Example #1
0
        private void ValidateRefreshTokenGrant(ValidatedRequest validatedRequest, TokenRequest request)
        {
            if (_handleManager == null)
            {
                throw new ArgumentNullException("HandleManager");
            }

            if (!validatedRequest.Client.AllowRefreshToken)
            {
                throw new TokenRequestValidationException(
                          "Refresh tokens not allowed for client",
                          OAuthConstants.Errors.UnauthorizedClient);
            }

            // check for refresh token
            if (string.IsNullOrWhiteSpace(request.Refresh_Token))
            {
                throw new TokenRequestValidationException(
                          "Missing refresh token",
                          OAuthConstants.Errors.InvalidGrant);
            }

            validatedRequest.RefreshToken = request.Refresh_Token;
            Tracing.Information("Refresh token: " + validatedRequest.RefreshToken);

            // check for refresh token in datastore
            var handle = _handleManager.Get(validatedRequest.RefreshToken);

            if (handle == null)
            {
                throw new TokenRequestValidationException(
                          "Refresh token not found: " + validatedRequest.RefreshToken,
                          OAuthConstants.Errors.InvalidGrant);
            }

            validatedRequest.StoredGrant = handle;
            Tracing.Information("Token handle found: " + handle.GrantId);

            // make sure the refresh token has an expiration time
            if (validatedRequest.StoredGrant.Expiration == null)
            {
                throw new TokenRequestValidationException(
                          "No expiration time set for refresh token. That's not allowed.",
                          OAuthConstants.Errors.InvalidGrant);
            }

            // make sure refresh token has not expired
            if (DateTime.UtcNow > validatedRequest.StoredGrant.Expiration)
            {
                throw new TokenRequestValidationException(
                          "Refresh token expired.",
                          OAuthConstants.Errors.InvalidGrant);
            }

            // check the client binding
            if (handle.Client.ClientId != validatedRequest.Client.ClientId)
            {
                throw new TokenRequestValidationException(
                          string.Format("Client {0} is trying to refresh token from {1}.", validatedRequest.Client.ClientId, handle.Client.ClientId),
                          OAuthConstants.Errors.InvalidGrant);
            }
        }