public Task<ValidationResult> ValidateTokenRequestAsync(ValidatedTokenRequest request)
{
return Task.FromResult(new ValidationResult
{
IsError = false
});
}
private async Task<TokenResponse> ProcessAuthorizationCodeRequestAsync(ValidatedTokenRequest request)
{
Logger.Info("Processing authorization code request");
//////////////////////////
// access token
/////////////////////////
var accessToken = await CreateAccessTokenAsync(request);
var response = new TokenResponse
{
AccessToken = accessToken.Item1,
AccessTokenLifetime = request.Client.AccessTokenLifetime
};
//////////////////////////
// refresh token
/////////////////////////
if (accessToken.Item2.IsPresent())
{
response.RefreshToken = accessToken.Item2;
}
//////////////////////////
// id token
/////////////////////////
if (request.AuthorizationCode.IsOpenId)
{
var idToken = await _tokenService.CreateIdentityTokenAsync(request.AuthorizationCode.Subject, request.AuthorizationCode.Client, request.AuthorizationCode.RequestedScopes, false, request.Raw);
var jwt = await _tokenService.CreateSecurityTokenAsync(idToken);
response.IdentityToken = jwt;
}
return response;
}
private async Task <Tuple <string, string> > CreateAccessTokenAsync(ValidatedTokenRequest request)
{
Token accessToken;
bool createRefreshToken;
if (request.AuthorizationCode != null)
{
createRefreshToken = request.AuthorizationCode.RequestedScopes.Select(s => s.Name).Contains(Constants.StandardScopes.OfflineAccess);
accessToken = await _tokenService.CreateAccessTokenAsync(request.AuthorizationCode.Subject, request.AuthorizationCode.Client, request.AuthorizationCode.RequestedScopes, request.Raw);
}
else
{
createRefreshToken = request.ValidatedScopes.ContainsOfflineAccessScope;
accessToken = await _tokenService.CreateAccessTokenAsync(request.Subject, request.Client, request.ValidatedScopes.GrantedScopes, request.Raw);
}
string refreshToken = "";
if (createRefreshToken)
{
refreshToken = await _refreshTokenService.CreateRefreshTokenAsync(accessToken, request.Client);
}
var securityToken = await _tokenService.CreateSecurityTokenAsync(accessToken);
return(Tuple.Create(securityToken, refreshToken));
}
public async Task <ValidationResult> ValidateRequestAsync(NameValueCollection parameters, Client client)
{
Logger.Info("Starting request validation");
_validatedRequest = new ValidatedTokenRequest();
if (client == null)
{
throw new ArgumentNullException("client");
}
if (parameters == null)
{
throw new ArgumentNullException("parameters");
}
_validatedRequest.Raw = parameters;
_validatedRequest.Client = client;
_validatedRequest.Options = _options;
/////////////////////////////////////////////
// check grant type
/////////////////////////////////////////////
var grantType = parameters.Get(Constants.TokenRequest.GrantType);
if (grantType.IsMissing())
{
Logger.Error("Grant type is missing.");
return(Invalid(Constants.TokenErrors.UnsupportedGrantType));
}
Logger.InfoFormat("Grant type: {0}", grantType);
_validatedRequest.GrantType = grantType;
switch (grantType)
{
case Constants.GrantTypes.AuthorizationCode:
return(await RunValidationAsync(ValidateAuthorizationCodeRequestAsync, parameters));
case Constants.GrantTypes.ClientCredentials:
return(await RunValidationAsync(ValidateClientCredentialsRequestAsync, parameters));
case Constants.GrantTypes.Password:
return(await RunValidationAsync(ValidateResourceOwnerCredentialRequestAsync, parameters));
case Constants.GrantTypes.RefreshToken:
return(await RunValidationAsync(ValidateRefreshTokenRequestAsync, parameters));
}
if (parameters.Get(Constants.TokenRequest.Assertion).IsPresent())
{
return(await RunValidationAsync(ValidateAssertionRequestAsync, parameters));
}
Logger.ErrorFormat("Unsupported grant_type: {0}", grantType);
return(Invalid(Constants.TokenErrors.UnsupportedGrantType));
}
