private async Task <IActionResult> RefreshToken(McTokenRequest model)
{
try
{
// check if the received refreshToken exists for the given clientId
var rt = DbContext.Tokens.FirstOrDefault(t => t.ClientId == model.client_id && t.Value == model.refresh_token);
if (rt == null)
{
// refresh token not found or invalid (or invalid clientId)
return(new UnauthorizedResult());
}
// check if there's an user with the refresh token's userId
var user = await UserManager.FindByIdAsync(rt.UserId);
if (user == null)
{
// UserId not found or invalid
return(new UnauthorizedResult());
}
if (await UserManager.IsLockedOutAsync(user))
{
// USer is no loner allowed to log in
return(new UnauthorizedResult());
}
// generate a new refresh token
var rtNew = CreateRefreshToken(rt.ClientId, rt.UserId);
// invalidate the old refresh token (by deleting it)
DbContext.Tokens.Remove(rt);
// add the new refresh token
DbContext.Tokens.Add(rtNew);
// persist changes in the DB
DbContext.SaveChanges();
// create a new access token...
var response = await CreateAccessToken(rtNew.UserId, rtNew.Value);
// ... and send it to the client
return(Json(response));
}
catch (Exception)
{
return(new UnauthorizedResult());
}
}
private async Task <IActionResult> GetToken(McTokenRequest model)
{
try
{
// check if there's an user with the given username
var user = await UserManager.FindByNameAsync(model.username);
// if this is not a username, it's probably an e-mail address
if (user == null && model.username.Contains("@"))
{
user = await UserManager.FindByEmailAsync(model.username);
}
if (user == null || !await UserManager.CheckPasswordAsync(user, model.password))
{
// user does not exists or password mismatch
return(new UnauthorizedResult());
}
if (await UserManager.GetLockoutEnabledAsync(user))
{
// User is locked out
return(new UnauthorizedResult());
}
// username & password matches: create the refresh token
var rt = CreateRefreshToken(model.client_id, user.Id);
// add the new refresh token to the DB
DbContext.Tokens.Add(rt);
DbContext.SaveChanges();
// create & return the access token
var t = await CreateAccessToken(user.Id, rt.Value);
return(Json(t));
}
catch (Exception)
{
return(new UnauthorizedResult());
}
}
public async Task <IActionResult> Auth([FromBody] McTokenRequest model)
{
// return a generic HTTP Status 500 (Server Error)
// if the client payload is invalid.
if (model == null)
{
return(new StatusCodeResult(500));
}
switch (model.grant_type)
{
case "password":
return(await GetToken(model));
case "refresh_token":
return(await RefreshToken(model));
default:
// not supported - return a HTTP 401 (Unauthorized)
return(new UnauthorizedResult());
}
}
