/// <summary>
/// Called for each request to the Token endpoint to determine if the request is valid and should continue.
/// The default behavior when using the OAuthAuthorizationServerProvider is to assume well-formed requests, with
/// validated client credentials, should continue processing. An application may add any additional constraints.
/// </summary>
/// <param name="context">The context of the event carries information in and results out.</param>
/// <returns>Task to enable asynchronous execution</returns>
public override async Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
this.options.Logger.Debug("Token request is valid");
// Store grant type in context
context.OwinContext.GetOAuthContext().GrantType = context.TokenRequest.GrantType;
context.Validated();
}
public override Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
//context.Request.Body.Position = 0;
//var reader = new StreamReader(context.Request.Body);
//var body = reader.ReadToEnd();
return(base.ValidateTokenRequest(context));
}
public override Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
var _userAccountService = UserAccountServiceFactory.Create();
if (context.TokenRequest.IsResourceOwnerPasswordCredentialsGrantType)
{
if (_userAccountService.Authenticate(context.TokenRequest.ResourceOwnerPasswordCredentialsGrant.Scope[0],
context.TokenRequest.ResourceOwnerPasswordCredentialsGrant.UserName,
context.TokenRequest.ResourceOwnerPasswordCredentialsGrant.Password))
{
context.Validated();
}
}
if (context.TokenRequest.IsRefreshTokenGrantType)
{
var token = context.TokenRequest.Parameters.Get("refresh_token");
if (!string.IsNullOrEmpty(token))
{
context.Validated();
}
}
return(Task.FromResult <object>(null));
}
private async Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
var output = context.Request.Get <TextWriter>("host.TraceOutput");
output.WriteLine("Token Request {0} {1}",
context.ClientContext.ClientId,
context.TokenRequest.GrantType);
}
/// <summary>
/// Called for each request to the Token endpoint to determine if the request is valid and should continue.
/// The default behavior when using the OAuthAuthorizationServerProvider is to assume well-formed requests, with
/// validated client credentials, should continue processing. An application may add any additional constraints.
/// </summary>
/// <param name="context">The context of the event carries information in and results out.</param>
/// <returns>Task to enable asynchronous execution</returns>
public override async Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
this.options.Logger.Debug("Token request is valid");
// Store grant type in context
context.OwinContext.GetOAuthContext().GrantType = context.TokenRequest.GrantType;
context.Validated();
}
/// <summary>
/// 验证 access_token 的请求
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override async Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
if (context.TokenRequest.IsClientCredentialsGrantType)
{
context.Validated();
}
else
{
context.Rejected();
}
}
/// <summary>
/// 验证 access_token 的请求
/// </summary>
public override async Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
if (context.TokenRequest.IsAuthorizationCodeGrantType || context.TokenRequest.IsRefreshTokenGrantType || context.TokenRequest.IsResourceOwnerPasswordCredentialsGrantType)
{
context.Validated();
}
else
{
context.Rejected();
}
}
private void WriteCorsHeaders(CorsResult result, OAuthValidateTokenRequestContext context)
{
var headers = result.ToResponseHeaders();
if (headers != null)
{
foreach (var header in headers)
{
context.Response.Headers.Append(header.Key, header.Value);
}
}
}
public override async Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
// valide la requète de token
// dans note cas on accepte les requètes de type "authorize code" et "refresh_token"
if (context.TokenRequest.IsAuthorizationCodeGrantType || context.TokenRequest.IsRefreshTokenGrantType)
{
context.Validated();
}
else
{
context.Rejected();
}
}
public override async Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
// valide la requète de token
// dans note cas on accepte les requètes de type "authorize code" et "refresh_token"
if (context.TokenRequest.IsAuthorizationCodeGrantType || context.TokenRequest.IsRefreshTokenGrantType)
{
context.Validated();
}
else
{
context.Rejected();
}
}
/// <summary>
/// 验证 access_token 的请求
/// </summary>
public override Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
if (context.TokenRequest.IsAuthorizationCodeGrantType || context.TokenRequest.IsClientCredentialsGrantType || context.TokenRequest.IsRefreshTokenGrantType || context.TokenRequest.IsResourceOwnerPasswordCredentialsGrantType)
{