public Task<ClaimsPrincipal> ValidateAsync(ValidatedTokenRequest request)
{
if (request.GrantType == "assertionType" && request.Assertion == "assertion")
{
return Task.FromResult(Principal.Create("Assertion", new Claim("sub", "bob")));
};
return Task.FromResult<ClaimsPrincipal>(null);
}
private async Task<TokenResponse> ProcessTokenRequestAsync(ValidatedTokenRequest request)
{
var response = new TokenResponse
{
AccessToken = await CreateAccessTokenAsync(request),
AccessTokenLifetime = request.Client.AccessTokenLifetime
};
return response;
}
private async Task <TokenResponse> ProcessTokenRequestAsync(ValidatedTokenRequest request)
{
var response = new TokenResponse
{
AccessToken = await CreateAccessTokenAsync(request),
AccessTokenLifetime = request.Client.AccessTokenLifetime
};
return(response);
}
public async Task<ValidationResult> ValidateRequestAsync(NameValueCollection parameters, Client client)
{
Logger.Info("Starting request validation");
_validatedRequest = new ValidatedTokenRequest();
if (client == null)
{
throw new ArgumentNullException("client");
}
if (parameters == null)
{
throw new ArgumentNullException("parameters");
}
_validatedRequest.Raw = parameters;
_validatedRequest.Client = client;
_validatedRequest.Settings = _settings;
/////////////////////////////////////////////
// check grant type
/////////////////////////////////////////////
var grantType = parameters.Get(Constants.TokenRequest.GrantType);
if (grantType.IsMissing())
{
Logger.Error("Grant type is missing.");
return Invalid(Constants.TokenErrors.UnsupportedGrantType);
}
Logger.InfoFormat("Grant type: {0}", grantType);
_validatedRequest.GrantType = grantType;
switch (grantType)
{
case Constants.GrantTypes.AuthorizationCode:
return await RunValidationAsync(ValidateAuthorizationCodeRequestAsync, parameters);
case Constants.GrantTypes.ClientCredentials:
return await RunValidationAsync(ValidateClientCredentialsRequestAsync, parameters);
case Constants.GrantTypes.Password:
return await RunValidationAsync(ValidateResourceOwnerCredentialRequestAsync, parameters);
case Constants.GrantTypes.RefreshToken:
return await RunValidationAsync(ValidateRefreshTokenRequestAsync, parameters);
}
if (parameters.Get(Constants.TokenRequest.Assertion).IsPresent())
{
return await RunValidationAsync(ValidateAssertionRequestAsync, parameters);
}
Logger.ErrorFormat("Unsupported grant_type: {0}", grantType);
return Invalid(Constants.TokenErrors.UnsupportedGrantType);
}
public async Task<TokenResponse> ProcessAsync(ValidatedTokenRequest request)
{
if (request.GrantType == Constants.GrantTypes.AuthorizationCode)
{
return await ProcessAuthorizationCodeRequestAsync(request);
}
else if (request.GrantType == Constants.GrantTypes.ClientCredentials ||
request.GrantType == Constants.GrantTypes.Password)
{
return await ProcessTokenRequestAsync(request);
}
throw new InvalidOperationException("Unknown grant type.");
}
private async Task<string> CreateAccessTokenAsync(ValidatedTokenRequest request)
{
Token accessToken;
if (request.AuthorizationCode != null)
{
accessToken = await _tokenService.CreateAccessTokenAsync(request.AuthorizationCode.Subject, request.AuthorizationCode.Client, request.AuthorizationCode.RequestedScopes, request.Raw);
}
else
{
accessToken = await _tokenService.CreateAccessTokenAsync(request.Subject, request.Client, request.ValidatedScopes.GrantedScopes, request.Raw);
}
return await _tokenService.CreateSecurityTokenAsync(accessToken);
}
public async Task <TokenResponse> ProcessAsync(ValidatedTokenRequest request)
{
if (request.GrantType == Constants.GrantTypes.AuthorizationCode)
{
return(await ProcessAuthorizationCodeRequestAsync(request));
}
else if (request.GrantType == Constants.GrantTypes.ClientCredentials ||
request.GrantType == Constants.GrantTypes.Password)
{
return(await ProcessTokenRequestAsync(request));
}
