public async Task <IHttpActionResult> ExchangeToken(OAuthTokenExchangeRequest request)
{
if (request.Grant_type != "client_credentials")
{
return(BadRequest($"grant_type ({request.Grant_type}) not supported"));
}
bool token_signed = false;
string access_token = string.Empty;
if (request.Service == "facebook" && !string.IsNullOrEmpty(request.Code))
{
access_token = ValidateSignatureOther(request.Code, request.Service);
token_signed = !string.IsNullOrEmpty(access_token);
}
else
{
token_signed = ValidateSignatureJwt(request.Id_token, request.Service);
}
if (!token_signed)
{
return(Unauthorized());
}
PersonIdentityModel person = null;
if (!string.IsNullOrEmpty(access_token))
{
person = await GetPersonInformationByService(access_token, request.Service);
}
else
{
person = await ValidateJwt(request.Id_token, request.Service);
}
if (person == null)
{
return(Unauthorized());
}
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config.GetSetting("Jwt:Key")));
var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var expiresInMinutes = Convert.ToInt32(_config.GetSetting("Jwt:ExpiresInMinutes"));
var token = new JwtSecurityToken(
_config.GetSetting("Jwt:Issuer"),
_config.GetSetting("Jwt:Audience"),
expires: DateTime.Now.AddMinutes(expiresInMinutes),
claims: GetClaims(person),
signingCredentials: creds
);
var model = new OAuthResponse
{
Access_token = await Task.Run(() => new JwtSecurityTokenHandler().WriteToken(token)),
Expires_in = expiresInMinutes * 60,
Token_type = "Bearer"
};
return(Ok(model));
}
