.UtcNow >= token.CreationTime.AddSeconds(token.Lifetime)) { LogError("Token expired."); return(Invalid(Constants.ProtectedResourceErrors.ExpiredToken)); } return(new TokenValidationResult { Claims = ReferenceTokenToClaims(token), ReferenceToken = token, ReferenceTokenId = tokenHandle }); }
public async Task LoadingNonExistingKeyShouldResultInNull() { await _setup; Assert.Null(await _store.GetAsync("DoesNotExist")); }