throw new InvalidOperationException("Unknown grant type.");
}
private async Task <string> CreateAccessTokenAsync(ValidatedTokenRequest request)
{
Token accessToken;
if (request.AuthorizationCode != null)
{
accessToken = await _tokenService.CreateAccessTokenAsync(request.AuthorizationCode.Subject, request.AuthorizationCode.Client, request.AuthorizationCode.RequestedScopes, request.Raw);
}
else
{
accessToken = await _tokenService.CreateAccessTokenAsync(request.Subject, request.Client, request.ValidatedScopes.GrantedScopes, request.Raw);
}
return(await _tokenService.CreateSecurityTokenAsync(accessToken));
}
public async Task <TokenResponse> ProcessAsync(ValidatedTokenRequest request)
{
Logger.Info("Creating token response");
if (request.GrantType == Constants.GrantTypes.AuthorizationCode)
{
return(await ProcessAuthorizationCodeRequestAsync(request));
}
else if (request.GrantType == Constants.GrantTypes.ClientCredentials ||
request.GrantType == Constants.GrantTypes.Password ||
request.Assertion.IsPresent())
{
return(await ProcessTokenRequestAsync(request));
}
throw new InvalidOperationException("Unknown grant type.");
}
public async Task<TokenResponse> ProcessAsync(ValidatedTokenRequest request)
{
Logger.Info("Creating token response");
if (request.GrantType == Constants.GrantTypes.AuthorizationCode)
{
return await ProcessAuthorizationCodeRequestAsync(request);
}
else if (request.GrantType == Constants.GrantTypes.ClientCredentials ||
request.GrantType == Constants.GrantTypes.Password ||
request.Assertion.IsPresent())
{
return await ProcessTokenRequestAsync(request);
}
throw new InvalidOperationException("Unknown grant type.");
}
private async Task<TokenResponse> ProcessAuthorizationCodeRequestAsync(ValidatedTokenRequest request)
{
var response = new TokenResponse
{
AccessToken = await CreateAccessTokenAsync(request),
AccessTokenLifetime = request.Client.AccessTokenLifetime
};
if (request.AuthorizationCode.IsOpenId)
{
var idToken = await _tokenService.CreateIdentityTokenAsync(request.AuthorizationCode.Subject, request.AuthorizationCode.Client, request.AuthorizationCode.RequestedScopes, false, request.Raw);
var jwt = await _tokenService.CreateSecurityTokenAsync(idToken);
response.IdentityToken = jwt;
}
return response;
}
private async Task <TokenResponse> ProcessAuthorizationCodeRequestAsync(ValidatedTokenRequest request)
{
Logger.Info("Processing authorization code request");
//////////////////////////
// access token
/////////////////////////
var accessToken = await CreateAccessTokenAsync(request);
var response = new TokenResponse
{
AccessToken = accessToken.Item1,
AccessTokenLifetime = request.Client.AccessTokenLifetime
};
//////////////////////////
// refresh token
/////////////////////////
if (accessToken.Item2.IsPresent())
{
response.RefreshToken = accessToken.Item2;
}
//////////////////////////
// id token
/////////////////////////
if (request.AuthorizationCode.IsOpenId)
{
var tokenRequest = new TokenCreationRequest
{
Subject = request.AuthorizationCode.Subject,
Client = request.AuthorizationCode.Client,
Scopes = request.AuthorizationCode.RequestedScopes,
ValidatedRequest = request
};
var idToken = await _tokenService.CreateIdentityTokenAsync(tokenRequest);
var jwt = await _tokenService.CreateSecurityTokenAsync(idToken);
response.IdentityToken = jwt;
}
return(response);
}
public async Task <TokenResponse> ProcessAsync(ValidatedTokenRequest request)
{
Logger.Info("Creating token response");
if (request.GrantType == Constants.GrantTypes.AuthorizationCode)
{
return(await ProcessAuthorizationCodeRequestAsync(request));
}
if (request.GrantType == Constants.GrantTypes.RefreshToken)
{
return(await ProcessRefreshTokenRequestAsync(request));
}
return(await ProcessTokenRequestAsync(request));
throw new InvalidOperationException("Unknown grant type.");
}
private async Task <TokenResponse> ProcessTokenRequestAsync(ValidatedTokenRequest request)