context.Validated();
}
else
{
context.Rejected();
}
return(Task.FromResult <object>(null));
}
/// <summary>
/// 验证Token请求,限制授权模式
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
//设置暂时只支持密码模式
if (context.TokenRequest.IsResourceOwnerPasswordCredentialsGrantType)
{
context.Validated();
}
else
{
context.Rejected();
return(Task.FromResult <object>(null));
}
return(base.ValidateTokenRequest(context));
}
public override Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
if (context.TokenRequest.IsResourceOwnerPasswordCredentialsGrantType)
{
var svc = context.OwinContext.Environment.GetUserAccountService <UserAccount>();
var client = svc.GetByUsername("clients", context.ClientContext.ClientId);
var scopes = context.TokenRequest.ResourceOwnerPasswordCredentialsGrant.Scope;
if (scopes.All(scope => client.HasClaim("scope", scope)))
{
context.Validated();
}
}
return(Task.FromResult <object>(null));
}
/// <summary>
/// 验证 access_token 的请求
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override async Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
if (context.TokenRequest.IsClientCredentialsGrantType)
{
context.Validated();
}
//if (context.TokenRequest.IsAuthorizationCodeGrantType || context.TokenRequest.IsRefreshTokenGrantType)
//{
// context.Validated();
//}
else
{
context.Rejected();
}
}
/// <summary>
/// Called at the final stage of a successful Token endpoint request. An application may implement this call in order to do any final
/// modification of the claims being used to issue access or refresh tokens. This call may also be used in order to add additional
/// response parameters to the Token endpoint's json response body.
/// </summary>
/// <param name="context">The context of the event carries information in and results out.</param>
/// <returns>
/// Task to enable asynchronous execution
/// </returns>
/// <remarks>
/// This validates the grant_type accepted and also processes CORS
/// </remarks>
public override Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
//TODO: Determine which grant types will will actually support - these will probably be the only ones
if (!context.TokenRequest.IsAuthorizationCodeGrantType &&
!context.TokenRequest.IsResourceOwnerPasswordCredentialsGrantType &&
!context.TokenRequest.IsRefreshTokenGrantType)
{
context.Rejected();
context.SetError("invalid_grant_type", "Only grant_type=authorization_code, grant_type=password or grant_type=refresh_token are accepted by this server.");
return(Task.FromResult(0));
}
ProcessCors(context);
return(base.ValidateTokenRequest(context));
}
/// <summary>
///
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
return(Task.Factory.StartNew(() =>
{
if (context.TokenRequest.IsAuthorizationCodeGrantType)
{
context.Validated();
}
else if (context.TokenRequest.IsRefreshTokenGrantType)
{
context.Validated();
}
else
{
context.SetCustomError("请求类型有误");
}
}));
}
public override async Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
if (!ObjectId.TryParse(context.ClientContext.ClientId, out var mongoObjectId))
{
context.SetError("invalid_request");
return;
}
var client = await _clientManager.FindClientByIdAsync(context.ClientContext.ClientId);
if (client == null)
{
context.SetError("invalid_client");
}
else
{
context.Validated();
}
}
public override Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
if (context.TokenRequest.IsResourceOwnerPasswordCredentialsGrantType)
{
var svc = context.OwinContext.Environment.GetUserAccountService <UserAccount>();
//var client = svc.GetByUsername("users", context.Request.ReadFormAsync().Result["username"]);
//var scopes = context.TokenRequest.ResourceOwnerPasswordCredentialsGrant.Scope;
//if (scopes.All(scope=>client.HasClaim("role", "people")))
//{
// context.Validated();
//}
/* Custom validation for authenticated client to request access token */
var client = svc.GetByUsername(context.TokenRequest.ResourceOwnerPasswordCredentialsGrant.UserName);
if (svc.Authenticate("users", context.TokenRequest.ResourceOwnerPasswordCredentialsGrant.UserName, context.TokenRequest.ResourceOwnerPasswordCredentialsGrant.Password))
{
context.Validated();
}
}
return(Task.FromResult <object>(null));
}
/// <summary>
/// 验证 access_token 的请求
/// </summary>
public override async Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
logger.Debug("ValidateTokenRequest");
if (
context.TokenRequest.IsAuthorizationCodeGrantType ||
context.TokenRequest.IsClientCredentialsGrantType ||
context.TokenRequest.IsRefreshTokenGrantType ||
context.TokenRequest.IsResourceOwnerPasswordCredentialsGrantType
)
{
/*
* Marks this context as validated by the application. IsValidated becomes true
* and HasError becomes false as a result of calling.
