/// <summary> /// Refreshes an access token. /// </summary> /// <param name="refreshToken">The refresh token.</param> /// <returns>A token response.</returns> public async Task <RefreshTokenResult> RefreshTokenAsync(string refreshToken, Task <RsaSecurityKey> pregeneratedPopKeyTask = null) { if (string.IsNullOrEmpty(refreshToken)) { throw new ArgumentException("refreshToken"); } _logger.LogTrace("RefreshTokenAsync"); await EnsureConfigurationAsync().ConfigureAwait(false); var client = TokenClientFactory.Create(_options); TokenResponse response; SigningCredentials popSigner = null; if (_options.RequestPopTokens) { //-- PoP Key Creation _logger.LogTrace("CreateProviderForPopToken"); var popKey = await(pregeneratedPopKeyTask ?? PopTokenExtensions.CreateProviderForPopTokenAsync()).ConfigureAwait(false); var jwk = popKey.ToJwk(); response = await client.RequestRefreshTokenPopAsync(refreshToken, jwk.Alg, jwk.ToJwkString()).ConfigureAwait(false); popSigner = new SigningCredentials(popKey, "RS256"); } else { response = await client.RequestRefreshTokenAsync(refreshToken).ConfigureAwait(false); } if (response.IsError) { return(new RefreshTokenResult { Error = response.Error }); } // validate token response var validationResult = await _processor.ValidateTokenResponseAsync(response, null, requireIdentityToken : _options.Policy.RequireIdentityTokenOnRefreshTokenResponse).ConfigureAwait(false); if (validationResult.IsError) { return(new RefreshTokenResult { Error = validationResult.Error }); } return(new RefreshTokenResult { IdentityToken = response.IdentityToken, AccessToken = response.AccessToken, RefreshToken = response.RefreshToken, ExpiresIn = (int)response.ExpiresIn, PopTokenKey = popSigner }); }
private async Task <Tuple <TokenResponse, RsaSecurityKey> > RedeemCodeAsync(string code, AuthorizeState state) { _logger.LogTrace("RedeemCodeAsync"); var client = GetTokenClient(); if (_options.RequestPopTokens) { //-- Make sure the key is created _logger.LogTrace("CreateProviderForPopToken"); var popKey = await(state.PopTokenGenerationTask ?? PopTokenExtensions.CreateProviderForPopTokenAsync()).ConfigureAwait(false); var jwk = popKey.ToJwk(); //-- Code request. _logger.LogTrace("Sending request"); var tokenResult = await client.RequestAuthorizationCodePopAsync( code, state.RedirectUri, state.CodeVerifier, jwk.Alg, jwk.ToJwkString() ).ConfigureAwait(false); return(new Tuple <TokenResponse, RsaSecurityKey>(tokenResult, popKey)); } else { //-- Code request. _logger.LogTrace("Sending request"); var tokenResult = await client.RequestAuthorizationCodeAsync( code, state.RedirectUri, state.CodeVerifier ).ConfigureAwait(false); return(new Tuple <TokenResponse, RsaSecurityKey>(tokenResult, null)); } }
public AuthorizeState CreateAuthorizeState(Task <Microsoft.IdentityModel.Tokens.RsaSecurityKey> pregeneratedPoPKeyTask = null, object extraParameters = null) { _logger.LogTrace("CreateAuthorizeStateAsync"); var pkce = _crypto.CreatePkceData(); var state = new AuthorizeState { Nonce = _crypto.CreateNonce(), State = _crypto.CreateState(), RedirectUri = _options.RedirectUri, CodeVerifier = pkce.CodeVerifier, PopTokenGenerationTask = _options.RequestPopTokens ? pregeneratedPoPKeyTask ?? PopTokenExtensions.CreateProviderForPopTokenAsync() : null }; state.StartUrl = CreateUrl(state.State, state.Nonce, pkce.CodeChallenge, extraParameters); _logger.LogDebug(LogSerializer.Serialize(state)); return(state); }