public string Protect(AuthenticationTicket data) { if (data == null) { throw new ArgumentNullException("data"); } string clientId = data.Properties.Dictionary.ContainsKey(clientPropertyKey) ? data.Properties.Dictionary[clientPropertyKey] : null; if (string.IsNullOrWhiteSpace(clientId)) { throw new InvalidOperationException("AuthenticationTicket.Properties does not include audience"); } Client audience = clientStore.FindClient(clientId).GetAwaiter().GetResult(); string symmetricKeyAsBase64 = audience.Secret; var keyByteArray = TextEncodings.Base64Url.Decode(symmetricKeyAsBase64); var signingKey = new HmacSigningCredentials(keyByteArray); var issued = data.Properties.IssuedUtc; var expires = data.Properties.ExpiresUtc; var token = new JwtSecurityToken(issuer, clientId, data.Identity.Claims, issued.Value.UtcDateTime, expires.Value.UtcDateTime, signingKey); var handler = new JwtSecurityTokenHandler(); var jwt = handler.WriteToken(token); return(jwt); }
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { string clientId = string.Empty; string clientSecret = string.Empty; string symmetricKeyAsBase64 = string.Empty; var client = default(Client); if (!context.TryGetBasicCredentials(out clientId, out clientSecret)) { context.TryGetFormCredentials(out clientId, out clientSecret); } if (context.ClientId == null) { context.SetError("invalid_clientId", "client_Id is not set"); return; } client = await clientStore.FindClient(context.ClientId); if (client == null) { context.SetError("invalid_clientId", string.Format("Client '{0}' is not registered in the system.", context.ClientId)); return; } if (!client.Active) { context.SetError("invalid_clientId", "Client is inactive."); return; } context.OwinContext.Set <string>("as:clientAllowedOrigin", client.AllowedOrigin); context.OwinContext.Set <string>("as:clientRefreshTokenLifeTime", client.RefreshTokenLifeTime.ToString()); context.Validated(); return; }