*/
var validateResult = await Task.FromResult(context.Validated());
}
else
{
context.Rejected();
}
}
public override async Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
await Task.FromResult(context.Validated());
}
private void ProcessCors(OAuthValidateTokenRequestContext context)
{
var accessControlRequestMethodHeaders = context.Request.Headers.GetCommaSeparatedValues(CorsConstants.AccessControlRequestMethod);
var originHeaders = context.Request.Headers.GetCommaSeparatedValues(CorsConstants.Origin);
var accessControlRequestHeaders = context.Request.Headers.GetCommaSeparatedValues(CorsConstants.AccessControlRequestMethod);
var corsRequest = new CorsRequestContext
{
Host = context.Request.Host.Value,
HttpMethod = context.Request.Method,
Origin = originHeaders?.FirstOrDefault(),
RequestUri = context.Request.Uri,
AccessControlRequestMethod = accessControlRequestMethodHeaders?.FirstOrDefault()
};
if (accessControlRequestHeaders != null)
{
foreach (var header in context.Request.Headers.GetCommaSeparatedValues(CorsConstants.AccessControlRequestMethod))
{
corsRequest.AccessControlRequestHeaders.Add(header);
}
}
var engine = new CorsEngine();
if (corsRequest.IsPreflight)
{
try
{
// Make sure Access-Control-Request-Method is valid.
var test = new HttpMethod(corsRequest.AccessControlRequestMethod);
}
catch (ArgumentException)
{
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
context.SetError("Access Control Request Method Cannot Be Null Or Empty");
//context.RequestCompleted();
return;
}
catch (FormatException)
{
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
context.SetError("Invalid Access Control Request Method");
//context.RequestCompleted();
return;
}
var result = engine.EvaluatePolicy(corsRequest, _options.CorsPolicy);
if (!result.IsValid)
{
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
context.SetError(string.Join(" | ", result.ErrorMessages));
//context.RequestCompleted();
return;
}
WriteCorsHeaders(result, context);
}
else
{
var result = engine.EvaluatePolicy(corsRequest, _options.CorsPolicy);
if (result.IsValid)
{
WriteCorsHeaders(result, context);
}
}
}
public static void SetCustomError(this OAuthValidateTokenRequestContext context, string msg)
{
context.Rejected();
ResponseWrite(context.Response, msg);
}
public Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
throw new NotImplementedException();
}
public Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
throw new NotImplementedException();
}
/// <summary>
/// 验证令牌
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
context.Validated();
return(Task.FromResult <object>(context));
}
public override async Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
await base.ValidateTokenRequest(context);
}
public override Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
if (context.TokenRequest.IsResourceOwnerPasswordCredentialsGrantType)
{
var svc = context.OwinContext.Environment.GetUserAccountService<UserAccount>();
var client = svc.GetByUsername("clients", context.ClientContext.ClientId);
var scopes = context.TokenRequest.ResourceOwnerPasswordCredentialsGrant.Scope;
if (scopes.All(scope=>client.HasClaim("scope", scope)))
{
context.Validated();
}
}
return Task.FromResult<object>(null);
}
private void WriteCorsHeaders(CorsResult result, OAuthValidateTokenRequestContext context)
{
var headers = result.ToResponseHeaders();
if (headers != null)
{
foreach (var header in headers)
{
context.Response.Headers.Append(header.Key, header.Value);
}
}
}
public override Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
return base.ValidateTokenRequest(context);
}
public override Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
if (context.TokenRequest.IsResourceOwnerPasswordCredentialsGrantType)
{
var svc = context.OwinContext.Environment.GetUserAccountService<UserAccount>();
//var client = svc.GetByUsername("users", context.Request.ReadFormAsync().Result["username"]);
//var scopes = context.TokenRequest.ResourceOwnerPasswordCredentialsGrant.Scope;
//if (scopes.All(scope=>client.HasClaim("role", "people")))
//{
// context.Validated();
//}
/* Custom validation for authenticated client to request access token */
var client = svc.GetByUsername(context.TokenRequest.ResourceOwnerPasswordCredentialsGrant.UserName);
if (svc.Authenticate("users", context.TokenRequest.ResourceOwnerPasswordCredentialsGrant.UserName, context.TokenRequest.ResourceOwnerPasswordCredentialsGrant.Password))
{
context.Validated();
}
}
return Task.FromResult<object>(null);
}
/// <summary>
/// Called for each request to the Token endpoint to determine if the request is valid and should continue.
