public AuthParams ( OAuthGrantType grantType, ICollection <Scope> scopes, string clientId, string clientSecret = "", ITokenStorage storage = null, string username = "", string password = "" ) { if ((!string.IsNullOrEmpty(username) || !string.IsNullOrEmpty(password)) && storage == null) { throw new Exception("You must implemet storage for refresh token"); } if ((!string.IsNullOrEmpty(username) || !string.IsNullOrEmpty(password)) && grantType != OAuthGrantType.Password) { throw new Exception("You are using wrong grant type, use password"); } GrantType = grantType; Scopes = scopes; ClientId = clientId; ClientSecret = clientSecret; Username = username; Password = password; Storage = storage; }
/// <summary> /// This method deserialises the response from an access token request and returns /// an <see cref="Credentials"/>object which can be persisted to credential storage /// </summary> /// <param name="restResponse">The Rest Response containing the access tokens</param> /// <param name="grantType">The OAuth grant type used to get specific tokens</param> /// <remarks>The response object is a JSON blob similar to /// { /// "access_token":"VygNPcxVEG3...PSX", /// "refresh_token":"NzE...nwud", /// "id_token": "eyJ0...wAcQ", /// "expires_in":"3600", /// "token_type": "Bearer" /// } /// </remarks> private Credentials ExtractTokensFromResponse(IRestResponse restResponse, OAuthGrantType grantType) { Credentials credentials = null; string responseData = restResponse.Content; if (!String.IsNullOrWhiteSpace(responseData)) { ExchangeAuthorizationCodeResponse response = JsonConvert.DeserializeObject <ExchangeAuthorizationCodeResponse>(responseData); string userEmail = null; string userNickName = null; if (!string.IsNullOrEmpty(response.Id_Token)) { JwtSecurityToken token = new JwtSecurityToken(response.Id_Token); Claim nickname = token.Claims.FirstOrDefault(x => x.Type.Equals("nickname", StringComparison.InvariantCultureIgnoreCase)); Claim name = token.Claims.FirstOrDefault(x => x.Type.Equals("name", StringComparison.InvariantCultureIgnoreCase)); if (nickname != null) { userNickName = nickname.Value; } if (name != null) { userEmail = name.Value; } } credentials = new Credentials { AccessToken = response.Access_Token, UserNickName = userNickName, UserEmail = userEmail }; switch (grantType) { case OAuthGrantType.AuthorizationCode: credentials.RefreshToken = response.Refresh_Token; break; // If grant type is refresh_token, persist the current refresh_token (until it's revoked) case OAuthGrantType.RefreshToken: credentials.RefreshToken = myCredentials.RefreshToken; break; } } return(credentials); }
/// <summary> /// Creates a new <see cref="TokenContext"/>. /// </summary> /// <param name="httpContext">The current <see cref="HttpContext"/>.</param> /// <param name="clientId">The client identifier of the application.</param> /// <param name="redirectUri">The redirect uri of the application.</param> /// <param name="clientSecret">Client sesret of the application.</param> /// <param name="authorizationCodeOrRefreshToken">Authorization code or refresh token provided by client application.</param> /// <param name="grantType">The OAuth grant type.</param> public TokenContext(HttpContext httpContext, string clientId, Uri redirectUri, string clientSecret, OAuthTicket authorizationCodeOrRefreshToken, OAuthGrantType grantType) : base(httpContext) { ClientId = Guard.ArgumentNotNullOrWhiteSpace(clientId, nameof(clientId)); RedirectUri = Guard.ArgumentNotNull(redirectUri, nameof(redirectUri)); ClientSecret = Guard.ArgumentNotNullOrWhiteSpace(clientSecret, nameof(clientSecret)); GrantType = grantType; if (grantType == OAuthGrantType.AuthorizationCode) { AuthorizationCode = Guard.ArgumentNotNull(authorizationCodeOrRefreshToken, nameof(authorizationCodeOrRefreshToken)); } else { RefreshToken = Guard.ArgumentNotNull(authorizationCodeOrRefreshToken, nameof(authorizationCodeOrRefreshToken)); } }
public virtual async Task <TClient> RegisterClientAsync(string ownerUserName, string name, OAuthGrantType grantType) { Contract.Requires(!string.IsNullOrEmpty(name)); TClient client = new TClient(); client.GrantType = grantType; using (RijndaelManaged cryptoManager = new RijndaelManaged()) { cryptoManager.GenerateKey(); client.Id = BitConverter.ToString(cryptoManager.Key).Replace("-", string.Empty).ToLowerInvariant(); cryptoManager.GenerateKey(); client.Secret = BitConverter.ToString(cryptoManager.Key).Replace("-", string.Empty).ToLowerInvariant(); } client.OwnerUserName = ownerUserName; client.Name = name; client.SecretHash = new PasswordHasher().HashPassword(client.Secret); client.DateAdded = DateTimeOffset.Now; await ClientCollection.InsertOneAsync(client); return(client); }