{
Logger.Info("Processing token request");
var accessToken = await CreateAccessTokenAsync(request);
var response = new TokenResponse
{
AccessToken = accessToken.Item1,
AccessTokenLifetime = request.Client.AccessTokenLifetime
};
if (accessToken.Item2.IsPresent())
{
response.RefreshToken = accessToken.Item2;
}
return(response);
}
private async Task <TokenResponse> ProcessAuthorizationCodeRequestAsync(ValidatedTokenRequest request)
{
var response = new TokenResponse
{
AccessToken = await CreateAccessTokenAsync(request),
AccessTokenLifetime = request.Client.AccessTokenLifetime
};
if (request.AuthorizationCode.IsOpenId)
{
var idToken = await _tokenService.CreateIdentityTokenAsync(request.AuthorizationCode.Subject, request.AuthorizationCode.Client, request.AuthorizationCode.RequestedScopes, false, request.Raw);
var jwt = await _tokenService.CreateSecurityTokenAsync(idToken);
response.IdentityToken = jwt;
}
return(response);
}
private async Task <TokenResponse> ProcessRefreshTokenRequestAsync(ValidatedTokenRequest request)
{
Logger.Info("Processing refresh token request");
var oldAccessToken = request.RefreshToken.AccessToken;
oldAccessToken.CreationTime = DateTime.UtcNow;
oldAccessToken.Lifetime = request.Client.AccessTokenLifetime;
var newAccessToken = await _tokenService.CreateSecurityTokenAsync(oldAccessToken);
var handle = await _refreshTokenService.UpdateRefreshTokenAsync(request.RefreshToken, request.Client);
return(new TokenResponse
{
AccessToken = newAccessToken,
AccessTokenLifetime = request.Client.AccessTokenLifetime,
RefreshToken = handle
});
}
public Task<ClaimsPrincipal> ValidateAsync(ValidatedTokenRequest request, IUserService users)
{
return Task.FromResult<ClaimsPrincipal>(null);
}
private async Task<TokenResponse> ProcessTokenRequestAsync(ValidatedTokenRequest request)
{
Logger.Info("Processing token request");
var accessToken = await CreateAccessTokenAsync(request);
var response = new TokenResponse
{
AccessToken = accessToken.Item1,
AccessTokenLifetime = request.Client.AccessTokenLifetime
};
if (accessToken.Item2.IsPresent())
{
response.RefreshToken = accessToken.Item2;
}
return response;
}
private async Task<Tuple<string, string>> CreateAccessTokenAsync(ValidatedTokenRequest request)
{
Token accessToken;
bool createRefreshToken;
if (request.AuthorizationCode != null)
{
createRefreshToken = request.AuthorizationCode.RequestedScopes.Select(s => s.Name).Contains(Constants.StandardScopes.OfflineAccess);
accessToken = await _tokenService.CreateAccessTokenAsync(request.AuthorizationCode.Subject, request.AuthorizationCode.Client, request.AuthorizationCode.RequestedScopes, request.Raw);
}
else
{
createRefreshToken = request.ValidatedScopes.ContainsOfflineAccessScope;
accessToken = await _tokenService.CreateAccessTokenAsync(request.Subject, request.Client, request.ValidatedScopes.GrantedScopes, request.Raw);
}
string refreshToken = "";
if (createRefreshToken)
{
refreshToken = await _refreshTokenService.CreateRefreshTokenAsync(accessToken, request.Client);
}
var securityToken = await _tokenService.CreateSecurityTokenAsync(accessToken);
return Tuple.Create(securityToken, refreshToken);
}
private async Task<TokenResponse> ProcessRefreshTokenRequestAsync(ValidatedTokenRequest request)
{
Logger.Info("Processing refresh token request");
var oldAccessToken = request.RefreshToken.AccessToken;
oldAccessToken.CreationTime = DateTime.UtcNow;
oldAccessToken.Lifetime = request.Client.AccessTokenLifetime;
var newAccessToken = await _tokenService.CreateSecurityTokenAsync(oldAccessToken);
var handle = await _refreshTokenService.UpdateRefreshTokenAsync(request.RefreshToken, request.Client);
return new TokenResponse
{
AccessToken = newAccessToken,
AccessTokenLifetime = request.Client.AccessTokenLifetime,
RefreshToken = handle
};
}
