public override void Execute(IRequest request, IResponse response, object requestDto) { try { var cryptoKeyProvider = ServiceStackHost.Instance.Container.Resolve <ICryptoKeyProvider>(); ICryptoKeyPair authZServerKeys = cryptoKeyProvider.GetCryptoKey(CryptoKeyType.AuthZServer); ICryptoKeyPair apiServiceKeys = cryptoKeyProvider.GetCryptoKey(CryptoKeyType.ApiService); var tokenAnalyzer = new StandardAccessTokenAnalyzer(authZServerKeys.PublicSigningKey, apiServiceKeys.PrivateEncryptionKey); var resourceServer = new ResourceServer(tokenAnalyzer); // Verify the signed bearer token (for specified scopes), and extract the user's identity AccessToken token = resourceServer.GetAccessToken((HttpRequestBase)request.OriginalRequest, scopes); // Assign this user to the current HTTP context var user = new OAuthPrincipal(token.User, GetUserRoles(token)); ((HttpRequestBase)request.OriginalRequest).RequestContext.HttpContext.User = user; } catch (ProtocolFaultResponseException ex) { //TODO: if the token is invalid in some way (i.e. malformed) then return 400-BadRequest. // The token is either: expired or invalid or revoked, we need to return 401-Unauthorized response.AddHeader(HttpHeaders.WwwAuthenticate, @"Bearer"); throw HttpErrorThrower.Unauthorized(ex.Message); } }
public ExampleAuthorizationServer(ICryptoKeyStore cryptoKeyStore, ICryptoKeyPair authServerKeys, ICryptoKeyPair dataServerKeys, IOAuth2ClientStore clientStore, IUserStore userStore) { this.cryptoKeyStore = cryptoKeyStore; this.authServerKeys = authServerKeys; this.dataServerKeys = dataServerKeys; this.clientStore = clientStore; this.userStore = userStore; }
private const int TokenLifetimeInSeconds = 24 * 60 * 60; // 24 hours public GameApiOAuthServer(ICryptoKeyStore cryptoKeyStore, ICryptoKeyPair authServerKeys, ICryptoKeyPair dataServerKeys, IOAuth2ClientStore clientStore, Guid gameProviderId, int tokenLifetimeInSeconds = -1) { _cryptoKeyStore = cryptoKeyStore; _authServerKeys = authServerKeys; _dataServerKeys = dataServerKeys; _clientStore = clientStore; _gameProviderId = gameProviderId; _tokenLifetime = (tokenLifetimeInSeconds >= 0) ? tokenLifetimeInSeconds : TokenLifetimeInSeconds; }