public async Task <IActionResult> AcquireTokenForDaemon() { BasicPresenter <LoginResponse> port = new BasicPresenter <LoginResponse>(); ProviderGrantRequest request = new ProviderGrantRequest { OnBehalfOf = _claimCompat.ExtractFirstIdClaim(HttpContext.User) }; var success = await _dataProviderGrant.Handle(request, port); return((success) ? new OkObjectResult(port.Response) : BadRequest()); }
public async Task <bool> Handle(ProviderGrantRequest message, IOutboundPort <LoginResponse> outputPort) { // Verify the user is valid var user = await _userStore.GetUserById(message.OnBehalfOf); if (user == null) { return(false); } // TODO: verify - in some manner - that this action request is valid beyond 'has a real user' // Mint a data access token. var response = new LoginResponse { UserName = null, // not necessary for Daemons AccessToken = new AccessToken { Token = _minter.Mint(_claimsComposer.ComposeIdentity(user), TokenType.DaemonAccess), ExpiresIn = _minter.Options.TokenLifespan }, RefreshToken = new RefreshToken { Token = _minter.Mint(_claimsComposer.ComposeIdentity(user), TokenType.Refresh), ExpiresAt = (DateTime.UtcNow + TimeSpan.FromSeconds(_minter.Options.RefreshTokenLifespan)), IssuedTo = user.Guid, IssuedBy = Dns.GetHostName(), AccessCapacity = AccessLevelValues.Daemon } }; user.RefreshTokens.Add(response.RefreshToken); await _userStore.UpdateUser(user); // signal success outputPort.Handle(response); return(true); }