private async Task <IHttpActionResult> RefreshGrantRequest(string refresh_token, IApplication application, CancellationToken cancellationToken)
{
// Build and send a request to the Stormpath API
var refreshGrantRequest = OauthRequests.NewRefreshGrantRequest()
.SetRefreshToken(refresh_token)
.Build();
try
{
var result = await application.NewRefreshGrantAuthenticator()
.AuthenticateAsync(refreshGrantRequest, cancellationToken);
return(Ok(new TokenResult()
{
AccessToken = result.AccessTokenString,
RefreshToken = result.RefreshTokenString,
TokenType = result.TokenType,
ExpiresIn = result.ExpiresIn
}));
}
catch (ResourceException rex)
{
return(BadRequest(rex.Message));
}
}
private async Task <IAccount> RefreshAccessTokenAsync(IOwinEnvironment context, IClient client, string refreshTokenJwt)
{
// Attempt refresh grant against Stormpath
var request = OauthRequests.NewRefreshGrantRequest()
.SetRefreshToken(refreshTokenJwt)
.Build();
var application = await client.GetApplicationAsync(this.Configuration.Application.Href, context.CancellationToken);
var authenticator = application.NewRefreshGrantAuthenticator();
IOauthGrantAuthenticationResult grantResult = null;
try
{
grantResult = await authenticator.AuthenticateAsync(request, context.CancellationToken);
}
catch (InvalidJwtException jwex)
{
logger.Info($"Failed to authenticate the request due to a malformed or expired refresh token. Message: '{jwex.Message}'", nameof(RefreshAccessTokenAsync));
return(null);
}
catch (ResourceException rex)
{
logger.Warn(rex, "Failed to refresh an access_token given a refresh_token.");
return(null);
}
// Get a new access token
IAccessToken newAccessToken = null;
try
{
newAccessToken = await grantResult.GetAccessTokenAsync(context.CancellationToken);
}
catch (ResourceException rex)
{
logger.Error(rex, "Failed to get a new access token after receiving grant response.", nameof(RefreshAccessTokenAsync));
}
// Get the account details
IAccount account = null;
try
{
account = await GetExpandedAccountAsync(client, newAccessToken, context.CancellationToken);
}
catch (ResourceException rex)
{
logger.Error(rex, $"Failed to get account {newAccessToken.AccountHref}", nameof(RefreshAccessTokenAsync));
return(null);
}
logger.Trace("Access token refreshed using Refresh token. Adding cookies to response", nameof(RefreshAccessTokenAsync));
Cookies.AddTokenCookiesToResponse(context, client, grantResult, this.Configuration, logger);
return(account);
}
public async Task Refreshing_access_token_with_instance(TestClientProvider clientBuilder)
{
var client = clientBuilder.GetClient();
var tenant = await client.GetCurrentTenantAsync();
// Create a dummy application
var createdApplication = await tenant.CreateApplicationAsync(
$".NET IT {this.fixture.TestRunIdentifier}-{clientBuilder.Name} Getting Refresh Token for Application",
createDirectory : false);
createdApplication.Href.ShouldNotBeNullOrEmpty();
this.fixture.CreatedApplicationHrefs.Add(createdApplication.Href);
// Add the test accounts
await createdApplication.AddAccountStoreAsync(this.fixture.PrimaryDirectoryHref);
var passwordGrantRequest = OauthRequests.NewPasswordGrantRequest()
.SetLogin("*****@*****.**")
.SetPassword("whataPieceofjunk$1138")
.SetAccountStore(this.fixture.PrimaryDirectoryHref)
.Build();
var originalGrantResult = await createdApplication.NewPasswordGrantAuthenticator()
.AuthenticateAsync(passwordGrantRequest);
var account = await tenant.GetAccountAsync(this.fixture.PrimaryAccountHref);
var refreshToken = await account
.GetRefreshTokens()
.Where(x => x.ApplicationHref == createdApplication.Href)
.SingleOrDefaultAsync();
refreshToken.ShouldNotBeNull();
var refreshGrantRequest = OauthRequests.NewRefreshGrantRequest()
.SetRefreshToken(refreshToken)
.Build();
var refreshGrantResult = await createdApplication.NewRefreshGrantAuthenticator()
.AuthenticateAsync(refreshGrantRequest);
refreshGrantResult.AccessTokenHref.ShouldNotBe(originalGrantResult.AccessTokenHref);
refreshGrantResult.AccessTokenString.ShouldNotBe(originalGrantResult.AccessTokenString);
refreshGrantResult.RefreshTokenString.ShouldBe(originalGrantResult.RefreshTokenString);
// Clean up
(await refreshToken.DeleteAsync()).ShouldBeTrue();
(await createdApplication.DeleteAsync()).ShouldBeTrue();
this.fixture.CreatedApplicationHrefs.Remove(createdApplication.Href);
}
private async Task <bool> ExecuteRefreshFlow(IOwinEnvironment context, IClient client, string refreshToken, CancellationToken cancellationToken)
{
var application = await client.GetApplicationAsync(_configuration.Application.Href, cancellationToken);
var refreshGrantRequest = OauthRequests.NewRefreshGrantRequest()
.SetRefreshToken(refreshToken)
.Build();
var tokenResult = await application.NewRefreshGrantAuthenticator()
.AuthenticateAsync(refreshGrantRequest, cancellationToken);
var sanitizer = new GrantResultResponseSanitizer();
return(await JsonResponse.Ok(context, sanitizer.SanitizeResponseWithRefreshToken(tokenResult)).ConfigureAwait(false));
}
public void Refreshing_access_token_with_jwt(TestClientProvider clientBuilder)
{
var client = clientBuilder.GetClient();
var tenant = client.GetCurrentTenant();
// Create a dummy application
var createdApplication = tenant.CreateApplication(
$".NET IT {this.fixture.TestRunIdentifier}-{clientBuilder.Name} Refreshing Access Token - Sync",
createDirectory: false);
createdApplication.Href.ShouldNotBeNullOrEmpty();
this.fixture.CreatedApplicationHrefs.Add(createdApplication.Href);
// Add the test accounts
createdApplication.AddAccountStore(this.fixture.PrimaryDirectoryHref);
var passwordGrantRequest = OauthRequests.NewPasswordGrantRequest()
.SetLogin("*****@*****.**")
.SetPassword("whataPieceofjunk$1138")
.SetAccountStore(this.fixture.PrimaryDirectoryHref)
.Build();
var originalGrantResult = createdApplication.NewPasswordGrantAuthenticator()
.Authenticate(passwordGrantRequest);
var refreshGrantRequest = OauthRequests.NewRefreshGrantRequest()
.SetRefreshToken(originalGrantResult.RefreshTokenString)
.Build();
var refreshGrantResult = createdApplication.NewRefreshGrantAuthenticator()
.Authenticate(refreshGrantRequest);
refreshGrantResult.AccessTokenHref.ShouldNotBe(originalGrantResult.AccessTokenHref);
refreshGrantResult.AccessTokenString.ShouldNotBe(originalGrantResult.AccessTokenString);
refreshGrantResult.RefreshTokenString.ShouldBe(originalGrantResult.RefreshTokenString);
// Clean up
createdApplication.Delete().ShouldBeTrue();
this.fixture.CreatedApplicationHrefs.Remove(createdApplication.Href);
}
