public static RefreshTokenModel RefreshToken(string refresh_token, AccessTokenParams param)
{
//get required info to update db table
connection = new MySqlConnection(connectionString);
connection.Open();
MySqlCommand accessInfo = new MySqlCommand("SELECT * FROM `oauth2`.`access_tokens` where refresh_token = @refresh_token AND client_id = @client_id;", connection);
accessInfo.Parameters.Add("@refresh_token", MySqlDbType.VarChar).Value = refresh_token;
accessInfo.Parameters.Add("@client_id", MySqlDbType.VarChar).Value = param.client_id;
MySqlDataReader reader = accessInfo.ExecuteReader();
reader.Read();
string access_token = (string)reader["access_token"];
DateTime timestamp = (DateTime)reader["timestamp"];
DateTime now = DateTime.Now;
TimeSpan span = now.Subtract(timestamp);
if (span.Hours >= 1)
{
char[] accessToken = new char[151];
Random rand = new Random();
for (int i = 0; i < 151; ++i)
{
int charAsNum = rand.Next(45, 122);
while (charAsNum >= 58 && charAsNum <= 64 || charAsNum >= 91 && charAsNum <= 94 || charAsNum == 96 || charAsNum >= 46 && charAsNum <= 47)
{
charAsNum = rand.Next(48, 122);
}
accessToken[i] = (char)charAsNum;
}
reader.Close();
MySqlCommand updateAccessToken = new MySqlCommand("UPDATE oauth2.access_tokens SET access_token = @access_token, timestamp = CURRENT_TIMESTAMP WHERE client_id = @client_id AND refresh_token = @refresh_token;", connection);
updateAccessToken.Parameters.Add("@access_token", MySqlDbType.VarChar).Value = new string(accessToken);
updateAccessToken.Parameters.Add("@client_id", MySqlDbType.VarChar).Value = param.client_id;
updateAccessToken.Parameters.Add("@refresh_token", MySqlDbType.VarChar).Value = refresh_token;
updateAccessToken.ExecuteNonQuery();
connection.Close();
RefreshTokenModel token = new RefreshTokenModel();
token.access_token = new string(accessToken);
token.expires_id = 3600;
token.scope = "";
token.token_type = "Bearer";
return(token);
}
else
{
RefreshTokenModel token = new RefreshTokenModel();
token.access_token = access_token;
token.expires_id = 3600;
token.scope = "";
token.token_type = "Bearer";
return(token);
}
}
public static string ValidateAccessParams(AccessTokenParams param, string authorization)
{
string client_id;
string client_secret;
if (authorization == null)
{
if (param.client_id == null || param.client_secret == null)
{
return("Missing client");
}
else
{
client_id = param.client_id;
client_secret = param.client_secret;
}
}
else
{
authorization = authorization.Substring(6);
byte[] data = Convert.FromBase64String(authorization);
string[] decodedAuth = Encoding.UTF8.GetString(data).Split(':');
client_id = decodedAuth[0];
client_secret = decodedAuth[1];
param.client_id = client_id;
param.client_secret = client_secret;
}
//Validate client id and client_secret
connection = new MySqlConnection(connectionString);
connection.Open();
//check client_id and client_secret
MySqlCommand clientId_SecretCheck = new MySqlCommand("SELECT * FROM `oauth2`.`client_info` WHERE client_id = @client_id AND client_secret = @client_secret", connection);
clientId_SecretCheck.Parameters.Add("@client_id", MySqlDbType.VarChar).Value = client_id;
clientId_SecretCheck.Parameters.Add("@client_secret", MySqlDbType.VarChar).Value = client_secret;
MySqlDataReader reader = clientId_SecretCheck.ExecuteReader();
reader.Read();
if (!reader.HasRows)
{
reader.Close();
connection.Close();
return("Illegal client");
}
reader.Close();
if (param.grant_type == null)
{
return("Missing grant_type");
}
else if (param.grant_type.Equals("refresh_token"))
{
if (param.refresh_token == null)
{
return("Missing refresh_token");
}
//validate refreshtoken
MySqlCommand checkRefreshToken = new MySqlCommand("SELECT * FROM `oauth2`.`access_tokens` WHERE client_id = @client_id AND refresh_token = @refresh_token", connection);
checkRefreshToken.Parameters.Add("@client_id", MySqlDbType.VarChar).Value = client_id;
checkRefreshToken.Parameters.Add("@refresh_token", MySqlDbType.VarChar).Value = param.refresh_token;
reader = checkRefreshToken.ExecuteReader();
reader.Read();
if (!reader.HasRows)
{
return("Illegal refresh_token");
}
return("Refresh");
}
else if (param.grant_type.Equals("authorization_code"))
{
if (param.code == null)
{
return("Missing code");
}
if (param.redirect_uri == null)
{
return("Missing redirect_uri");
}
//Validate to database
//Check valid request code
MySqlCommand checkCode = new MySqlCommand("SELECT * FROM `oauth2`.`request_tokens` WHERE client_id = @client_id AND request_token = @request_token;", connection);
checkCode.Parameters.Add("@client_id", MySqlDbType.VarChar).Value = client_id;
checkCode.Parameters.Add("@request_token", MySqlDbType.VarChar).Value = param.code;
reader = checkCode.ExecuteReader();
reader.Read();
if (!reader.HasRows)
{
reader.Close();
connection.Close();
return("Illegal code");
}
reader.Close();
//Check valid redirect uri
MySqlCommand checkRedirect = new MySqlCommand("SELECT * FROM `oauth2`.`redirect_urls` WHERE client_id = @client_id AND redirect_uri = @redirect_uri", connection);
checkRedirect.Parameters.Add("@client_id", MySqlDbType.VarChar).Value = client_id;
checkRedirect.Parameters.Add("@redirect_uri", MySqlDbType.VarChar).Value = param.redirect_uri;
reader = checkRedirect.ExecuteReader();
reader.Read();
if (!reader.HasRows)
{
reader.Close();
connection.Close();
return("Illegal redirect_uri");
}
reader.Close();
connection.Close();
return("Access");
}
else if (!param.grant_type.Equals("refresh_token") || !param.grant_type.Equals("access_token"))
{
return("Illegal grant_type");
}
return("Valid");
}
