private static async Task <TokenIntrospectionResponse> LoadClaimsForToken(
string token,
HttpContext context,
AuthenticationScheme scheme,
OAuth2IntrospectionEvents events,
OAuth2IntrospectionOptions options)
{
var introspectionClient = await options.IntrospectionClient.Value.ConfigureAwait(false);
using var request = CreateTokenIntrospectionRequest(token, context, scheme, events, options);
return(await introspectionClient.IntrospectTokenAsync(request).ConfigureAwait(false));
}
private static async Task <AuthenticateResult> ReportNonSuccessAndReturn(
string error,
HttpContext httpContext,
AuthenticationScheme scheme,
OAuth2IntrospectionEvents events,
OAuth2IntrospectionOptions options)
{
var authenticationFailedContext = new AuthenticationFailedContext(httpContext, scheme, options)
{
Error = error
};
await events.AuthenticationFailed(authenticationFailedContext);
if (authenticationFailedContext.Result != null)
{
return(authenticationFailedContext.Result);
}
return(AuthenticateResult.Fail(error));
}
private static TokenIntrospectionRequest CreateTokenIntrospectionRequest(
string token,
HttpContext context,
AuthenticationScheme scheme,
OAuth2IntrospectionEvents events,
OAuth2IntrospectionOptions options)
{
if (options.ClientSecret == null && options.ClientAssertionExpirationTime <= DateTime.UtcNow)
{
lock (options.AssertionUpdateLockObj)
{
if (options.ClientAssertionExpirationTime <= DateTime.UtcNow)
{
var updateClientAssertionContext = new UpdateClientAssertionContext(context, scheme, options)
{
ClientAssertion = options.ClientAssertion ?? new ClientAssertion()
};
events.UpdateClientAssertion(updateClientAssertionContext);
options.ClientAssertion = updateClientAssertionContext.ClientAssertion;
options.ClientAssertionExpirationTime =
updateClientAssertionContext.ClientAssertionExpirationTime;
}
}
}
return(new TokenIntrospectionRequest
{
Token = token,
TokenTypeHint = options.TokenTypeHint,
Address = options.IntrospectionEndpoint,
ClientId = options.ClientId,
ClientSecret = options.ClientSecret,
ClientAssertion = options.ClientAssertion ?? new ClientAssertion(),
ClientCredentialStyle = options.ClientCredentialStyle,
AuthorizationHeaderStyle = options.AuthorizationHeaderStyle,
});
}
private static async Task <AuthenticateResult> CreateTicket(
IEnumerable <Claim> claims,
string token,
HttpContext httpContext,
AuthenticationScheme scheme,
OAuth2IntrospectionEvents events,
OAuth2IntrospectionOptions options)
{
var authenticationType = options.AuthenticationType ?? scheme.Name;
var id = new ClaimsIdentity(claims, authenticationType, options.NameClaimType, options.RoleClaimType);
var principal = new ClaimsPrincipal(id);
var tokenValidatedContext = new TokenValidatedContext(httpContext, scheme, options)
{
Principal = principal,
SecurityToken = token
};
await events.TokenValidated(tokenValidatedContext);
if (tokenValidatedContext.Result != null)
{
return(tokenValidatedContext.Result);
}
if (options.SaveToken)
{
tokenValidatedContext.Properties.StoreTokens(new[]
{
new AuthenticationToken {
Name = "access_token", Value = token
}
});
}
tokenValidatedContext.Success();
return(tokenValidatedContext.Result);
}
/// <summary>
/// Dafault options constructor
/// </summary>
public OAuth2IntrospectionOptions()
{
Events = new OAuth2IntrospectionEvents();
}
