private async Task <IActionResult> DoInvalidateToken(TokenRequestParams parameters)
{
var token = await Context.IDENTITY_REFRESH_TOKENS.FirstOrDefaultAsync(x => x.REFRESH_TOKEN == parameters.refresh_token);
if (token == null)
{
return(Ok());
}
Context.Remove(token);
await Context.SaveChangesAsync();
return(Ok());
}
//scenario 2 : get the access_token by refresh_token
private async Task <IActionResult> DoRefreshToken(TokenRequestParams parameters, IDENTITY_CLIENT client)
{
var token = await Context.IDENTITY_REFRESH_TOKENS.FirstOrDefaultAsync(x => x.REFRESH_TOKEN == parameters.refresh_token);
if (token == null)
{
return(BadRequest("Token not found."));
}
if (token.IS_EXPIRED)
{
// Remove refresh token if expired
Context.IDENTITY_REFRESH_TOKENS.Remove(token);
await Context.SaveChangesAsync();
return(BadRequest("Token has expired."));
}
var refresh_token = Guid.NewGuid().ToString().Replace("-", "");
//remove the old refresh_token and add a new refresh_token
Context.IDENTITY_REFRESH_TOKENS.Remove(token);
Context.IDENTITY_REFRESH_TOKENS.Add(new IDENTITY_REFRESH_TOKEN
{
CLIENT_ID = parameters.client_id,
REFRESH_TOKEN = refresh_token,
IDENTITY_REFRESH_TOKEN_ID = Guid.NewGuid().ToString(),
ISSUED_UTC = DateTime.UtcNow,
EXPIRES_UTC = DateTime.UtcNow.AddDays(client.REFRESH_TOKEN_LIFE_TIME),
IDENTITY = token.IDENTITY
});
await Context.SaveChangesAsync();
var user = await Context.USERS.SingleOrDefaultAsync(x => x.UserName == token.IDENTITY);
if (user == null)
{
return(BadRequest("User not found."));
}
return(Ok(GetJwt(parameters.client_id, refresh_token, user)));
}
public async Task <IActionResult> Auth(TokenRequestParams parameters)
{
var data = new TSCContext();
var model = data.USERS.ToList();
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
try
{
// Verify client's identification
var client = await Context.IDENTITY_CLIENTS.SingleOrDefaultAsync(x => x.IDENTITY_CLIENT_ID == parameters.client_id && x.SECRET_KEY == parameters.client_secret);
if (client == null)
{
return(BadRequest("Unauthorized client."));
}
if (parameters.grant_type == "password")
{
return(await DoPassword(parameters, client));
}
else if (parameters.grant_type == "refresh_token")
{
return(await DoRefreshToken(parameters, client));
}
else if (parameters.grant_type == "invalidate_token")
{
return(await DoInvalidateToken(parameters));
}
else
{
return(BadRequest("Invalid grant type."));
}
}
catch (Exception e)
{
throw;
}
}
//scenario 1 : get the access-token by username and password
private async Task <IActionResult> DoPassword(TokenRequestParams parameters, IDENTITY_CLIENT client)
{
//validate the client_id/client_secret/username/password
var user = await Context.USERS.FirstOrDefaultAsync(x => x.UserName == parameters.username);
if (user == null)
{
return(BadRequest("Invalid user infomation."));
}
var passwordHasher = new PasswordHasher <USER>();
var passwordVerificationResult = passwordHasher.VerifyHashedPassword(user, user.PasswordHash, parameters.password);
if (passwordVerificationResult == PasswordVerificationResult.Failed)
{
return(BadRequest("Invalid user infomation."));
}
var refresh_token = Guid.NewGuid().ToString().Replace("-", "");
var rToken = new IDENTITY_REFRESH_TOKEN
{
CLIENT_ID = parameters.client_id,
REFRESH_TOKEN = refresh_token,
IDENTITY_REFRESH_TOKEN_ID = Guid.NewGuid().ToString(),
ISSUED_UTC = DateTime.UtcNow,
EXPIRES_UTC = DateTime.UtcNow.AddDays(client.REFRESH_TOKEN_LIFE_TIME),
IDENTITY = parameters.username
};
//store the refresh_token
Context.IDENTITY_REFRESH_TOKENS.Add(rToken);
await Context.SaveChangesAsync();
return(Ok(GetJwt(parameters.client_id, refresh_token, user)));
}