Example #1
0
        public Token Authorize(IOAuthRequest request)
        {
            _logger.Debug("Authorizing refresh token request");

            if (request.ContentType != ContentType.FormEncoded)
            {
                throw new OAuthException(ErrorCode.InvalidRequest, "Invalid content type.");
            }

            //Make sure consumer is valid
            var consumer = _consumerRepository.GetByClientId(request.ClientId);

            if (consumer == null)
            {
                throw new OAuthException(ErrorCode.InvalidClient, "Client credentials are invalid");
            }

            if (consumer.Secret != request.ClientSecret)
            {
                throw new OAuthException(ErrorCode.InvalidClient, "User credentials are invalid");
            }

            var refreshToken = request.RefreshToken;

            if (string.IsNullOrWhiteSpace(refreshToken))
            {
                throw new OAuthException(ErrorCode.InvalidRequest, "Refresh token is invalid");
            }

            var tokenData = _issuer.DecodeRefreshToken(refreshToken);

            if (tokenData.ConsumerId != consumer.ConsumerId)
            {
                throw new OAuthException(ErrorCode.UnauthorizedClient, "Refresh token is invalid");
            }

            if (!_resourceOwnerRepository.IsConsumerApproved(tokenData.ResourceOwnerId, tokenData.ConsumerId))
            {
                throw new OAuthException(ErrorCode.UnauthorizedClient, "Unauthorized access");
            }

            var newTokenData = new TokenData
            {
                ConsumerId      = consumer.ConsumerId,
                ResourceOwnerId = tokenData.ResourceOwnerId,
                Timestamp       = DateTimeOffset.UtcNow.DateTime.Ticks
            };

            return(new Token
            {
                AccessToken = _issuer.GenerateAccessToken(newTokenData),
                ExpiresIn = _configuration.AccessTokenExpirationLength,
                RefreshToken = _issuer.GenerateRefreshToken(newTokenData)
            });
        }
Example #2
0
        public Token Authorize(Request.IOAuthRequest request)
        {
            _logger.Debug("Authorizing authorization code request");

            var grantType = request.GrantType;

            if (!grantType.HasValue())
            {
                throw new OAuthException(ErrorCode.InvalidRequest, "Parameter grant_type is missing");
            }

            if (request.GrantType != GrantType.AuthorizationCode)
            {
                throw new OAuthException(ErrorCode.InvalidGrant, "The specified grant_type is not supported");
            }

            var code = request.AuthorizationCode;

            if (!code.HasValue())
            {
                throw new OAuthException(ErrorCode.InvalidRequest, "Parameter code is missing");
            }

            var tokenData = _issuer.DecodeAuthorizationToken(code);

            if ((DateTime.UtcNow - new DateTime(tokenData.Timestamp, DateTimeKind.Utc)).TotalSeconds > _configuration.AuthorizationTokenExpirationLength)
            {
                throw new OAuthException(ErrorCode.InvalidRequest, "Authorization code has expired");
            }

            if (tokenData.RedirectUri != request.RedirectUri)
            {
                throw new OAuthException(ErrorCode.InvalidRequest, "The specified redirect_uri is invalid");
            }

            var newTokenData = new TokenData
            {
                ConsumerId      = tokenData.ConsumerId,
                ResourceOwnerId = tokenData.ResourceOwnerId,
                Timestamp       = DateTime.UtcNow.Ticks
            };

            return(new Token
            {
                AccessToken = _issuer.GenerateAccessToken(newTokenData),
                ExpiresIn = _configuration.AccessTokenExpirationLength,
                RefreshToken = _issuer.GenerateRefreshToken(newTokenData),
                RedirectsUri = request.RedirectUri
            });
        }