/// The default behavior when using the OAuthAuthorizationServerProvider is to assume well-formed requests, with
/// validated client credentials, should continue processing. An application may add any additional constraints.
/// </summary>
/// <param name="context">The context of the event carries information in and results out.</param>
/// <returns>Task to enable asynchronous execution</returns>
public virtual Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
return OnValidateTokenRequest.Invoke(context);
}
/// <summary>
///
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
return(base.ValidateTokenRequest(context));
}
private void ProcessCors(OAuthValidateTokenRequestContext context)
{
var accessControlRequestMethodHeaders = context.Request.Headers.GetCommaSeparatedValues(CorsConstants.AccessControlRequestMethod);
var originHeaders = context.Request.Headers.GetCommaSeparatedValues(CorsConstants.Origin);
var accessControlRequestHeaders = context.Request.Headers.GetCommaSeparatedValues(CorsConstants.AccessControlRequestMethod);
var corsRequest = new CorsRequestContext
{
Host = context.Request.Host.Value,
HttpMethod = context.Request.Method,
Origin = originHeaders == null ? null : originHeaders.FirstOrDefault(),
RequestUri = context.Request.Uri,
AccessControlRequestMethod = accessControlRequestMethodHeaders == null ? null : accessControlRequestMethodHeaders.FirstOrDefault()
};
if (accessControlRequestHeaders != null)
{
foreach (var header in context.Request.Headers.GetCommaSeparatedValues(CorsConstants.AccessControlRequestMethod))
{
corsRequest.AccessControlRequestHeaders.Add(header);
}
}
var engine = new CorsEngine();
if (corsRequest.IsPreflight)
{
try
{
// Make sure Access-Control-Request-Method is valid.
var test = new HttpMethod(corsRequest.AccessControlRequestMethod);
}
catch (ArgumentException)
{
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
context.SetError("Access Control Request Method Cannot Be Null Or Empty");
//context.RequestCompleted();
return;
}
catch (FormatException)
{
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
context.SetError("Invalid Access Control Request Method");
//context.RequestCompleted();
return;
}
var result = engine.EvaluatePolicy(corsRequest, _options.CorsPolicy);
if (!result.IsValid)
{
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
context.SetError(string.Join(" | ", result.ErrorMessages));
//context.RequestCompleted();
return;
}
WriteCorsHeaders(result, context);
}
else
{
var result = engine.EvaluatePolicy(corsRequest, _options.CorsPolicy);
if (result.IsValid)
{
WriteCorsHeaders(result, context);
}
}
}
private async Task ValidateTokenRequest(OAuthValidateTokenRequestContext context)
{
var output = context.Request.Get<TextWriter>("host.TraceOutput");
output.WriteLine("Token Request {0} {1}",
context.ClientContext.ClientId,
context.TokenRequest.GrantType);
}
