private void ValidateRefreshTokenGrant(ValidatedRequest validatedRequest, TokenRequest request)
{
if (_handleManager == null)
{
throw new ArgumentNullException("HandleManager");
}
if (!validatedRequest.Client.AllowRefreshToken)
{
throw new TokenRequestValidationException(
"Refresh tokens not allowed for client",
OAuthConstants.Errors.UnauthorizedClient);
}
// check for refresh token
if (string.IsNullOrWhiteSpace(request.Refresh_Token))
{
throw new TokenRequestValidationException(
"Missing refresh token",
OAuthConstants.Errors.InvalidGrant);
}
validatedRequest.RefreshToken = request.Refresh_Token;
Tracing.Information("Refresh token: " + validatedRequest.RefreshToken);
// check for refresh token in datastore
var handle = _handleManager.Get(validatedRequest.RefreshToken);
if (handle == null)
{
throw new TokenRequestValidationException(
"Refresh token not found: " + validatedRequest.RefreshToken,
OAuthConstants.Errors.InvalidGrant);
}
validatedRequest.StoredGrant = handle;
Tracing.Information("Token handle found: " + handle.GrantId);
// make sure the refresh token has an expiration time
if (validatedRequest.StoredGrant.Expiration == null)
{
throw new TokenRequestValidationException(
"No expiration time set for refresh token. That's not allowed.",
OAuthConstants.Errors.InvalidGrant);
}
// make sure refresh token has not expired
if (DateTime.UtcNow > validatedRequest.StoredGrant.Expiration)
{
throw new TokenRequestValidationException(
"Refresh token expired.",
OAuthConstants.Errors.InvalidGrant);
}
// check the client binding
if (handle.Client.ClientId != validatedRequest.Client.ClientId)
{
throw new TokenRequestValidationException(
string.Format("Client {0} is trying to refresh token from {1}.", validatedRequest.Client.ClientId, handle.Client.ClientId),
OAuthConstants.Errors.InvalidGrant);
}
}