public async Task <IActionResult> AcquireTokenForDaemon()
{
BasicPresenter <LoginResponse> port = new BasicPresenter <LoginResponse>();
ProviderGrantRequest request = new ProviderGrantRequest
{
OnBehalfOf = _claimCompat.ExtractFirstIdClaim(HttpContext.User)
};
var success = await _dataProviderGrant.Handle(request, port);
return((success) ? new OkObjectResult(port.Response) : BadRequest());
}
public async Task <bool> Handle(ProviderGrantRequest message, IOutboundPort <LoginResponse> outputPort)
{
// Verify the user is valid
var user = await _userStore.GetUserById(message.OnBehalfOf);
if (user == null)
{
return(false);
}
// TODO: verify - in some manner - that this action request is valid beyond 'has a real user'
// Mint a data access token.
var response = new LoginResponse
{
UserName = null, // not necessary for Daemons
AccessToken = new AccessToken
{
Token = _minter.Mint(_claimsComposer.ComposeIdentity(user), TokenType.DaemonAccess),
ExpiresIn = _minter.Options.TokenLifespan
},
RefreshToken = new RefreshToken
{
Token = _minter.Mint(_claimsComposer.ComposeIdentity(user), TokenType.Refresh),
ExpiresAt = (DateTime.UtcNow + TimeSpan.FromSeconds(_minter.Options.RefreshTokenLifespan)),
IssuedTo = user.Guid,
IssuedBy = Dns.GetHostName(),
AccessCapacity = AccessLevelValues.Daemon
}
};
user.RefreshTokens.Add(response.RefreshToken);
await _userStore.UpdateUser(user);
// signal success
outputPort.Handle(response);
return(true);
}