public virtual async Task <TClient> RegisterClientAsync(string ownerUserName, string name, OAuthGrantType grantType, ITransaction currentTransaction = null) { Contract.Requires(!string.IsNullOrEmpty(name)); TClient client = new TClient(); client.GrantType = grantType; using (RijndaelManaged cryptoManager = new RijndaelManaged()) { cryptoManager.GenerateKey(); client.Id = BitConverter.ToString(cryptoManager.Key).Replace("-", string.Empty).ToLowerInvariant(); cryptoManager.GenerateKey(); client.Secret = BitConverter.ToString(cryptoManager.Key).Replace("-", string.Empty).ToLowerInvariant(); } client.Name = name; client.SecretHash = new PasswordHasher().HashPassword(client.Secret); client.DateAdded = DateTimeOffset.Now; ITransaction transaction = currentTransaction ?? Database.CreateTransaction(); transaction.HashSetAsync(ClientHashKey, new[] { new HashEntry(client.Id, JsonConvert.SerializeObject(client)) }); transaction.SetAddAsync(string.Format(ClientsByUserSetKey, ownerUserName), client.Id); if (currentTransaction == null) { await transaction.ExecuteAsync(); } return(client); }
/// <summary> /// Create token endpoint specific request context. /// </summary> /// <param name="httpContext">The current HTTP request specific <see cref="HttpContext"/>.</param> /// <returns>The task to create the token endpoint specific request context.</returns> /// <exception cref="ArgumentNullException">Specified <paramref name="httpContext"/> is null.</exception> public Task <TokenContext> CreateTokenGrantContextAsync(HttpContext httpContext) { Guard.ArgumentNotNull(httpContext, nameof(httpContext)); //Must be POST request. if (!string.Equals(httpContext.Request.Method, "POST")) { return(Task.FromResult(new TokenContext(httpContext, OAuthErrors.InvalidRequest.UnsupportedHttpMethod.Format()))); } //Conent-Type = application/x-www-form-urlencoded. if (!httpContext.Request.HasFormContentType) { return(Task.FromResult(new TokenContext(httpContext, OAuthErrors.InvalidRequest.UnsupportedContentType.Format()))); } var form = httpContext.Request.Form; //Extract client_id. var clientId = form.GetValue(OAuthDefaults.ParameterNames.ClientId); if (string.IsNullOrWhiteSpace(clientId)) { return(Task.FromResult(new TokenContext(httpContext, OAuthErrors.InvalidRequest.MissingClientId.Format()))); } //Extract redirect_uri var redirectUriString = form.GetValue(OAuthDefaults.ParameterNames.RedirectUri); if (string.IsNullOrWhiteSpace(redirectUriString)) { return(Task.FromResult(new TokenContext(httpContext, OAuthErrors.InvalidRequest.MissingRedirectUri.Format()))); } Uri redirectUri; try { redirectUri = new Uri(redirectUriString); } catch { return(Task.FromResult(new TokenContext(httpContext, OAuthErrors.InvalidRequest.InvalidRedirectUri.Format()))); } //Extract client_secret var clientSecret = form.GetValue(OAuthDefaults.ParameterNames.ClientSecret); if (string.IsNullOrWhiteSpace(clientSecret)) { return(Task.FromResult(new TokenContext(httpContext, OAuthErrors.InvalidRequest.MissingClientSecret.Format()))); } //Extract grant_type var grantTypeString = form.GetValue(OAuthDefaults.ParameterNames.GarntType); if (string.IsNullOrWhiteSpace(grantTypeString)) { return(Task.FromResult(new TokenContext(httpContext, OAuthErrors.InvalidRequest.MissingGrantType.Format()))); } if (!_valideGrantTypes.Contains(grantTypeString)) { return(Task.FromResult(new TokenContext(httpContext, OAuthErrors.UnsupportedGrantType.UnsupportedGrantType.Format(grantTypeString)))); } OAuthGrantType grantType = grantTypeString == "authorization_code" ? OAuthGrantType.AuthorizationCode : OAuthGrantType.RefreshToken; if (grantType == OAuthGrantType.AuthorizationCode) { var code = form.GetValue(OAuthDefaults.ParameterNames.Code); if (string.IsNullOrWhiteSpace(clientSecret)) { return(Task.FromResult(new TokenContext(httpContext, OAuthErrors.InvalidRequest.MissingAuthorizationCode.Format()))); } try { OAuthTicket authorizationCode = _ticketFormat.Unprotect(code); return(Task.FromResult(new TokenContext(httpContext, clientId, redirectUri, clientSecret, authorizationCode, grantType))); } catch { return(Task.FromResult(new TokenContext(httpContext, OAuthErrors.InvalidGrant.InvalidAuthorizationCode.Format()))); } } else { var token = form.GetValue(OAuthDefaults.ParameterNames.RefreshToken); if (string.IsNullOrWhiteSpace(token)) { return(Task.FromResult(new TokenContext(httpContext, OAuthErrors.InvalidRequest.MissingRefreshToken.Format()))); } try { OAuthTicket refreshToken = _ticketFormat.Unprotect(token); return(Task.FromResult(new TokenContext(httpContext, clientId, redirectUri, clientSecret, refreshToken, grantType))); } catch { return(Task.FromResult(new TokenContext(httpContext, OAuthErrors.InvalidGrant.InvalidRefreshToken.Format()))); } } }