public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
{
/*
* We need to set this header in this method because the method “GrantResourceOwnerCredentials”
* where we set this header is never get executed once we request access token using refresh
* tokens (grant_type=refresh_token).
*/
var allowedOrigin = context.OwinContext.Get <string>("as:clientAllowedOrigin");
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });
/*
* We get the refresh token id from the request, then hash this id and look for this token
* using the hashed refresh token id in table “RefreshTokens”, if the refresh token is found,
* we will use the magical signed string which contains a serialized representation for the
* ticket to build the ticket and identities for the user mapped to this refresh token.
*/
string hashedTokenId = Core.Utility.Authentication.AuthHelper.GetHash(context.Token);
WebApiService service = new WebApiService();
var refreshToken = await service.FindRefreshToken(hashedTokenId);
if (refreshToken != null)
{
//Get protectedTicket from refreshToken class
context.DeserializeTicket(refreshToken.ProtectedTicket);
/*
* We’ll remove the existing refresh token from tables “RefreshTokens”
* because in our logic we are allowing only one refresh token per user and client.
*/
await service.RemoveRefreshToken(hashedTokenId);
}
}
