Example #1
0
        public override Task DeserializeRefreshToken(DeserializeRefreshTokenContext context)
        {
            _authService = (IAuthService)context.HttpContext.RequestServices.GetService(typeof(IAuthService));
            var refreshToken = _authService.FindRefreshToken(context.RefreshToken);

            if (refreshToken != null)
            {
                var result = _authService.RemoveRefreshToken(refreshToken.Id);
                //Get protectedTicket from refreshToken class

                context.Ticket = context.DataFormat.Unprotect(refreshToken.ProtectedTicket);
            }

            return(Task.FromResult <object>(null));
        }
Example #2
0
        public override async Task DeserializeRefreshToken([NotNull] DeserializeRefreshTokenContext context)
        {
            var options = (OpenIddictOptions)context.Options;

            if (options.DisableTokenRevocation)
            {
                return;
            }

            context.Ticket = await ReceiveTokenAsync(
                OpenIdConnectConstants.TokenUsages.RefreshToken,
                context.RefreshToken, options,
                context.Request, context.DataFormat);

            // Prevent the OpenID Connect server middleware from using its default logic.
            context.HandleDeserialization();
        }
Example #3
0
        public override async Task DeserializeRefreshToken([NotNull] DeserializeRefreshTokenContext context)
        {
            var options = (OpenIddictOptions)context.Options;

            if (!options.UseReferenceTokens)
            {
                return;
            }

            context.Ticket = await ReceiveTokenAsync(
                context.RefreshToken, options, context.HttpContext,
                context.Request, context.DataFormat);

            // Prevent the OpenID Connect server middleware from using
            // its default logic to deserialize the reference token.
            context.HandleDeserialization();
        }
        protected override async Task <AuthenticationTicket> AuthenticateCoreAsync()
        {
            var transaction = Context.Get <OpenIddictServerTransaction>(typeof(OpenIddictServerTransaction).FullName);

            if (transaction?.Request == null)
            {
                throw new InvalidOperationException("An identity cannot be extracted from this request.");
            }

            switch (transaction.EndpointType)
            {
            case OpenIddictServerEndpointType.Authorization:
            case OpenIddictServerEndpointType.Logout:
            {
                if (string.IsNullOrEmpty(transaction.Request.IdTokenHint))
                {
                    return(null);
                }

                var notification = new DeserializeIdentityTokenContext(transaction)
                {
                    Token = transaction.Request.IdTokenHint
                };

                await _provider.DispatchAsync(notification);

                if (!notification.IsHandled)
                {
                    throw new InvalidOperationException(new StringBuilder()
                                                        .Append("The identity token was not correctly processed. This may indicate ")
                                                        .Append("that the event handler responsible of validating identity tokens ")
                                                        .Append("was not registered or was explicitly removed from the handlers list.")
                                                        .ToString());
                }

                if (notification.Principal == null)
                {
                    _logger.LogWarning("The identity token extracted from the 'id_token_hint' " +
                                       "parameter was invalid or malformed and was ignored.");

                    return(null);
                }

                // Tickets are returned even if they are considered invalid (e.g expired).

                return(new AuthenticationTicket((ClaimsIdentity)notification.Principal.Identity, new AuthenticationProperties()));
            }

            case OpenIddictServerEndpointType.Token when transaction.Request.IsAuthorizationCodeGrantType():
            {
                // Note: this method can be called from the ApplyTokenResponse event,
                // which may be invoked for a missing authorization code/refresh token.
                if (string.IsNullOrEmpty(transaction.Request.Code))
                {
                    return(null);
                }

                var notification = new DeserializeAuthorizationCodeContext(transaction)
                {
                    Token = transaction.Request.Code
                };

                await _provider.DispatchAsync(notification);

                if (!notification.IsHandled)
                {
                    throw new InvalidOperationException(new StringBuilder()
                                                        .Append("The authorization code was not correctly processed. This may indicate ")
                                                        .Append("that the event handler responsible of validating authorization codes ")
                                                        .Append("was not registered or was explicitly removed from the handlers list.")
                                                        .ToString());
                }

                if (notification.Principal == null)
                {
                    _logger.LogWarning("The authorization code extracted from the token request was invalid and was ignored.");

                    return(null);
                }

                // Tickets are returned even if they are considered invalid (e.g expired).

                return(new AuthenticationTicket((ClaimsIdentity)notification.Principal.Identity, new AuthenticationProperties()));
            }

            case OpenIddictServerEndpointType.Token when transaction.Request.IsRefreshTokenGrantType():
            {
                if (string.IsNullOrEmpty(transaction.Request.RefreshToken))
                {
                    return(null);
                }

                var notification = new DeserializeRefreshTokenContext(transaction)
                {
                    Token = transaction.Request.RefreshToken
                };

                await _provider.DispatchAsync(notification);

                if (!notification.IsHandled)
                {
                    throw new InvalidOperationException(new StringBuilder()
                                                        .Append("The refresh token was not correctly processed. This may indicate ")
                                                        .Append("that the event handler responsible of validating refresh tokens ")
                                                        .Append("was not registered or was explicitly removed from the handlers list.")
                                                        .ToString());
                }

                if (notification.Principal == null)
                {
                    _logger.LogWarning("The refresh token extracted from the token request was invalid and was ignored.");

                    return(null);
                }

                // Tickets are returned even if they are considered invalid (e.g expired).

                return(new AuthenticationTicket((ClaimsIdentity)notification.Principal.Identity, new AuthenticationProperties()));
            }

            default: throw new InvalidOperationException("An identity cannot be extracted from this request.");
            }
        }
 public Task DeserializeRefreshToken(DeserializeRefreshTokenContext context)
 {
     throw new NotImplementedException();
 }